We help IT Professionals succeed at work.


Spyware is software that aims to gather information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge; it has also come to include programs that engage in various kinds of electronic fraud. Anti-spyware is software that removes or blocks that software; some common vendors include Malwarebytes, McAfee, Spybot-Search and Destroy, Ad-Aware and BitDefender.


referring to above link, it did not give the hash for the malware but I need to check if signature has been released by Trendmicro.

Once I have the hash value, can enter into virustotal to check
Microtech scam/ransomware was on a computer at a remote location.  Said they needed to call a 1800 number to get virus removed.  This user did that and paid $300 dollars to have fake company remove virus.  Got a text from him and said they are in there right now controlling computer and "trying" to remove  virus.  Should he power off right away or should he let them do their thing so he can use his pc again since he paid the money?  I told him to immediatley power off computer and wait for them to call again.
We have 3 apps that a user runs on his computer every other day: 'SUPERAntiSpyware', 'Spy-Bot Search and Destroy' and 'Comodo Antivirus'.  The user runs the 3 apps at that same time whenever cleaning up is desired.  The user would leave theses tools running overnight.

The app 'Comodo Antivirus' never finds a virus.  The apps 'SUPERAntiSpyware' and 'Spy-Bot Search and Destroy' always finds spyware.  In  the morning the user would first click 'SUPERAntiSpyware' to delete or isolate the threats reported and then do the same to 'Spy-Bot Search and Destroy'.  Finally restart the computer.   Note, prior running the apps, the user would run cCleaner to cleanup any junk in his drive.

To-Date, there is no problem we have identified and all seems to be ok.  Our question is more directed to know EE opinion on:

  • Why 'SUPERAntiSpyware' and 'Spy-Bot Search and Destroy' display different results?
(Spy-bot would show registry entries and superantispyware would show files)
  • Any negative effect by running these 3 apps simultaneously?
  • Finally, is it necessary to run cCleaner prior running the apps?
If I use a Solaris server as repository server to get from Internet
ClamAV updates, can it be used by other platform 'satellite'
ClamAV such as Windows, Linux?   Ie can freshclam on
Windows/Linux pull signature updates from a Solaris ?

Are the 3 cvd files (main, daily, bytecode) inter-useable
between Solaris x86, RHEL & Windows ?
What is a good, legitimate antivirus for a Samsung Tab E? I am getting lots of pop ups and the performance is slow.

Thank you.

Hacked e-mail account help required.

Last night a client received an e-mail that starts out:
My nickname in darknet is konstantine23.
I hacked this mailbox more than six months ago, through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

They then list the actual password correctly to her account.  It is an Office 365 account.  She does access her account on her personal laptop, which I will have this afternoon in my possession.   I am currently scanning her work computer, and having everyone else check for the same e-mail in their SPAM folder (Where she found hers).  We are in process of changing password to all of her online accounts (Including e-mail) on another computer, not part of their network.  The business does have a UTM router in place, and logs will be looked at next.  TDSS Killer did not find any rootkits, but more scanning will be done.

Looking for information on this possible.
I'm trying to establish if my Officescan  has Officescan's Ransomware protection below :

Ransomware Protection Enhancements in OfficeScan 11.0 SP1 Critical Patch 6054
Detection details of the OSCE 11.0 SP1 Critical Patch 6054 Ransomware Prevention Summary widget

Above 2 lines are extracted from link below:

Last screen in the attached shows  Scheduled Scan is disabled : is it a good idea to enable it
& I thought to have it enabled either during lunch hours (for users who bring home their
laptops) or in the night (for users who leave their PCs/laptops powered on in the office at night):
I've heard many recommendations that on-demand scheduled scan is quite essential too.
Just that it's hard to determine which laptops are being brought home

attachment is what's shown on my laptop
a couple of years back, Trendmicro's  .DAT file can be searched using (find or grep command) for
certain malware names.

I'm now using OfficeScan V12.0.1352 & I think the signature file is VsapiNT.sys

I'm trying to track if  globeimposter  ransomware is in our current officescan signature &
the 2 links below seems to say that TM has documented them quite some time ago:

but when I searched for "glob"  (I suppose FakeGlobal as it's known to Trendmicro) would have it
listed in the latest VsapiNT.sys signature but it's not there:
appreciate steps on how to list the malwares covered by Officescan's signature file:

C:\foren>find/i "glob" *.sys |more

---------- TMPREFLT.SYS

---------- TMXPFLT.SYS

---------- VSAPINT.SYS
JungUm Global
Corel Global Macro(GMS)
When clicking "Disable these  Cookies" we get a message of 3rd cookies to select (see below).   We noticed that all are SQL.  Can some EE explain why these cookies?  Why SQL have 3rd party cookies? - please shed some light on the topic

Spybot issue
Without saving an email's attachment & then manually (ie on-demand) scan the
saved file, is there any AV that could auto-scan (ie in almost real-time or on-access)
an email attachment (even before the user double-click/open the attachment)?

Can BitDefender or Trend's Officescan do the above?
I've seen an ex-colleague blocking file extensions from being created using a feature in McAfee
(can't recall the name).

Can someone provide the steps to do this in Trendmicro Officescan's management console?
What's this feature called in Officescan?
Symantec Endpoint Protection Manager not getting updates after upgrading to 14.2 build 770

upgraded my symantec server to latest version and no live updates is getting downloaded, i uninstalled live update and reinstalled. also registered with SEPM via command prompt
What is the easiest and most effective way to get rid of the Trojan.JS.Dropper.E?
I have a Windows 10 Desktop PC.

I turn on my computer and noticed these windows on my desktop as soon as I turned on my computer.

ads on  my desktop pc
I googled it and read that these are scam ads wanting you to click on them.

How do i remove them? Anyone know?

I ran Spybot - Search & Destroy but it didn't find anything.
I ran Windows Defender and it didn't find anything also.
Is there any better Anti-virus tool in Windows server? In the attached screenshot, would Clamwin further totally remove the virus or not?
If you have a Sonicwall to protect the network and Anti-Virus on each computer/server, is it safe to turn off Windows Firewall?
Are 32 bit computers at a higher risk of Anti-Virus, Malware or Ransomware infections?

We have a few left and I need to know if I should trash them ASAP.
Hi all,

we are searching for the best endpoint protection available for SMB. I am looking for the top 3. Currently we are working with Kaspersky Endpoint Security.

Anyone any suggestions?

Thank you,
can an installed .exe file on windows os see all my key strokes
I have a custom made .exe file that appears to me to run correctly
but may have additional secret permissions

by installing any program
could a keylogger be built in

dont just tell me to run virus scan
I have an issue where I'm sure someone is hacking our network, specifically four machines.  I have witnessed them going into my home folder and deleting my trash on these machines.  They are also able to change the camera settings.  For example, they're zooming in to locations.  They are doing playback.  This all happens between the hours of 12am-2am.

I'm using:
Windows 10
Palo Alto Networks
Security Camera Milestone software.  https://www.milestonesys.com
The cameras are made by Mobitics.

What I've narrowed it down to is this happens when the security camera milestone software is up and running on the four machines.  When I turn that software off there's no connectivity or suspicious things going on.

What I need to know is how do I find out who is doing this?  How can I get an IP address?  Are they inside my network or outside my network?

I would even appreciate a recommendation of a security company that knows how to track intruders down.

I've checked the parking lot and areas of the campus to see if someone is psychically here, but I don't see anyone.  I've also contacted Milestone software and they've recommended I change my password and the camera's password, but we are still having an issue.
Has anyone implemented a rule on  ESET ERA Admin Portal which blocks USB devices but still allows phones to be charged?
AV software best compatible with O365. Any suggestion? Local outlook emails? Thanks
A Trickbot Infestation has ravaged my network. It has wormed its way on to all workstations and servers. Does anyone know how to eradicate it and keep it from re-infecting other computers? If not, does anyone know of a company that specializes in removing this particular malware. I've tried different malware software removal tools and they identify and  remove it but it keeps coming back.
A friend is using Windows 10 (which is kept up to date).
He also has AVG Antivirus.
He normally uses Paypal for purchases (without any problems).

This morning, within an hour of using his actual Visa Debit Card on Government
website (motortax.ie) his card number was fraudulently used on some dating website.
(The bank phoned and cancelled the transaction and his card).

I'm going to run some scans tomorrow
- MalwareBytes scan in safe mode
- Hitman pro

Any other suggestions?
Good evening Experts,
I have just been repairing my computer from a malicious virus. I could not use virus/malware software (MalwareBtyes, Superantispyware, and Spyhunter, on my machine because the malware/virus disabled them, so I used BitDefenders Rescue usb to kill most of the problems. I finished off the rest of the malware/viruses using my regular software (MalwareBtyes, Superantispyware, and Spyhunter). The system stable except for a couple of issues:
1.      My folder indexing does not work and I would like an expert to help me fix it. However I did download a free search program call everything and it is more robust than the Windows 10 index\search. I still need a solution for why the windows indexing\search is not letting me search inside of folders.
2.      This second issue is more critical than the previous one. For some reason when I login to any of my accounts: THANOS, IMRIC , ADMINISTRATOR, the desktop icon for the user profile defaults to (Folders)

Any help the experts can give me will be appreciated.
Regis Hyde (BlackTHanos)


Spyware is software that aims to gather information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge; it has also come to include programs that engage in various kinds of electronic fraud. Anti-spyware is software that removes or blocks that software; some common vendors include Malwarebytes, McAfee, Spybot-Search and Destroy, Ad-Aware and BitDefender.