• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 384
  • Last Modified:

Anti-root, anti-virus

I use rogue killer and rkill before using mbam.  Any other suggestions for a "new" used laptop I just bought?  Is MSE sufficient?  Does it hurt to  run an anti-spyware program every week or so?
0
RaiderNationDelegate
Asked:
RaiderNationDelegate
  • 6
  • 4
  • 3
  • +1
10 Solutions
 
Gregory MillerGeneral ManagerCommented:
First, it never HURTS to run a good anti-malware tool on demand.
MSE is decent but I would not give it too much faith.
MBAM is the best of breed but I would not run it in real-time as it has some significant overhead.
A good AV in real-time and a selection of good tools to run on demand when needed is a good plan. Personally, I use the non-free version of AVG with MBAM and Super Anti-Spyware installed and ready to run if required. All three will allow safe mode use which is important to properly clean, if the bug gets past the AVG as first defense.

There is not much difference between the paid and full version of AVG except that you can only schedule one update per day but you can manually update as often as you like plus the scheduled scans can only be set for one time per day on the free version and the paid is schedule anything the way you want.
0
 
RaiderNationDelegateAuthor Commented:
Thank you techno-
Few questions:
1-what is the value of rogue killer/rkill and any others? My sense was that they were good for pre mbam scans.
2-Should I run most scans in safe mode?

FYI, MSE is my firewall. It runs a scan every weeks at 2 am.  

Any other ideas?
0
 
Gregory MillerGeneral ManagerCommented:
I do not use RKill but have seen it. No reason other than I am happy with what I have always used. That said, I have no problem trying new things in a pinch and I get good community feedback. Go with what you know and then branch out if necessary.

I assume that MSE was Microsoft Essentials? Is this not what you are talking about? Unless you NEED a firewall on your computer, I would disable the personal firewall completely. If your IP address on your computer  begins with 192.168.x.x or 10.x.x.x or 172.16.x.x then you are behind a NATting router which is the only firewall protection that you realistically need. Exceptions to this rule exist and you should evaluate your needs based on your network. Do not take my advice on this exclusively. Example, your network is shared with others which you do not trust. Example, your computer gets a public IP address from the internet. Example, you connect to a lot of public internet access points. In these cases, having a firewall would be good. Maybe you can disable in your known safe spots but when you go to Starbucks for a Latte, for heaven sake, turn it on...
0
On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
Gregory MillerGeneral ManagerCommented:
Sorry, the only way to remove most malware these days is in safe mode and even then some require more dramatic steps to remove. Very situational. I would not necessarily start an initial scan in Safe mode since it will take 3 times longer to complete. Run the initial scan in standard mode and if you find something that is not able to be removed, then scan and treat in Safe Mode.
0
 
aadihCommented:
Many people (in my opinion and experience) are protected sufficiently by MSE or WindowsDefender, if they practice safe browsing habits.

Most people use free antivirus programs (Avast, AVG, Avira, Panda Cloud antivurus, etc) in place of MSE and WindowsDefender.

In case they suspect an infection, they use MBAM to scan and clean (not from the safe mode, however).

I may be wrong, but from your question (re: Rogue killer and Rkill)  my guess is you are more of a risk taker, You know best, however, what is best for you. FWIW, my recommendation is to use Avira or Panda as a real-time protection and use MBAM in case of a suspected or a real infection. Also no harm in scanning with MBAM every week.

[If required, however, heavier guns are always available.]
0
 
RaiderNationDelegateAuthor Commented:
It's a used computer. I have no idea where it has been.
0
 
Gregory MillerGeneral ManagerCommented:
In that case, an OS reload would be your best bet to set your baseline and give yourself peace of mind.
0
 
aadihCommented:
Recommendation: Follow Technodweeb's advice. Then install a good antivirus software, and MBAM for occasional cleaning.
0
 
RaiderNationDelegateAuthor Commented:
I'll do that. What's the best HD wiping method? DBAN?
0
 
Gregory MillerGeneral ManagerCommented:
Just kill the partitions during the install process. No extraordinary steps required.
0
 
aadihCommented:
As suggested by Technodweeb, no DBAN or any other disk-wiping software is required.
0
 
RaiderNationDelegateAuthor Commented:
Techndweeb
 You said this:Just kill the partitions during the install process.
How do you do this?
0
 
Gregory MillerGeneral ManagerCommented:
when you get to the point of configuring the drive in the machine you will have an option to delete partitions. Just delete all partitions. Do not create any partitions or format them. Choose the one unpartitioned disk to install to. Good to go..!
0
 
BillDLCommented:
RaiderNationDelegate

RKill is just as it describes here:
http://www.bleepingcomputer.com/download/rkill/
A program that kills known malicious processes that may otherwise prevent you from running other anti-malware scans.  A lot of viruses deliberately block applications to try and prevent their removal, which is why this program itself comes with different names and file extensions.

Rogue Killer (http://www.bleepingcomputer.com/download/roguekiller/) does the same thing but delves much deeper, concentrating on rootkits hiding in the boot sector of hard drives, hooked into other processes in memory, and so on.

It was said quite emphatically earlier: "the only way to remove most malware these days is in safe mode".   The idea behind programs like RKill is to suppress some malicious processes sufficiently so as to allow scanning, detection, and removal of malware that would otherwise probably have required doing a boot-time scan with a "Live CD" or a "Safe Mode Scan".  If you want to apprehend burglars in the act breaking into houses you usually have to go out in soft shoes at night while they are actively doing so, not treading heavily in the safety of daytime when the burglars are all in bed and you have to then try and find where they live.

Everybody has their preferred AntiVirus application, but how exactly do you prove that one is better than another?  it is almost impossible to evaluate this yourself unless you have a hornet's nest worth of malware to deliberately release on a computer running one AV application, guage how many it caught and killed, then wipe the computer and release the wasps on yet another AV application.  Most good PC Magazines have web versions of their publications in which AV applications are regularly tested and evaluated in this way.  That's about as close as you and I are going to get to knowing how good the various offerings are in terms of detection rate.  The rest is personal preference, such as how configurable the software is, how much it slows down the computer while you are using it normally, and so on.   Even a very highly regarded antivirus product can be as bad as one with a very low detection rate if it is not configured correctly and kept updated.

I think that Comment ID: 39636269 by aadih is a sensible one in this respect.

Personally I would be tempted to buy a brand new hard drive if I was to buy a 2nd-hand laptop at the moment.  If money was tight there is plenty advice above about flattening the hard drive and reinstalling Windows.
0
 
BillDLCommented:
Thank you RaiderNationDelegate
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 4
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now