If you want to be 100% sure your system is clean what would you run?
If you have a system that does not have any apparent problems but you just want to be sure it is clean and there is nothing totally hidden what would you run in addition to Micro$oft Security E$$entials, Spybot, and Malewarebytes full scans?
I'm looking for tools that are relatively easy to run but will help put the mind at ease that your system is clean.
Thanks,
I'm looking for tools that are relatively easy to run but will help put the mind at ease that your system is clean.
Thanks,
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Just to add my 2 cents. I run spybot, malware bytes AND adaware as well as virus protection. The most important thing is to keep all of them current.
Aside from all the software solutions all the experts have mentioned (all were excellent), the one other highly effective thing to do is train your clients to be "good" users, inform them they haven't won anything, very little in this world is free, their bank doesn't want verification of their social security number, etc. Train them in what many IT professionals feel is common sense; not opening every attachment, use a work computer for work and not play, help your clients create strong written acceptable use policies, then instruct them how to enforce them. By providing some of this "common sense" information, you will build stronger bonds with your existing clients.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Microsoft last year came out with am excellent free AV/AM called SecurityEssentials, free to all genuine Windows that is.
What lancecurwensville said is an excellent point, you need to make your users aware of the ABCs of security. Users should not turn off their AV because it slows them down too much or such nonsense. Users should not have "no password" or an easy to guess password of "123456" or "password" etc.
What lancecurwensville said is an excellent point, you need to make your users aware of the ABCs of security. Users should not turn off their AV because it slows them down too much or such nonsense. Users should not have "no password" or an easy to guess password of "123456" or "password" etc.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Basically what we are all attempting to say is the ONLY way to be 100% sure is to unplug the computer and put it away in a secure room and never turn it on.
On the other hand, there are a multitude of tools out there and finding the right combination is a daunting task. I have a standard that any machine I work on has Malware Bytes, Spybot and Adaware installed and updated. Since there are so many virus software packages out there it is hard to dictate to a user what they should use.
ocanada techguy mentioned running multiple virus softwares. I have done that in the past however you need to be careful as some of them don't work well with others (Symantic) and will actually end up causing other issues. (Norton with another is known to give you a BSOD)
On the other hand, there are a multitude of tools out there and finding the right combination is a daunting task. I have a standard that any machine I work on has Malware Bytes, Spybot and Adaware installed and updated. Since there are so many virus software packages out there it is hard to dictate to a user what they should use.
ocanada techguy mentioned running multiple virus softwares. I have done that in the past however you need to be careful as some of them don't work well with others (Symantic) and will actually end up causing other issues. (Norton with another is known to give you a BSOD)
Not to mention running as a limited user account. Takes some people a bit to get used to it, but it does limit an incoming infection to thier profile only, while preventing (in most cases) damage to the system as a whole....
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the info everyone. I agree nothing is 100%, I would be happy for 99% :)
I see a lot of people mention ComboFix so I will have to try that one out. The Bleeping Computer site is
the only one that has the official download right?
I'm going to try the TDSSKiller scan too.
rpggamergirl,
You mentioned that some scanners won't find key loggers, does that include TDSSKiller and ComboFix? I'll try out IceSword too.
Are there any other good rootkit scanners I should look at?
Thanks,
I see a lot of people mention ComboFix so I will have to try that one out. The Bleeping Computer site is
the only one that has the official download right?
I'm going to try the TDSSKiller scan too.
rpggamergirl,
You mentioned that some scanners won't find key loggers, does that include TDSSKiller and ComboFix? I'll try out IceSword too.
Are there any other good rootkit scanners I should look at?
Thanks,
Every scanner has its own strong points, some finds more than others.
Some scanners automatically fixes while others need user input to remove rootkits.
TDSSKiller is a good rootkit scanner, it's specialized for TDSS rootkits also known as alureon or Tidserv, excellent for TDL3, and TDL4 which infects mbr.
ComboFix is an all-round scanner that also detects and remove TDSS rootkits, also fixes mbr infections. But it isn't a "scan and forget it" kind of scanner. It needs user input some of the time because CF won't remove every bad files in its first scan. Some bad files that CF doesn't recognized needs a script or those hard to remove infections often need a script for them to be removed. That's why the tutorial warns not to run it unless a Helper is guiding you who can analyze the log and make the right script.
IceSword is good too, but careful on what to remove since AFAIK it doesn't have a backup, and of course FP happens. ComboFix action, btw is reversible as it create backups so any deleted files can be restored and the system's state can be restored back to the way it was before the scan if RC is installed.
In IceSword, you can get logs from these sections:
Processes,
Startup,
Win32 Services
If using IceSword, take note of red entries from Processes, Startup, Win32 Services, and SSDT, and checks the Message Hooks function and take note of the Process Path for any entries that are Type WH_KEYBOARD (for keyloggers).
Gmer is another good rootkit scanner but needs user input to delete any bad files.
Some scanners automatically fixes while others need user input to remove rootkits.
TDSSKiller is a good rootkit scanner, it's specialized for TDSS rootkits also known as alureon or Tidserv, excellent for TDL3, and TDL4 which infects mbr.
ComboFix is an all-round scanner that also detects and remove TDSS rootkits, also fixes mbr infections. But it isn't a "scan and forget it" kind of scanner. It needs user input some of the time because CF won't remove every bad files in its first scan. Some bad files that CF doesn't recognized needs a script or those hard to remove infections often need a script for them to be removed. That's why the tutorial warns not to run it unless a Helper is guiding you who can analyze the log and make the right script.
IceSword is good too, but careful on what to remove since AFAIK it doesn't have a backup, and of course FP happens. ComboFix action, btw is reversible as it create backups so any deleted files can be restored and the system's state can be restored back to the way it was before the scan if RC is installed.
In IceSword, you can get logs from these sections:
Processes,
Startup,
Win32 Services
If using IceSword, take note of red entries from Processes, Startup, Win32 Services, and SSDT, and checks the Message Hooks function and take note of the Process Path for any entries that are Type WH_KEYBOARD (for keyloggers).
Gmer is another good rootkit scanner but needs user input to delete any bad files.
Um, I'll ask you to reconsider and put it back. I was made aware of the rule, so I'm pretty sure I did not refer the asker to another forum, unless I made a mistake, in which case I apologize.
If I recall I think I said some tools outputs are complex and daunting, and so need help of experts via forums to do that. I didn't say that wasn't here, did I?
If I recall I think I said some tools outputs are complex and daunting, and so need help of experts via forums to do that. I didn't say that wasn't here, did I?
ASKER
Thanks for lal the info. This will give me some more tools to look at.
Otherwise, I run DBAN and a good antivirus (the "good" part eliminates anything made by Symantec).
should have read:
Otherwise, I run Malware Bytes and a good antivirus (the "good" part eliminates anything made by Symantec).
And to put another way - when 99% is good enough, Malware Bytes and a good antivirus (lately, VIPRE by Sunbelt/GFI).