Solved

Anti-root, anti-virus

Posted on 2013-11-09
15
361 Views
Last Modified: 2013-12-02
I use rogue killer and rkill before using mbam.  Any other suggestions for a "new" used laptop I just bought?  Is MSE sufficient?  Does it hurt to  run an anti-spyware program every week or so?
0
Comment
Question by:RaiderNationDelegate
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 3
  • +1
15 Comments
 
LVL 11

Accepted Solution

by:
Gregory Miller earned 300 total points
ID: 39636086
First, it never HURTS to run a good anti-malware tool on demand.
MSE is decent but I would not give it too much faith.
MBAM is the best of breed but I would not run it in real-time as it has some significant overhead.
A good AV in real-time and a selection of good tools to run on demand when needed is a good plan. Personally, I use the non-free version of AVG with MBAM and Super Anti-Spyware installed and ready to run if required. All three will allow safe mode use which is important to properly clean, if the bug gets past the AVG as first defense.

There is not much difference between the paid and full version of AVG except that you can only schedule one update per day but you can manually update as often as you like plus the scheduled scans can only be set for one time per day on the free version and the paid is schedule anything the way you want.
0
 

Author Comment

by:RaiderNationDelegate
ID: 39636115
Thank you techno-
Few questions:
1-what is the value of rogue killer/rkill and any others? My sense was that they were good for pre mbam scans.
2-Should I run most scans in safe mode?

FYI, MSE is my firewall. It runs a scan every weeks at 2 am.  

Any other ideas?
0
 
LVL 11

Assisted Solution

by:Gregory Miller
Gregory Miller earned 300 total points
ID: 39636132
I do not use RKill but have seen it. No reason other than I am happy with what I have always used. That said, I have no problem trying new things in a pinch and I get good community feedback. Go with what you know and then branch out if necessary.

I assume that MSE was Microsoft Essentials? Is this not what you are talking about? Unless you NEED a firewall on your computer, I would disable the personal firewall completely. If your IP address on your computer  begins with 192.168.x.x or 10.x.x.x or 172.16.x.x then you are behind a NATting router which is the only firewall protection that you realistically need. Exceptions to this rule exist and you should evaluate your needs based on your network. Do not take my advice on this exclusively. Example, your network is shared with others which you do not trust. Example, your computer gets a public IP address from the internet. Example, you connect to a lot of public internet access points. In these cases, having a firewall would be good. Maybe you can disable in your known safe spots but when you go to Starbucks for a Latte, for heaven sake, turn it on...
0
SendBlaster Pro 4 - Bulk Email Sending Software

SendBlaster 4 Pro - Best Bulk Emailing Sending Software
Automatic Subscribe / Unsubscribe Processing
Great for Newsletters & Mass Mailings
Optional HTML & Text Composition
Integration with Google Features
Built in Spam Score Checking
Free Professional Templates - Feature Packed!

 
LVL 11

Assisted Solution

by:Gregory Miller
Gregory Miller earned 300 total points
ID: 39636139
Sorry, the only way to remove most malware these days is in safe mode and even then some require more dramatic steps to remove. Very situational. I would not necessarily start an initial scan in Safe mode since it will take 3 times longer to complete. Run the initial scan in standard mode and if you find something that is not able to be removed, then scan and treat in Safe Mode.
0
 
LVL 24

Assisted Solution

by:aadih
aadih earned 150 total points
ID: 39636269
Many people (in my opinion and experience) are protected sufficiently by MSE or WindowsDefender, if they practice safe browsing habits.

Most people use free antivirus programs (Avast, AVG, Avira, Panda Cloud antivurus, etc) in place of MSE and WindowsDefender.

In case they suspect an infection, they use MBAM to scan and clean (not from the safe mode, however).

I may be wrong, but from your question (re: Rogue killer and Rkill)  my guess is you are more of a risk taker, You know best, however, what is best for you. FWIW, my recommendation is to use Avira or Panda as a real-time protection and use MBAM in case of a suspected or a real infection. Also no harm in scanning with MBAM every week.

[If required, however, heavier guns are always available.]
0
 

Author Comment

by:RaiderNationDelegate
ID: 39636379
It's a used computer. I have no idea where it has been.
0
 
LVL 11

Assisted Solution

by:Gregory Miller
Gregory Miller earned 300 total points
ID: 39636947
In that case, an OS reload would be your best bet to set your baseline and give yourself peace of mind.
0
 
LVL 24

Assisted Solution

by:aadih
aadih earned 150 total points
ID: 39636995
Recommendation: Follow Technodweeb's advice. Then install a good antivirus software, and MBAM for occasional cleaning.
0
 

Author Comment

by:RaiderNationDelegate
ID: 39637273
I'll do that. What's the best HD wiping method? DBAN?
0
 
LVL 11

Assisted Solution

by:Gregory Miller
Gregory Miller earned 300 total points
ID: 39637302
Just kill the partitions during the install process. No extraordinary steps required.
0
 
LVL 24

Assisted Solution

by:aadih
aadih earned 150 total points
ID: 39637313
As suggested by Technodweeb, no DBAN or any other disk-wiping software is required.
0
 

Author Comment

by:RaiderNationDelegate
ID: 39655088
Techndweeb
 You said this:Just kill the partitions during the install process.
How do you do this?
0
 
LVL 11

Assisted Solution

by:Gregory Miller
Gregory Miller earned 300 total points
ID: 39655309
when you get to the point of configuring the drive in the machine you will have an option to delete partitions. Just delete all partitions. Do not create any partitions or format them. Choose the one unpartitioned disk to install to. Good to go..!
0
 
LVL 38

Assisted Solution

by:BillDL
BillDL earned 50 total points
ID: 39656749
RaiderNationDelegate

RKill is just as it describes here:
http://www.bleepingcomputer.com/download/rkill/
A program that kills known malicious processes that may otherwise prevent you from running other anti-malware scans.  A lot of viruses deliberately block applications to try and prevent their removal, which is why this program itself comes with different names and file extensions.

Rogue Killer (http://www.bleepingcomputer.com/download/roguekiller/) does the same thing but delves much deeper, concentrating on rootkits hiding in the boot sector of hard drives, hooked into other processes in memory, and so on.

It was said quite emphatically earlier: "the only way to remove most malware these days is in safe mode".   The idea behind programs like RKill is to suppress some malicious processes sufficiently so as to allow scanning, detection, and removal of malware that would otherwise probably have required doing a boot-time scan with a "Live CD" or a "Safe Mode Scan".  If you want to apprehend burglars in the act breaking into houses you usually have to go out in soft shoes at night while they are actively doing so, not treading heavily in the safety of daytime when the burglars are all in bed and you have to then try and find where they live.

Everybody has their preferred AntiVirus application, but how exactly do you prove that one is better than another?  it is almost impossible to evaluate this yourself unless you have a hornet's nest worth of malware to deliberately release on a computer running one AV application, guage how many it caught and killed, then wipe the computer and release the wasps on yet another AV application.  Most good PC Magazines have web versions of their publications in which AV applications are regularly tested and evaluated in this way.  That's about as close as you and I are going to get to knowing how good the various offerings are in terms of detection rate.  The rest is personal preference, such as how configurable the software is, how much it slows down the computer while you are using it normally, and so on.   Even a very highly regarded antivirus product can be as bad as one with a very low detection rate if it is not configured correctly and kept updated.

I think that Comment ID: 39636269 by aadih is a sensible one in this respect.

Personally I would be tempted to buy a brand new hard drive if I was to buy a 2nd-hand laptop at the moment.  If money was tight there is plenty advice above about flattening the hard drive and reinstalling Windows.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 39690529
Thank you RaiderNationDelegate
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million…
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question