Anti-Virus Apps

22K

Solutions

23K

Contributors

Anti-virus software was originally developed to detect and remove computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious layered service providers (LSPs), dialers, fraud tools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity theft (privacy), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT), botnets and DDoS attacks.

Share tech news, updates, or what's on your mind.

Sign up to Post

Curious about the latest ransomware attack? Check out our timeline of events surrounding the spread of this new virus along with tips on how to mitigate the damage.
6
 
LVL 7

Expert Comment

by:Nicholas
Comment Utility
1
Creating Instructional Tutorials  
Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
2
 
LVL 11

Expert Comment

by:Andrew Leniart
Comment Utility
An interesting and well thought out article Thomas. Thanks for writing it.  

Whilst I continue to stand by the opinions I've shared before on this topic, you've presented some interesting points to ponder here, the VM options in particular. With regards to this though;
the malware cannot spread outside of that VM
I'd add that while not a common occurrence, it's not beyond the realms of possibilities for an infection to escape a VM and also infect the host operating system. Correct network and sharing configurations of a virtual machine [and its host] are of particular importance here.

 Thanks for sharing.
0
 
LVL 29

Author Comment

by:Thomas Zucker-Scharff
Comment Utility
Andrew,

Thanks for the comment.  I realize that there is a possibility of malware spread outside a vm. The thing is I have never personally  seen this happen. I have generally seen quite the opposite..
0
ScamAlert
An introduction to the wonderful sport of Scam Baiting. Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
9
 

Expert Comment

by:Timothy Harrison
Comment Utility
Andrew. I am a Nigerian. The situation you highlighted is truly deep. The average street boys over here (14yrs and above)  especially in my area search for money through these means. They even have clicks to receive scamming training.

In my experience, I would advise guys over there not to be greedy (especially when they receive juicy invitations to make ridiculously huge  money you didn't earn). I truly wish people would wise up and not fall for such scams. Because the success of some scammers deceives the younger ones into choosing to become scammers. (I already have over 7 on my street alone.
2
 
LVL 11

Author Comment

by:Andrew Leniart
Comment Utility
Andrew. I am a Nigerian. The situation you highlighted is truly deep.
Hi Timothy, whilst it's true that a lot of the scams I'm talking about originate from Nigeria, hence the "419" reference, which I understand was derived from the Nigerian Criminal Code Act-Part VI and are prolific there, it's not only Nigerians that partake in this sort of criminal practice.

Indeed, many scams are conducted from countries from all over the world.. USA, Great Britain, Australia, pretty much anywhere. It's not just 419 scams either - scammers have turned to every imaginable way to try and trick people out of their hard earned cash.

You have your Love Scams, where scammers target the lonely. Tech Scams (found to be prolific in Indian regions) where they try and pretend to be Microsoft Technicians. Just about every subject matter from every country imaginable!

The Race of a scammer doesn't come into it for me - just because someone may be Nigerian or Indian or whatever, it doesn't mean they're dishonest. Thieves come from all walks of life.
In my experience, I would advise guys over there not to be greedy (especially when they receive juicy invitations to make ridiculously huge  money you didn't earn). I truly wish people would wise up and not fall for such scams.
You make an excellent point there Timothy.  Not all victims are blameless and there is undoubtably greed involved on some of those that fall prey to many of these schemes. Each case should therefore be viewed on its own individual merits. It is also a reason why many victims prefer to suffer in silence rather than report their losses to the authorities.

Thank you for your contribution to this topic. Always great to hear and explore other points of view.
1
Doxware
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
2
Ransomware
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
3
 
LVL 37

Expert Comment

by:Mahesh
Comment Utility
Hi
If you could please post / incorporate some examples as well how Ransomware encrypt our data and further ask for payments to decrypt data..it will be really helpful.
Unless we come to know what exactly it can target, we would not realize its impact and importance
Article looks well and can give good start

Mahesh.
0
Crypto Ransomware
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
5
I previously wrote an article addressing the use of UBCD4WIN and SARDU. All are great, but I have always been an advocate of SARDU. Recently it was suggested that I go back and take a look at Easy2Boot in comparison.
2
 

Expert Comment

by:Steve Si
Comment Utility
If the exe contains a bootable image, you can try unzipping it to see what is inside. Sometimes it will work if you use MPI_FAT32 to convert it to a .imgPTN file but it really depends on what is inside it (oftem there is an ISO or IMG file???). EXE files are not normally bootable, they need to be connverted into bootable media somehow...?
0
 
LVL 29

Author Comment

by:Thomas Zucker-Scharff
Comment Utility
I will continue to run them in a windows environment then (UBCD4Win or something similar).  My understanding of Linux is not great, as you may already have ascertained.  I was hired by a NIX person 20+ years ago who sat me down in front of a sparcstation 20/60, gave me the root login credentials and told me to figure it out.  Needless to say, it was  a steep learning curve, and I hold those who are conversant in 'NIX flavors in high regard.
0
The Ransomware Menace
There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million dollar business.
5
 
LVL 64

Expert Comment

by:btan
Comment Utility
Recently there is also a ID ranswore toolkit which may be handy for identification though it may not be 100% since it is still signature based.
https://id-ransomware.malwarehunterteam.com/index.php
0
 
LVL 29

Author Comment

by:Thomas Zucker-Scharff
Comment Utility
Thanks for the link btan.  The one I am looking at, Ransomware Detection Service, is similar to the one you point to, but console based instead of web based.  Also it is more for looking at network shares and identifying where an infection originated than anything else.  It should be noted that the website you linked is indeed an ID website and specifically says:

Can you decrypt my data?

No. This service is strictly for identifying what ransomware may have encrypted your files

Which is pretty much the same as RDS.
0
In Part 2 of the Anti-Malware series, we looked at an overview of the most common classifications of malware. While many users may believe that there may be a “do-all” software solution that can clean and protect your system, the reality is that no single program is available that can remove all threats from your computer while protecting you from new ones. Here we will learn about a common practice of arsenal-scanning a system with various software titles in order to clean an infected system.

-------------------------
Before we begin, please note that the act of disabling, quarantining and removing unknown files and programs could potentially disable an operating system. If you are uncertain when an anti-malware scanner offers to delete a files or program or if unsure how to use a specific scanner, please seek assistance and further advice from the Experts-Exchange community by opening a Question.
-------------------------

To start out, you will need to create your ‘arsenal’.  Some of the more popular programs like ADWCleaner, Malwarebytes Anti-Rootkit, Hitman Pro and ComboFix** can be downloaded free of charge (or as free trials) from their respective hosts.

For your first scan, I recommended that the PC be booted into Safe Mode
8
 

Expert Comment

by:DJ0429
Comment Utility
Great series of articles!
0
In Part 1 of the Anti-Malware series, we looked at the symptoms that may indicate that your system is infected.  With so many different classes of malware, each having their own various ways of inflicting damage to computers and networking components, it is essential to have a basic understanding of their structure and classification in order to combat those threats.  While many users tend to use the words virus, worm and Trojan as synonyms, they are actually very distinct classifications of malware, each with distinct identifiers. Below is an overview of the most common types of Malware.

Classification
Virus
A virus is a type of malware that propagates by creating copies of itself and becoming part of another program or action. In other words, they are able to spawn copies of themselves. They are designed to spread from component to component (host to host) and range in severity from the mild (annoying) to the disastrous (damaged data). Most viruses are attached to some type of executable file or script, which means that a virus can lay dormant until such time that it is executed. Once the virus has been executed, the viral portion works on attaching itself to other programs and files, while the body focuses on the designed intent, i.e. registry manipulation, file deletion, etc.  Some viruses can actually …
5
2017 Webroot Threat Report
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

If working in the IT industry has taught us anything, it is that every day breeds a new adventure, or nightmare in some cases. From routine tasks such as basic Technical Support and Hardware Installation to Network Administration, there is always that one task or duty that will stand your hair on end and bring a productive day to a screeching halt. For me, along with many other users, that task involves identifying and removing malware.

Malware, short for malicious software, is a script or software that is specifically designed to undermine, disrupt, damage, steal or otherwise inflict negative actions against data, computers, networks or networking components. Now, for anyone who works in an IT related field, it may seem a simple or routine task to find, flush out and destroy malware threats, but for the average user it can prove to be a confusing and/or daunting task. What is it?  Where did it come from? How do I get rid of it?  How can I prevent this from happening again?

The first step in removing malware is identification. Since no two threats are the same, we will need to look at your symptoms in order to help classify what type of threat we are dealing with.

Symptoms

My browser was hijacked!
One of the most common malware items you will see involves browser hijacking; also known as web hijacking or homepage hijacking. In this scenario, a web browser, such as Internet Explorer, is the first target. The web browser’s …
2
There is a new version of the FBI Ransomware moneypak scam that I just encountered and thought I would share the cleanup instructions with the group.

For the uninitiated,  the FBI Ransomware virus takes over the user interface and prevents any user interaction with the desktop or system tools. Therefore, it can be difficult to identify the offending code and remove it. Since the initial code looks fairly benign, most antivirus programs will let it pass. In the case I was working on, the customer was using ESET which is normally very good at catching both known and suspected malware.

This variant digs in a little deeper and is a little harder to remove than its predecessor, especially if it is not a domain computer.

The new version of the FBI Ransomware now says Homeland Security and ICE Cyber something something.  They use stolen imagery from legitimate web sites to give it an official look. The original one used the FBI's own website masthead.

The function is the same, try to get moneypak funds. It displays the webcam if available and promises to unlock the computer if you pay them your "fine".

This is still a profile infection but it is a little harder to clean. The first step is to clean out the user's profile AppData/Temp folder to remove the offending binary. If it is a domain machine, just do this through the admin share (\\machine\c$). If it is not, you need to have bootable media that will allow you to access the hard drive. Just delete everything in …
3
 
LVL 38

Expert Comment

by:lherrou
Comment Utility
Nice tip! I hit the YES button for helpful article above.
0
Topic:

VIPRE Email Security:

VIPRE for Exchange is a third-party server-side security program that handles messaging security: spam, virus, disclaimers, content auditing/filtering, smart attachment filtering, etc.
It protects your network against spam, phishing, viruses and other messaging security threats, and provides you with flexibility and reliability through rule-based parameters at user, group, or organizational levels.

Problem:

No Spam folder in Outlook. Spam folder is not created after the product is installed.

After installing VIPRE Email Security it does not created a 'spam' folders in outlook and moving the spam to them in Outlook.  It uses Autodiscover to initially create the folders when the first spam message is found and then move the spam emails to that folder everytime after that.  It is catching spam but then it just delivers it to the inbox because it cannot create the folder or move the message to that folder.

VIPRE Email Security (NinjaPimSvc.exe-date.log)

Error getting root folder: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.     at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, …
0

Introduction

With the growing issue of malicious software circulating on the Internet, it is becoming increasingly likely that anyone working in the computing industry will come across malware at some stage of their career.

It may be that you encounter malware in your job. A friend or family member may be infected and ask you to look at their system. It may even be that you're infected yourself. Whatever the reason for your interaction with a malicious piece of software, it is imperative you have a safe environment in which to conduct analysis.

This article aims to provide a valuable resource for anyone aiming to build a malware analysis lab and provide useful guidance of the type of platform to use and the types of software you may wish to utilise within your lab environment.

Virtualisation

One of the first considerations you will have to make is what virtualisation software you will employ to provide the platform on which to create your lab.

In computing terms, virtualisation refers to the techniques and methods of emulating a physical system. This may encompass everything you encounter on your own system such as virtual hardware, storage devices, network resources and operating systems.

The theory is that a host PC, usually a physical system, can be used to run a guest operating system. This means that, if you run a Linux based host, you can run Microsoft Windows within your guest. It also means that the guest can utilise the physical …
3
HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY
PROBLEM
      If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network.

In my case, the Eset client was able to pick up the virus but, it was not able to clean it successfully.  Eset created a stand alone tool that is executed from the command prompt that you can download here that handles removal nicely.
http://kb.eset.com/esetkb/index?page=content&id=SOLN2613

SOLUTION
This tool from ESET is great if you need to clean one pc and are in front of it.  To mass deploy and run it silently in the background do this:

1.      Create a network share that all users can read and write to, I called my \\server\merond

2.      Create four items in that folder.
a.      A new folder called logs
b.      A bat script named merond_remove_all.bat with the following line
\\server\merond\ESETMerondOCleaner.exe C:\ youradministratorpassword /user:yourdomain\administrator -v> \\server\merond\logs\%computername%.log 2>&1
c.      A copy of ESETMerondOCleaner.exe downloaded from eset
d.      A VBS script named merondremove.vbs with the following three lines
Set WshShell = WScript.CreateObject("WScript.Shell")
obj = WshShell.Run("\\server\merond\merond_remove_all.bat", 0)
set WshShell = Nothing

3.      In the Eset console, on the remote install tab, right click and click manage packages.  On the “Type” pull down select custom …
0
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet.

BitCoin is an incredible invention. It is a decentralized currency system, which is the freest of all currency and trade systems conceived to date. Send and receive money with anyone in the world right from your computer without the need of any special subscription service or bank account.

But there's a problem: your money can be easily stolen.

The BitCoin application stores your BitCoins in a file called wallet.dat. The file, under normal circumstances and when it is in use, is unencrypted and vulnerable to theft.

And so comes the classic dichotomy between security and usability. If you're savvy enough to be using BitCoin, then you don't need to be told that ease of use and security are at odds with one another. Further, you also know that the more valuable something is, the more it needs to be protected because it becomes a larger target for the "bad guys".

BitCoin is no exception. Imagine the hundreds of thousands of computers on the internet who are actively running a BitCoin application. Now imagine that you have written a virus, which you cleverly distribute as "update" software or via email. Once run, the virus exploits the system with one goal: find your wallet.dat file, and send it back home to the mothership.

Now, imagine that you were only successful 1% of the …
9
 
LVL 35

Expert Comment

by:Terry Woods
Comment Utility
I only just discovered this article, after I wrote my 2nd one relating to Bitcoins - fortunately we haven't overlapped much! I will have to investigate how to set up alerts for new articles.

Your comment "Because you need to be able to accept BitCoins at any given time, you must have the BitCoin program running at all times" doesn't entirely make sense - you can receive Bitcoins at any time to a wallet address that isn't currently being accessed by any Bitcoin client (ie to your banking wallet addresses). It doesn't matter if the only wallet file containing the data for the address is in your encrypted backup file (hopefully, with multiple copies stored in multiple physical locations). You can find the balance against each receiving address using http://blockexplorer.com so you don't even need to open the wallet in a Bitcoin client to determine your balance. There would be no harm in storing an online list of your wallet's receiving addresses with an untrusted 3rd party so that you can easily get a total balance whenever you like.

The technique you describe is definitely still useful for when you want to spend a small number of Bitcoins without going through the hassle of booting a Live CD with your secure wallet (or whatever technique you use). A nice analogy might be how businesses have a petty cash box for convenience, but everyone knows it's vulnerable to theft and it never holds an amount that will bankrupt the business.

Voted helpful!

Cheers,
Terry
0
 
LVL 8

Expert Comment

by:coolfiger
Comment Utility
there is allready a bitcoin minig botnet . Security sites are reporting a large botnet seeking to rip off bitcoin users

btw nice article
0
For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl, the Zone Advisor for the Virus and Spyware Zones).

This tool IS easy enough for the casual user to implement, but be careful if you do - and you should always post your questions right here on EE, if you need additional help.

The purpose of this Article is to provide some basic usage and reference information about a tool developed by EE Expert “Tigzy”.

index.png
I have tested it on Windows XP (SP3) and Windows 7 Ultimate (SP1) systems and have been very impressed. It is quick, easy, and effective – AND – it addresses many of the most common sets of “after” symptoms once the malware repairs are done (HOSTS file, Proxy, DNS, etc).

First the basics and link information.

Lien pour ceux qui parlent Français: http://www.sur-la-toile.com/RogueKiller/

Link for the rest of us: http://www.geekstogo.com/forum/files/file/413-roguekiller/
[Current version on 17 JUL 14 is 9.2.3]

The usage instructions are as simple as:
1 – Download the file RogueKiller.exe to your desktop, and
2 – Double-left-click on the file (right-click, then Run as Administrator for 7 and Vista).

At this point a "pre-scan" will complete …
46
 

Expert Comment

by:matedwards
Comment Utility
great post.. straight and clear to understand.. many thanks

Mat
0
 
LVL 38

Author Comment

by:younghv
Comment Utility
@Mat - thank you for the nice comment. Glad it helped.
0
The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information.

According to “Computerworld”, well over one million web sites have been compromised with an SQL injection cyberattack known as “LizaMoon”.

http://www.computerworld.com/s/article/9215428/Millions_of_sites_hit_with_mass_injection_cyberattack

That number of infections was as of April 1st (a favorite day for new malware releases), 2011, so we can be assured that the number is much higher by now.

The resultant infection is known as “Windows Stability Center”.
When infected this is the image you will see on your monitor:

 ScreenShot
This infection is yet another version of the common “Scareware” or “Ransomware” infections.

To repair this infection, you will need three free (downloadable) tools.

RogueKiller: http://www.geekstogo.com/forum/files/file/413-roguekiller/
OR
RKill: http://www.bleepingcomputer.com/download/anti-virus/rkill

Shell.reg: http://download.bleepingcomputer.com/reg/shell.reg
Malwarebytes: http://www.bleepingcomputer.com/download/anti-virus/malwarebytes-anti-malware

The safest method for getting the files you need is to download them from a clean computer and then burn them to CD (or USB stick if you don’t have that option).

If you don’t have another computer, you can download the files you need after the fake scan is completed.

Complete …
7
 

Expert Comment

by:happyhenrik
Comment Utility
I was actually considering posting a question about this, but the affected pc was a pretty standard pc, that was re-imaged within an hour
0
 
LVL 38

Author Comment

by:younghv
Comment Utility
happyhenrik:

Thank you for commenting.

I remember the days of having Images (or slip-streamed loads) for all the computers in our Domains, and never having to worry about trying to disinfect/repair. It was certainly less complicated.
:-)

Most of the people I help here on EE don't have that luxury and are just trying to figure out how to get their one home computer functional. The lucky ones have a second computer they can use to post their questions, while they are working on the down one.

My repair business is almost entirely home computers - 99% of which have never had the data backed up - so a format/reinstall is not an option.

FWIW - my typical repair job (using the basic tools above) only takes about an hour.

If you ever do have a malware problem that you need to handle manually, I'll look forward to helping.
0
UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing).

This release will be the last to include any feature updates. Any updates going forward will only include fixes for reported defects.

* The website formatting of this particular article is a little unyielding. Please review the guide attached to this article for a version easier on the eyes.
 
PREFACE
The purpose of this guide is to explain what the SEPM Status Utility is and how it works. I have tested this utility in an environment consisting of 54 SEPM's, 17 database servers and 17 SEP sites. While I am confident this utility will work well in environments its targeted towards, I must add a caveat that every environment is different and you may encounter errors.

AUDIENCE
Information Technology personnel responsible for the support of a two (2) or more SEP Site environment where replication is in use. The utility is not targeted to single SEP Site or embedded database environments.

ASSUMPTIONS
1. MS SQL is being used for the SEPM database. The embedded database is not supported by this utility.
2. There is one (1) password used for all of the SQL user accounts. If there is a different password for each account, the utility will fail to run properly.

PREREQUISITES
1. The Admin must know, or be able to …
3
 
LVL 2

Expert Comment

by:SaqibAlam
Comment Utility
Wow Gr8 reporting tool for SEPM
 
0
 
LVL 8

Expert Comment

by:Senior IT System Engineer
Comment Utility
thanks for sharing !
0
What, When and Where - Security Threats from Q1
What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line.

I thought I’d share my experience with you.

Why is it useful to be able to update an Antivirus from the command line?
Because it lets you control the schedule of this process.
For instance you can decide that you want to try to update each time the computer is booted. Or when a user logs in. Or when the computer has been idling for a certain amount of time. Or even at fixed moments.

It can also be a very nice thing to be able to do that when the normal/automated update does not work. And this was my primary reason for developing this utility: Some of the users I had to support were not connecting often enough to their corporate intranet. And their “anti-virus update servers” are on said intranet. The IT/Security team for their corporate IT/network had specified to use McAfee’s public update servers at the end of the list of update servers, but for some reason, it was not working as expected. Since I was in a hurry and could not spend too much time debugging McAfee’s product, I decided to create a simple script and to make sure it was launched often enough.

I came across several sources on the web, but the one that was really helpful was:
https://community.mcafee.com/message/113439


So I created a script that should be usable on most of the Windows systems that use McAfee virusscan. You need wget for this to work:
2
PREFACE
The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I will only support my work.

AUDIENCE
Information Technology personnel responsible for support of the SEP environment.

ASSUMPTIONS
1. The SEP client is already installed on the system the utility is to be ran on.

PREREQUISITES
1. A local administrator privileged account must be used.
2. The SEP client must be managed by a SEPM.

DEFINITIONS
SEP – Symantec Endpoint Protection
SEPC – Symantec Endpoint Protection Client
SEPM – Symantec Endpoint Protection Manager
FQDN - Fully Qualified Domain Name

ABOUT
The utility will report on the status of the SEP client. It works similar to the Support Tool that can be downloaded from within the SEP client from the Help & Support menu, but is geared towards more of a quick-view when a full blown analysis is not required.

The utility does not collect any data other than what is required to generate a log file for review.

If you experience any issues, you can contact the utility author, John Lamb at john@jmlamb.net. Please provide any error messages received in your email.

DISCLAIMER
THIS UTILITY IS NOT ENDORSED OR SUPPORTED BY SYMANTEC TECHNICAL SUPPORT. IF YOU REQUIRE ASSISTANCE PLEASE CONTACT THE AUTHOR AT …
7
 
LVL 38

Administrative Comment

by:younghv
Comment Utility
cms1978 -

I think it will help you to understand what this Article is all about if you will carefully read through it.

After doing so, I am sure the Author will be glad to respond to any comments you have - if they are pertinent to the Article.

As for your last comment, please post your question in the appropriate Zones - not in an Article published in the "Symantec Anti-Virus" Zone.

younghv
EE Zone Advisor & Page Editor - Virus & Spyware
0
 
LVL 1

Administrative Comment

by:modus_operandi
Comment Utility
Off-topic comments deleted

modus_operandi
EE Admin
0

Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture?

facebook security masked man
Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and talking to their friends.

This is very confusing. I find it is usually done by someone who:

A) You know in real life, but for some reason they have decided to try to attack you online.

B) You DON'T know at all, and they simply don't have the means to create an awesome profile or simply aren't photogenic and want to fool people with your personal photos.


Thankfully, this can end pretty much within about 5 days after you report a fake account to Facebook.

Dealing with Facebook Account Hijackers

There have been some worse cases where people 'hijack' other people's Facebook profiles simply by duplicating them and adding all of their 'Facebook friends' to a point where it is simply too confusing to know which is which. When the culprit that is trying to mess with the real person, they often send out 'dis-information' style messages that claim that someone is copying their account, thus adding to the confusion.

Recently I had to solve this problem for a friend in NYC. There is a simple, yet effective solution.

The Problem?

My Canadian friend Sally, now in NYC, started getting messages from friends regarding messages and friend adds they were getting from someone they thought was her.
1
 
LVL 2

Author Comment

by:Aaron @KRONiS
Comment Utility
sure but my point is you can only get that username once with her firstnamelastname and then she posts the image and if someone wants to get her lastname firstname and post an image, then the image will be different...

so sure that person could try to continue to harrass her by making his own version with different spellings but i think her doing that first trumps it.

i wouidn't spend to much energy on thinking of how to 'beat this solution' as it will work once with your friends, as long as you don't keep changing the picture.

AK
0
 
LVL 38

Expert Comment

by:BillDL
Comment Utility
Hi guitarify (Aaron)

It would seem that your friend Sally hasn't persisted with your idea of watermarking her facebook images, or else I've just been looking at the facebook page created by her nemesis.  Your supplied image wasn't difficult to match using tineye.com where I found your other two articles in which sally's surname is provided.  From there a google or facebook search provides a quick match, and all the images on her facebook page are completely public.

While your article is very interesting and does highlight some definite problems with social network "stalking" or "identity mirroring" (or whatever other buzz words apply), your solution can only be of any value to users if applied consistently and continuously.  While some peoples' facebook profiles must remain "approachable" and open because they live or work in an area that involves publicity of some kind, this type of thing is always going to be an issue.

This isn't a negative comment, it is just a realistic observation.  I used to be a legal investigator and I have an inquisitive nature, in case you wonder why I went off looking for matches.

Good article though.

Bill
0
PREFACE
The purpose of this guide is to provide information to successfully install the MS SQL client tools for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008.

AUDIENCE
Information Technology personnel responsible for support of the SEP environment, or Server Administrator personnel responsible for the support of MS SQL.

ASSUMPTIONS
It is assumed that the personnel implementing the steps in this guide have basic knowledge of administering the Windows Server 2008 operating system.

PREREQUISITES
1. An administrator privileged account must be used.

DEFINITIONS
SEPM – Symantec Endpoint Protection Manager
MS SQL - Microsoft Structured Query Language

REFERENCES
I was unable to locate other sources that provided the same information contained herein. Other sources make mention to the MS SQL client tools required, but do not provide the steps to install them.

STEPS
1. Logon to the SEPM server with an administrator privileged account.
2. Browse to X:\SQL2008EE\SQLFULL_ENU. Where X: represents the drive the media is on.
3. Run Setup.EXE. Click Continue when prompted.
4. Click Installation from the left hand menu.
SQL Server Installation Center5. Click New SQL Server stand-alone installation or add features to an existing installation.
SQL Server Installation Center6. Confirm that the Setup Support Rules completed successfully.
7. Click OK.
SQL Server 2008 Setup8. Confirm the Product Key is correct and click Next.
SQL Server 2008 Setup - Product Key9. Accept the license terms and click Next.
SQL Server 2008 Setup - License10. Click
1
 
LVL 38

Expert Comment

by:younghv
Comment Utility
As a former Network Security guy, these are the kind of "usable" instructions I would have really appreciated.

Thanks for putting this one together.

"Yes" vote above.
0
PREFACE
The purpose of this guide is to provide information to successfully add specific IIS 7.0 role services for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008.

AUDIENCE
Information Technology personnel responsible for support of the SEP environment, or Server Administrator personnel responsible for the support of IIS.

ASSUMPTIONS
It is assumed that the personnel implementing the steps in this guide have basic knowledge of administering the Windows Server 2008 operating system.

PREREQUISITES
1. An administrator privileged account must be used.

DEFINITIONS
SEPM – Symantec Endpoint Protection Manager
IIS – Internet Information Server
CGI – Common Gateway Interface
ASP – Active Server Page

REFERENCES
I was unable to locate other sources that provided the same information contained herein. Other sources make mention to the IIS role services required, but do not provide the steps to install them.

STEPS
1. Logon to the SEPM server with an administrator privileged account.
2. Click Start then Run.
3. Type appwiz.cpl into the Open field and click OK.
4. Click Turn Windows features on or off under Tasks. Click Continue when prompted.
5. Click Roles under the Server Manager menu.
6. Scroll through the roles on the right until you reach the Web Server (IIS) role.
7. Under Role Services confirm the following services are installed:
a. ASP.NET
b. CGI
c. IIS 6 Management Compatibility

Windows 2008 Server Manager
3
 
LVL 38

Expert Comment

by:younghv
Comment Utility
Excellent "usable" style of Articles being presented.
I just saw a Symantec question revolving around "IIS 7.0" and will have to go look for it.

Big "Yes" vote above.
0
OVERVIEW
This guide provides information on the process performed when the Symantec Endpoint Protection (SEP) client checks in with the Symantec Endpoint Protection Manager (SEPM).

AUDIENCE
Information Technology personnel responsible for support of the SEP environment.

DEFINITIONS
SEP – Symantec Endpoint Protection
SEPM – Symantec Endpoint Protection Manager
GUP – Group Update Provider
LU – LiveUpdate

REFERENCES
Heartbeat size information referenced from http://service1.symantec.com/SUPPORT/ent-security.nsf/383ed085ad1ed2c6882571500069b34d/18873ad6514d93b2882576cc0065df54/$FILE/SEP%20Sizing%20and%20Scalability%20Best%20Practices_%20v2.1_Final.pdf.

HEARTBEAT PROCESS
1.      SEP client reads sylink.xml to determine first available SEPM according to priority.
2.      SEP client connects to SEPM.
a. If session cannot be established within 30,000 milliseconds, check-in process terminates until the next heartbeat interval.
3.      SEP client performs an HTTP GET of index.dat from the SEPM and compares it against the client copy for any deltas.
a. Content differences will check against LiveUpdate policy for current location.
4.      SEP client performs an HTTP GET request to obtain URLs to download files.
a.      URLs will correspond to the SEPM or GUP depending on LiveUpdate policy.
b.      If SEPM is specified, content will download over TCP 8014 (recommended web site port).
c.      If GUP is specified, content will download over TCP 2967.
4
 
LVL 38

Expert Comment

by:younghv
Comment Utility
Very helpful for any Symantec Administrator - well written.

"Yes" vote above.
0

Anti-Virus Apps

22K

Solutions

23K

Contributors

Anti-virus software was originally developed to detect and remove computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious layered service providers (LSPs), dialers, fraud tools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity theft (privacy), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT), botnets and DDoS attacks.