JE said:
Another question, do virus programs, like McAfee detect Trojans or
are they a different breed of cat from a virus? I have a friend that
apparently has a Trojan that keeps porno popups coming up on his
screen. Or would that be a popup ad problem? He uses broadband
service, cable, and he has the pc on all of the time and probably
does not have a firewall. I have heard that is how some of these
Trojans get onto a pc.
Thanks
Vanguardx said:
"JE" <
[email protected]>
wrote in What is a good program for locating, isolating and removing Trojans?
Are they pretty successful and easy to use? Price range
$30.00/$50.00.
Thanks
TDS-3 and TrojanHunter. I've heard of them from other users but have
not used them. Neither provide a list of pests, as do Symantec and
McAfee for viruses and PestPatrol for [spy|mal]ware, so you can't
tell if they cover whatever you may be currently investigating and I
couldn't take a random sampling of what they claim to detect to
check if the anti-virus programs already detect those trojans.
--
_________________________________________________________________
******** Post replies to newsgroup - Share with others ********
Email: lh_811newsATyahooDOTcom and append "=NEWS=" to Subject.
_________________________________________________________________
Symantec
(
http://security.symantec.com/default.asp?productid=symhome&langid=ie&ve
nid=sym) and TrendMicro
(
http://housecall.trendmicro.com/housecall/start_corp.asp) have online
scanners. Other brands might also have freebie online scanners. I
believe they require you accept and download an ActiveX control.
They'll detect but they don't fix (well, it was free after all).
Root kits started on Unix/Linux but some have shown up for Windows.
They dig in at the kernel level so no anti-virus program could catch
them because they can hide from anything since they, after all, have
become part of the operating system. Even if they changed the size of a
system file that the anti-virus program might detect, they are part of
the OS and could report back whatever was the original size of the file
that they altered. They could even implement shadow copying available
in Windows 2000/XP and present one file to the anti-virus program while
actually using a different and altered copy of that file. That's why
the trojan products might help if and only if they can run from a floppy
or CD so they can scan a partition without the OS ever getting loaded
that is in that partition, but maybe the anti-virus products could do
the same if also ran from something other than the OS partition and
*without* that copy of the OS getting loaded. I don't know if TDS-3 or
TrojanHunter are effective at detecting root kits since they describe
nothing of what they detect on their web sites.
I'd say try the free online scanners first to see if they detect
anything. If they do then go buy an anti-virus product. I currently
using Norton Anti-Virus (NAV). It and McAfee are rated about 95%
coverage of in-the-wild viruses. Kaspersky AntiVirus (KAV) and NOD32
are rated at 99% coverage. I was probably going to get Kaspersky when
my subscription for NAV ran out but I found out that Kasperskay adds an
ADS (alternative data stream) to each file is scans where it stores a
hash value and signature of the file which it can use later to speed up
subsequent scans. See
http://www.heysoft.de/nt/ntfs-ads.htm for a
description of ADS (which only exists when using NTFS as the file
system). When you uninstall Kaspersky, all these ADS get left behind.
It is a real nuisance to remove all these superfluous ADS'es if you
uninstall KAV (and I really don't like that they got added if I
continued to use KAV). I haven't heard of NOD32 using ADS, but that
could simply mean that I haven't seen the complaints by its users or the
NOD32 users haven't bothered to look for ADS getting added to scanned
files or maybe they do not even know about ADS. See my other post about
ADS at or
http://groups.google.com/[email protected].
So I'll probably try NOD32 before looking at KAV. It looks like I'll be
make a drive image before install any other anti-virus product in the
future and then check after its install if it is using ADS.
Note that scanning for viruses which may be hidden using ADS will
probably result in not finding it. However, the real-time scanner
(which checks when you load a file into memory) should catch it. Once
the virus loads into memory, it is just like a regular file containing
it had been loaded into memory. So a scan of viruses might not find it
but auto-protector function of the anti-virus program's real-time
scanner should catch it.
--
_________________________________________________________________
******** Post replies to newsgroup - Share with others ********
Email: lh_811newsATyahooDOTcom and append "=NEWS=" to Subject.
_________________________________________________________________
