Virus-Trojan Protection

  • Thread starter Thread starter Bob
  • Start date Start date
B

Bob

Everyone has their favorite protection, but what is a good Virus-Trojan
protection program?
I thought I had a good one - Avast - , but I found a Win32:SdBot-gen44 on my
computer today. Maybe its a new one out.
It was the free version. Maybe I should pay for one and get full
protection. I did get it out, but a lot of trouble.
thanks for any info.
 
Bob aka (e-mail address removed) in alt.comp.anti-virus
Everyone has their favorite protection, but what is a good
Virus-Trojan protection program? I thought I had a good one - Avast
- , but I found a Win32:SdBot-gen44 on my computer today. Maybe its
a new one out. It was the free version. Maybe I should pay for one
and get full protection. I did get it out, but a lot of trouble.
thanks for any info.
Click to expand...

If you need a free AV try AntiVir.
Do not buy Avast- use Nod32 or Kaspersky for a paid AV.
By the way,what AV found the malware you speak of?
My other thoughts are found on my pages(see below)

max
--
Playing Nice on Usenet:
http://oakroadsystems.com/genl/unice.htm#xpost
My Pages:
Virus Removal Instructions
http://home.neo.rr.com/manna4u/
Keeping Windows Clean
http://home.neo.rr.com/manna4u/keepingclean.html
Windows Help and Tools
http://home.neo.rr.com/manna4u/tools.html
Change nomail.afraid.org to gmail.com to reply.
nomail.afraid.org is setup specifically for use in USENET
Feel free to use it yourself.
 
From: "Bob" <[email protected]>

| Everyone has their favorite protection, but what is a good Virus-Trojan
| protection program?
| I thought I had a good one - Avast - , but I found a Win32:SdBot-gen44 on my
| computer today. Maybe its a new one out.
| It was the free version. Maybe I should pay for one and get full
| protection. I did get it out, but a lot of trouble.
| thanks for any info.
|

That's a SDBot internet worm. The question is ... "How did yoy get it ?"

Did you have an OS or OS component vulnerability that was exploited ?

Did you download a file ?

Did you visit a web site that installed it via na exploit ?

Unfortunately, Avasy doesn't have a good library where we can examine the characteristics of
this SDBot variant.

I do suggest that if you are connected to Broadband Internet that you use a Cable/DSL Router
such as the Linksys BEFSR41 or a Router with a full FireWall implementation. In either
case, I always suggest to specifically block TCP and UDP ports 135 ~ 139 and 445. Many BOTs
exploit vulnerabilities in these ports and the above goes a long way in mitigating these
threats.
 
Bob said:
Everyone has their favorite protection, but what is a good Virus-Trojan
protection program?
I thought I had a good one - Avast - , but I found a Win32:SdBot-gen44 on
my computer today. Maybe its a new one out.
It was the free version. Maybe I should pay for one and get full
protection. I did get it out, but a lot of trouble.
thanks for any info.
Click to expand...

Kaspersky Anti-Virus
NOD32
Avira PE Premium
 
Dave, to answer your first and third question: I "think" I got it through a
download. I had just run a complete through virus check on my archives ect.
and I came up clean.
I downloaded (should have known better) a program "Spybot Terminator". It
had a search engine called "Crawler".
My AVAST did find it and the date and time coincided with the download.
I am on broadband, and use Linksys as my router.
I am now coming up clean on all the different scans I have done. So.....no
more downloads to "try" something.
I'm going to a good "Pay-for-Protection". As the saying goes, you don't get
something for nothing.
 
Dave, I was mistaken, it was called SpywareTerminator from
spywareterminator.com. Not Spybot.
 
Tony, Avast found it, but only after it had already installed itself. By
the way, it was all in the "restore" section of the registry.
 
From: "Bob" <[email protected]>

| Dave, I was mistaken, it was called SpywareTerminator from
| spywareterminator.com. Not Spybot.
|

I doubt that it was the source of your SDBot variant. Since you state you are suing a NAT
router, I doubt that it wormed its way through a network protocol.

You may have gotten it through social engineering to get past your defenses.
 
From: "Bob" <[email protected]>

| Tony, Avast found it, but only after it had already installed itself. By
| the way, it was all in the "restore" section of the registry.
|

Please state fully what you mean by " ..."restore" section of the registry...".
 
1. Tony, you've got me on that. All I know is, when Avast was scanning my
registry, it found the Trojan where it had a string of numbers and said
restore, and snapshot. That's when I started using the virus chest. After
I got out of that section that said restore, it resumed scanning as usual.
I assumed that was the restore area that does a system restore of your
windows. Maybe Dave can explain it to you or us.
2. Dave, what do you mean by social engineering, maybe through email? You
got me on that term.
 
1. Tony, you've got me on that. All I know is, when Avast was scanning my
registry, it found the Trojan where it had a string of numbers and said
restore, and snapshot. That's when I started using the virus chest. After
I got out of that section that said restore, it resumed scanning as usual.
I assumed that was the restore area that does a system restore of your
windows. Maybe Dave can explain it to you or us.
2. Dave, what do you mean by social engineering, maybe through email? You
got me on that term.
 
From: "Bob" <[email protected]>

| 1. Tony, you've got me on that. All I know is, when Avast was scanning my
| registry, it found the Trojan where it had a string of numbers and said
| restore, and snapshot. That's when I started using the virus chest. After
| I got out of that section that said restore, it resumed scanning as usual.
| I assumed that was the restore area that does a system restore of your
| windows. Maybe Dave can explain it to you or us.
| 2. Dave, what do you mean by social engineering, maybe through email? You
| got me on that term.


I'd like to see the LOG file from Avast and and get a handle on what you meant by
"..."restore" section of the registry".

Social Engineering is a concpt where malware author and malicious web sites use the social
exploitations such as sexual curiosity or the desire to get something for free. Social
Engineering is applying or manipulating the desires of people to get them infected.

It could be a News Post that says "see video of Bo Derek nude" or "video of Bin Laden
hanged".

It could be a video web site that puports to have x-rated videos. You try to play a video
and it says you need a video codec to see the video and downloads "supercodec.exe".

It couold be a WMV file called "Jennifer Love Hewitt Runway Bikini.wmv" and when you agree
to the terms and click on "Play" it downloads SETUP.EXE.

These are all forms of Social Engineering to get past your defenses.
 
Thanks for the explanation Dave. Well, I'm an old fella and that leaves out
the sexual curiosity part, if there's anymore to see than I have already
seen, I'll pass on it. As far as getting something free, I don't knowingly
don't fall for that unless it's something like the free Home Edition of
Avast, or free virus scanners from reputable companies. Like I say, I'm an
old fella, and I stay with what I "think" are reputable web sites.

I wish I had saved the LOG file, but deleted it after cleaning my mess up.
I may have used the wrong terminology on "restore section". What it was a
long string of numbers, and in them it said restore/snapshot. I could have
been something like backup restore. I just assumed it had something to do
with the system restore. Anyway, my computer is behaving as it should. I
have run HouseCall, Kasperskies virus scanners plus my Avast, and all have
come up clean.

Thanks for your help and explanations.
 
From: "Bob" <[email protected]>

| Thanks for the explanation Dave. Well, I'm an old fella and that leaves out
| the sexual curiosity part, if there's anymore to see than I have already
| seen, I'll pass on it. As far as getting something free, I don't knowingly
| don't fall for that unless it's something like the free Home Edition of
| Avast, or free virus scanners from reputable companies. Like I say, I'm an
| old fella, and I stay with what I "think" are reputable web sites.
|
| I wish I had saved the LOG file, but deleted it after cleaning my mess up.
| I may have used the wrong terminology on "restore section". What it was a
| long string of numbers, and in them it said restore/snapshot. I could have
| been something like backup restore. I just assumed it had something to do
| with the system restore. Anyway, my computer is behaving as it should. I
| have run HouseCall, Kasperskies virus scanners plus my Avast, and all have
| come up clean.
|
| Thanks for your help and explanations.
|

Glad to help -- anytime.
 
Back
Top