Anti-Virus Apps

22K

Solutions

23K

Contributors

Anti-virus software was originally developed to detect and remove computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious layered service providers (LSPs), dialers, fraud tools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity theft (privacy), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT), botnets and DDoS attacks.

Share tech news, updates, or what's on your mind.

Sign up to Post

It's not uncommon to go to a website that gives you a frowny face and guilt tripping you that "We see you have an ad blocker. But that's how we make our money." So then if you really want the site you can white list them. And then typically you forget about it. Is there any way to tell in what ways the sites have taken advantage of your white listing? If they gave you spyware or something else malicious can you trace the malware to the site that gave it to you?
0
Price Your IT Services for Profit
Price Your IT Services for Profit

Managed service contracts are great - when they're making you money. Yes, you’re getting paid monthly, but is it actually profitable? Learn to calculate your hourly overhead burden so you can master your IT services pricing strategy.

It would appear that my email account has been compromised.

I recall a few months ago I received an email purporting to be from one of my friends with the text that they were sharing a file on Dropbox with me.  I thought it was a bit suspicious and didn't open the link, don't think I did anyway. However, it would appear that I have been subsequently compromised as other friends are now receiving emails from me with the same, that I am sharing a file from Dropbox; I don't have a Dropbox account.

I have done some research and it seems that this is quite a common phishing technique but the research that I've seen suggests that you get infected not just by opening the link but by entering account information on the site that comes up. I wouldn't have done that as I am usually quite careful where I enter my account details.

Whatever, it seems like I have been compromised and would like to know how to prevent the spam emails from going out.

I already have McAfee Live Safe on all devices (need to double check all devices is correct); I don't think McAfee covers malware unfortunately.

I have tried Malware Bytes, with free trial for the premium service to make sure I get the full package but Malware Bytes found nothing on my phone or tablet which is the most common place of accessing my emails.

Any suggestions greatly appreciated for cleansing my account; my soul is already lost so no hope there!!!
0
My OS is win 7 64 bit and the only anti virus I have is the win 7's own, Security Essentials.  Somehow Zemana Anti Malware got onboard.  Please advise if my present Security Essentials is sufficient enough or should I install Zemana also, or if there is a better choice.  thanks
0
We use McAfee VSE version 8.8.0 (8.8.0.2024) on all the systems on our Domain.  They're all running the same version, same Patch, Same Definitions.  For some reason some machines flag an application as Trojan, but not others I'm not sure if this is a setting, if it's a setting I'm not sure which one to check.  I attempted to transfer file to Internet connection machine to upload to VirusTotal for analysis but CylancePROTECT immediately quarantined the file.  So if it's not flagged I'm wondering why.
0
Hi, I'm looking for an antivirus solution for one Windows Server 2012 R2.  I normally don't care about that because I don't do browsing from the server, but I have a client that is insisting on it.  I'm hoping for something light that isn't too draconian.

Also side note, am I on crack for not AVing my servers?  I have never had an issue.

thanks all.
0
Does anyone know of a tool that can successfully remove EMOTET?
0
Greetings,

Unfortunately I recently had to deal with a ransomware attack at a client.  It was the W32 CoinMiner Trojan.  The virus infected a new Windows 2016-based Parallels RAS server I was preparing for rollout, and it used that server as a launch point to attack and encrypt files in every non-hidden share across the network.  A couple of servers were heavily infected beyond repair.  Luckily I employ Veeam backup and replication for the client and was able to restore the infected servers to a clean state from the previous night.  Bi-hourly replication jobs using Veeam of the main data file servers allowed me to recover data to within a 2 hour recovery period.  The network is a VMware Esxi 5.5-based environment that uses 2 physical hosts, a primary host which contains the main operating servers, and a 2nd host which operates as the replication target.  Veeam 9.X is used to regularly replicate the main data servers from the primary host to the replication host.

My question is how to best protect against this type of attack going forward.  I had in place at the client an access control policy implemented via Mcafee anti-virus 8.8 VirusScan Enterprise's Access Protection.  I used Mcafee's Access Protection options to create a number of custom access control rules, by which only legitimate applications, e.g. winword.exe, adobe.exe, iexplore.exe, excel.exe, are allowed to write to the most common types of data files on the network.  This is in place on all PC's and …
1
I am getting Clients who get their Cell phone Compromised because they install Renegade Apps

Steals their contact list and thus begins the spamming of Family and Friends

What can I use to stop this???

Cjoego
0
Setting up mcafee epo server.  
Tried with sql express 2016. No issues using Windows auth

Now building it for real.
Install sql 2016 std  on my server.  My own account is sys admin.   I can log on to management tools, create an odbc etc so my account works.  But when I’m installing epo.  It says I need to use an account with sys admin.    I do have sys admin.   Has been rebooted etc

If I change epo to use sql authentication.  It works fine.  


What might be going on ?  I know you can use Windows auth for epo.  (Preferred for our environment )

Sql 2016 standard.
Windows 2012 r2
Mcafee docs are a bit thin on sql but I match all there criteria.
0
I have a Solaris Clam AV repository server (in DMZ) working already, getting signature
updates every hourly.

Next, I have an internal RHEL6 server:
1. Need a link to download all the pre-requisite packages for Clam AV as well as Clam package
2. Can provide me a URL to get a step-by-step guide on the installation & how to get updates
    from the repository Solaris server
3. How to get on-access scan working on RHEL6 ? Ideally not to add fanotify or too many
    3rd party packages
0
4 signs you’re cut out for a cybersecurity career
4 signs you’re cut out for a cybersecurity career

It’s one of the most in-demand fields in technology and in the job market as a whole. It’s crucial to our individual and national security. And it may be your path to a future filled with success and job satisfaction—if these four traits sound like you.

Here is a sample of the notifications Webroot sends:

Threat List:
MYINBOXHELPER-11554925[1].EXE, W32.Adware.Gen, %appdata%\microsoft\windows\inetcache\low\ie\r0wen413\, https://snup.webrootcloudav.com/SkyStoreFileUploader/upload.aspx?MD5=1A45B3AE41C8DDD1F82FFB1B46ED57B9 1A45B3AE41C8DDD1F82FFB1B46ED57B9,

Doesn't anyone have any idea how to translate that to a name and a payload with a little more information about it? I gotta tell ya... Webroot support really sucks....
0
Quite often, our threat intel provides us hash value of malwares/IOC in SHA256 only or SHA1 but
we need to key in MD5 into our EDR product to detect/block the IOC.

Have used the following hash converter & another online one but the converted value doesn't match what Virustotal.com give:
  http://onlinemd5.com/

Eg: a recent hash from threat intel, in virustotal it gives the following SHA1 & SHA256 values when I search by MD5 the hash value
      but if we input this same MD5 at above link, it gives a totally different ShA1/SHA256 values

Virustotal gives the following :
SHA-256:  539ecca8b99ef55f41b43a78cd92bd4d7e0ed023063735f0d59f483a6d0de298
MD5  :       ccd53d34c6d61dfce9a42aace3956546
SHA-1 :     2027fabc044797a23ef99b62de704222ee8a8b00

Guess onlinemd5 gives the hash of a string entered.

Without uploading a file, I'll need to calculate the hash values for SHA1 & 256.
Often, virustotal don't have the IOC so I can't always use virustotal.



The MD5_and_SHA_Checksum_Utility  also requires file/IOC to be uploaded.

Appreciate any other online URL or freeware (ideally a standalone one;  a
command line standalone will be even better)
0
This is a planning in writing a vbscript to find out PC OS, service pack, missing patches, computer name, antivirus software installed, personal firewall, and so on. This vbscript was evaluated and works without problem. The "last piece" of the check that we are thinking to put in is the checking of PC for any possible infection of virus. How do we ensure that the pc is really virus-free? Can we write a script to check for some "run", "runonce", and other registry key and values? the objective is this seems to be a "preliminary" check for the virus infection, malware, spyware, and so on. MS Windows clients from windows 7 to windows 10.

If so, any sample for the script on this virus checking?

Thanks in advance.
2
What is a good portable antivirus to use from USB flash drive?
0
Hi I have been setting my clients in windows defender sandbox mode.  Question, when I run the setx /m mp_force_use_sandbox 1 on Windows 7 it seems to update correctly.

Question, can Windows Defender be run in sand box mode?  I get mixed answers on line.

Thanks a ton.
0
This question is not for me but it should serve the community. A question gets more attention than a post, I guess, that's why.

There is an exploit that was published on December 19th. It enables non-admin users of windows systems to read files that they normally wouldn't be allowed to access.
Implications should be obvious: shared systems such as terminal servers or department laptops will be the primary targets.

I will provide the sha256 hash value: 6711ea982ae9a03f8ba5e555c49cefe36dd7ae9991e742e3b5b1d214d02409c1

Insiders will be able to create a custom AV detection using that hash!
Now for the question: If you want to earn points and serve this community, please add a description about how to add a custom detection for any of these AV products that, as of now, still don't detect this malware:
--
Acronis
AhnLab-V3
Alibaba
Avast-Mobile
Avira (no cloud)
Babable
Baidu
Bkav
CAT-QuickHeal
ClamAV
CMC
Comodo
CrowdStrike Falcon (ML)
Cybereason
DrWeb
eGambit
Endgame
ESET-NOD32
F-Prot
Ikarus
Jiangmin
Kingsoft
Malwarebytes
MAX
NANO-Antivirus
Palo Alto Networks (Known Signatures)
SentinelOne (Static ML)
SUPERAntiSpyware
Symantec Mobile Insight
TACHYON
TheHacker
Trapmine
Trustlook
VBA32
VIPRE
ViRobot
Yandex
Zillya
Zoner
--
0
Background: Helping a friend troubleshoot problems on his Windows 7 Home system, which may have malware or a virus, among other issues. He claims to have the latest, up-to-date Microsoft Security Essentials and a version of Malwarebytes with real-time protection. His system has TeamViewer (free for personal use), but I don't know the version. My W7 Pro system has the latest, up-to-date MSE and MBAM Premium (real-time protection), and the latest TeamViewer 14.1.3399 (free for personal use).

Question: Can malware or a virus on his system traverse the TeamViewer connection and infect my system?

Thanks much, Joe
1
I’m trying to compare the two solutions, between Webroot anywhere secure with DNS protection or Sophos interecptX advanced with EDR.
I do have a Sophos Firewall, but I’ve been using Webroot for now and just tested InterceptX and I have to decide which route to take.


Does anyone have any recommendations?
0
I am working for a client that would like to leverage Windows Defender as their endpoint security solution.  I would like to recommend a different endpoint security solution to them in favor of Defender.  How would you make your recommendation to the team and what talking points would you focus on?

Let’s say you’ve been successful in your recommendation and the client decides to implement the solution you pitched.  About 6 months after you are done with the implementation, issues start to arise and the cause seems to be the endpoint security solution you recommended and implemented.  The client is asking to have the issues resolved immediately, however the vendor is not being responsive or supportive, and has indicated they may not have a fix for the problem.  The client is also alluding to wanting to move back to Defender.  What steps would you take with the client to alleviate their concerns about your recommended product, and what steps would you take with the vendor to ensure prompt replies and a sense of urgency?
0
Exploring SharePoint 2016
LVL 13
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

The client complains about the expense on antivirus software. What solution are you using for a company running over 150 computers?
This client has been using Trend Micro for over a decade, which is installed on servers and PCs. Every year when renewing the software, the client always questions
- Is there anything cheaper but doing the job?
- Can we disable internet access on certain computers and save the license on them?

I am so fxxking annoyed.
1
We have used Symantec Endpoint Protection for antivirus for the last 10 years. But now that Windows Defender keeps getting better and better (specifically the new sandboxing) I am considering abandoning Symantec. The reason we haven't been able to make the switch yet is that I need the central notifications, so that as the admin I know of every infection, and also need to verify that definitions are updating on all PCs.

I once heard something about a third party package that uses the Defender engine but adds a management layer on top of it. What are some packages that do this? Any recommendations?
1
Some virus is filling up my HD, malwarebytes can't find the problem
any idea of what to do?
0
https://thehackernews.com/2018/12/china-ransomware-wechat.html?m=1

referring to above link, it did not give the hash for the malware but I need to check if signature has been released by Trendmicro.

Once I have the hash value, can enter into virustotal to check
0
We are having and issue with deleting computer profiles. This profiles are usually deleted during the nightly reboot and reloaded at logon. After a closer look, the issue is with a hidden log file in the profile for Avast. So I logged into one of the computers having this problem to troubleshoot it. Logged in with a admin account. Tried to take ownership so I can deleted it. All I have tested will not allow it. Never, had this issue before. This is one Windows 7 computers.

Any ideas would be appreciated.

Regards,
ABBEadmin
0
When we get threat intels info for hashes to be added to Trendmicro
Officescan, the MD5 or SHA1 hash value has to be entered into an
IOC Editor (we use Mandiant's ie
 https://www.fireeye.com/content/dam/fireeye-www/services/freeware/ug-ioc-editor.pdf)
 to generate 2 values indicated by 1st value & 2nd value enclosed in "...'  below.

However, sometimes, the intel that comes in can be more than a hundred, so this makes
it very tedious to manually generate the values & populate into the IOC file for Officescan
to read in.  Is there an automated way / script to generate the 2 values for each hash &
auto-populate (using script etc) or an easier way for Officescan to read in just the hash
values?    Have logged a case with Trendmicro & was advised to do it manually which
does not help at all.

attached the full IOC file.


   Sample IOC file's content:
   ====================
<?xml version="1.0" encoding="us-ascii"?>
<ioc xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" id="2146113a-1513-4be6-b07e-f43969847a6a" last-modified="2018-12-02T02:19:17" xmlns="http://schemas.mandiant.com/2010/ioc">
  <short_description>Default</short_description>
  <authored_date>2017-09-26T02:58:26</authored_date>
  <links />
  <definition>
    <Indicator operator="OR" id="a1c825b0-ae7f-4461-85dd-25a20720acac">          <== 1st value enclosed in "...";  once only for entire IOC file
      <IndicatorItem …
0

Anti-Virus Apps

22K

Solutions

23K

Contributors

Anti-virus software was originally developed to detect and remove computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious layered service providers (LSPs), dialers, fraud tools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity theft (privacy), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT), botnets and DDoS attacks.