J
J. P. Gilliver (John)
In message <[email protected]>, Paul <[email protected]>
writes:
[]
Can be replaced with
C:
cd \Downloads
(-:
writes:
[]
[]
Can be replaced with
C:
cd \Downloads
(-:
M
Mark Twain
Hello Paul,
Ever since I stalled Java I have been getting notices
from Java to install it? I believe my computer is infected
So how do I correct it? This Java update just popped up
on my screen so I thought it was legitimate.
Today, the computer gave me all this:
It asked to restart the system which I did and the same
Java installation messages appeared which I answered No.
Should I uninstall Java and where do I get a fresh copy?
and/or start another thread regarding this problem that
came from nowhere!~
Thoughts/suggestions?
Robert
Ever since I stalled Java I have been getting notices
from Java to install it? I believe my computer is infected
So how do I correct it? This Java update just popped up
on my screen so I thought it was legitimate.
Today, the computer gave me all this:
It asked to restart the system which I did and the same
Java installation messages appeared which I answered No.
Should I uninstall Java and where do I get a fresh copy?
and/or start another thread regarding this problem that
came from nowhere!~
Thoughts/suggestions?
Robert
M
Mark Twain
Hello Paul,
Ever since I stalled Java I have been getting notices
from Java to install it? I believe my computer is infected
So how do I correct it? This Java update just popped up
on my screen so I thought it was legitimate.
Today, the computer gave me all this:
It asked to restart the system which I did and the same
Java installation messages appeared which I answered No.
Should I uninstall Java and where do I get a fresh copy?
and/or start another thread regarding this problem that
came from nowhere!~
Thoughts/suggestions?
Robert
and also this:
Robert
P
Paul
Mark said:Hello Paul,
Ever since I stalled Java I have been getting notices
from Java to install it? I believe my computer is infected
So how do I correct it? This Java update just popped up
on my screen so I thought it was legitimate.
Today, the computer gave me all this:
It asked to restart the system which I did and the same
Java installation messages appeared which I answered No.
Should I uninstall Java and where do I get a fresh copy?
and/or start another thread regarding this problem that
came from nowhere!~
Thoughts/suggestions?
Robert
Without looking at your links, this is a known attack.
There are variations on the theme. Typically, this sort of
attack uses videos at bait, where the user is informed "if
you want to see this tasty video, you need to install this
CODEC first". If a person really wants you to see a video
(like Flash video), then it's easy to select a format that
doesn't need a CODEC. Now, in this case, they prey on your
knowledge of the importance of keeping Java updated (even
if Java isn't installed on your computer
). So it's a formof social engineering attack, with a little popup magic in
the browser window.
"Watch Out! Malware Posing as Java Update"
http://securitywatch.pcmag.com/none/307151-watch-out-malware-posing-as-java-update
"A newer version of Java is require" in large, red letters.
Notice the word "required" was not used. This is why
English teachers never get infections on the Internet,
because they check all statements for spelling and grammar
errors
Malware authors apparently never finishedtheir English classes.
*******
Your scan result mentions "Findopolis". This is a PUP
and a different issue from whatever came in with your
Java update.
If you still have the Java update source file (the downloaded
file) in your download folder, you could upload it to virustotal.com.
Chances are though, if you try to visit www.virustotal.com, it won't
let you.
The Findopolis might be removable with Adwcleaner, but without
a list of what AdwCleaner removes, I can't be sure what really handles it.
There is also JRT, which has a relatively short list of supported
removals. Hitman Pro (trial version), as far as I know, that
needs to upload sample files to the cloud for analysis, which
for me personally is a less preferred option. Because I don't
know what it's doing, and a large amount of trust is involved.
My Internet connection is so bad, I only have 50KB to 70KB upload
speed, and it would take eons for such a scanning technique to finish.
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.bleepingcomputer.com/download/junkware-removal-tool/
You'll know more about the fake Java Update exploit, if you
can upload to Virustotal and get a hint. Or, run the Kaspersky
offline bootable scanner CD, and let it check all the files
on the computer.
Those would be my procedures. Other than that, it's "off to
Bleepingcomputer", for a cleaning.
I would also have suggested Malwarebytes MBAM free one-time
scanner, but I remember your difficulties the last time
to get that to run. So I'm not going to even suggest that.
MBAM has the advantage of being able to use heuristics
(watch the behavior of the malware), but the disadvantage
of being hard to get started. It never seems to want to run.
*******
I tried a search on "pluginservice.exe" and there are some
notes here on it. It is used by things that hook into search,
so it could be part of Findopolis. It's hard to believe
the fake Java update just contained Findopolis, as that's
a pretty weak payload. You'd think there would at least
be a dropper or additional crap of some sort. There's no
evidence of "over the top aggressiveness" here
http://malwaretips.com/blogs/pluginservice-exe-virus-removal/
What I can count on, with respect to the malwaretips link,
is their removal instructions for everything, always involve
the same five steps
So those removal instructions arenot all that "custom" in nature. While the steps they recommend may
fix the issue, there is a chance that on average, four of
the five steps are not needed.
And even after the steps are finished, there can be
additional work needed to "clean" parts of each browser.
Removal tools don't make the browser 100% healthy on their
own, so more work is required.
*******
You know I'm not a malware repairman, but if you have
general questions about running the computer, I can assist.
Paul
P
Paul
Mark said:and also this:
Robert
Good find.
I didn't know whether you'd be able to get MBAM running.
Suptab. And it mentions PluginService as well.
I can find some of the same files mentioned in this
article.
http://www.bleepingcomputer.com/virus-removal/remove-webssearches.com-browser-hijacker
It's just impossible to keep track of these things.
Were there two threats in that page, or just one ?
*******
If MBAM can remove it, give it a try.
Maybe the Findopolis is tied into that somehow, but MBAM
doesn't see Findopolis ?
Paul
M
Mark Twain
Hello Paul,
I've run all my scans and deleted selected items but the virus (Pup.Optional) keeps returning and if you'll note it resides in the Registry keys. Everyday it's the same thing; Java pops open my Admin password box and asks if I want to download it and I answer NO. I then get a notification on the system tray on the lower right that Java has updates.
Here are the results from the Malwarebytes scan of today:
Avast:
SuperAntiSpyware:
Thoughts/suggestions,
Robert
I've run all my scans and deleted selected items but the virus (Pup.Optional) keeps returning and if you'll note it resides in the Registry keys. Everyday it's the same thing; Java pops open my Admin password box and asks if I want to download it and I answer NO. I then get a notification on the system tray on the lower right that Java has updates.
Here are the results from the Malwarebytes scan of today:
Avast:
SuperAntiSpyware:
Thoughts/suggestions,
Robert
P
Paul
Mark said:Hello Paul,
I've run all my scans and deleted selected items but the virus (Pup.Optional) keeps returning and if you'll note it resides in the Registry keys. Everyday it's the same thing; Java pops open my Admin password box and asks if I want to download it and I answer NO. I then get a notification on the system tray on the lower right that Java has updates.
Here are the results from the Malwarebytes scan of today:
Avast:
SuperAntiSpyware:
Thoughts/suggestions,
Robert
Well, I'd take a look with Autoruns, and see if any
suspicious thing is set to run at startup.
http://technet.microsoft.com/en-us/sysinternals/bb963902
I would also visit the Control Panel thing, see if there
is an Administration icon, and in that folder should be
"Services". I would click the Services and look at the
list for anything suspicious. Perhaps a thing in there,
the associated executable isn't in a regular windows folder.
But points to some other place.
What I don't know about this Suptab thing, is how many
other things come with it, if there are variants and so on.
*******
I provided this link before, and what is interesting, is one
of your CLSID registry keys, is referenced in the Hijack This
log on the page. And yet, when I searched for that CLSID number
in search engines, I got... nothing. Which predicts that if I
want help, the search engines aren't guaranteed to find all
the articles on this topic. The CLSID in question should
have got indexed.
(A removal recipe, but can't be sure it's exactly the same as yours)
http://www.bleepingcomputer.com/virus-removal/remove-webssearches.com-browser-hijacker
Now, that page says there is some code running right now,
that tries to keep this infection in place. And the "RKill"
program is available to try to kill the executable. You
could then try clicking the cleaning button on MBAM again.
If you look at that web page, near the bottom, there is a
list of files for the infection. Notice that your MBAM list
is shorter than that list. For some reason, MBAM isn't finding
all the files ???
*******
One other tool I saw mentioned, was Revo Uninstaller.
http://www.revouninstaller.com/revo_uninstaller_free_download.html
(Download link gives revosetup.exe)
But the usage of that, implies a regular installer was used
to put this on the computer in the first place. And information
remains, on what to uninstall. I've never used Revo Uninstaller,
to know what it would show in the display.
There is a brief rundown of Revo Uninstaller here.
http://en.wikipedia.org/wiki/Revo_Uninstaller
Paul
X
XP Guy
Ken Blake said:
The same as we've always heard, and as usual is completely bogus.
It's the "Emperor's New Clothes" argument when it comes to NT-based
Windoze.
Newer is always better.
You always have to have newer.
Ignore the Secunia reports showing hundreds of vulnerabilities for
Windoze 7 and 8. They mean nothing.
Ignore the increasing lock-down of each new version - to make it "more
secure".
Ignore the POS2009 hack for XP (or can you, Ken, explain why that
doesn't make XP as secure as 7/8)?
M
Mark Twain
Hello Paul,
Auto runs show two downloads which one should I use? The one
on the right or the one in the center?
Thanks,
Robert
Auto runs show two downloads which one should I use? The one
on the right or the one in the center?
Thanks,
Robert
P
Paul
Mark said:
The one in the center is the one I use.
Paul
M
Mark Twain
Hello Paul,
Here are the results of the Autoruns:
Robert
Here are the results of the Autoruns:
Robert
P
Paul
Mark said:Hello Paul,
Here are the results of the Autoruns:
Robert
On your first screen, HOSTS Anti-PUPS/Adwares is supposed
to be a good guy. I've never heard of it before. I cannot
verify whether the "fst_us_208" thing which is missing,
is important for that, or isn't even part of it. The only
reference to it I can find, the thread is broken so I can't
read it. You would want to make the screen wider on the first
picture, and check the C:\Programs... file name and figure
out from that where it came from.
http://www.systemlookup.com/search....arch-chrome&search=HOSTS_Anti-Adware_main.exe
In the second picture, the scriptproxy entries may have
something to do with McAfee. The yellow and pink entries
in the Task Scheduler section, I can't read the file
names on those, so can't guess whether they're important or
not. A Task Scheduler entry, could put the malware back
at a future date, if the executable file pointed to contains
its installer. (The Andrea one is probably OK, as I have
an Andrea one here installed as part of the audio chip
package. It's for the Andrea beamforming microphone you can
buy. In other words, a perfectly pointless piece of software
for most people to be running.)
In the third picture, mcmpfsvc is the McAdee Personal Firewall Service.
Maybe you had McAfee at one time but removed it. Below that
are two *interesting* entries "Update findopolis" and "Util findopolis".
You could try unticking those boxes.
In the fourth picture, the "Catchme" Bluetooth entry points to
C:\Combofix, so presumably that was something which was quarantined.
It's weird that a registry entry would be left that points to it.
Since the file can't be found, it's not hurting anything.
Again in the fourth picture, the "OMCI" OpenHCL port driver is bogus,
but the file doesn't exist. Presumably you were attacked at one time
by a fake Firewire driver. You could untick that one if you want,
shouldn't hurt anything. A valid name might have been "OHCI". The
file was stored in C:\Windows.
Being a Dell, your machine is littered with drivers that don't belong
there. The Dell is ready for, say, a PERC card to be plugged into
it, and it would work immediately. When a home user builds a computer
and installs drivers, only the drivers absolutely necessary end up in
the Windows folder. When Dell or HP build a computer, they throw the
kitchen sink in there.
It's not just the yellow or pink entries you have to worry about.
The Findopolis ones were white (and missing a description field),
and those are the ones I'm really looking for. The yellow ones
are more curiosities than anything else.
On the fifth page, your BootExecute has an entry, but the file
is missing. "sdnclean64.exe" could be a remnant from one of
the cleaning steps you've used in the past. A google search
says it is "Spybot Search & Destroy: Native File Remover", so
Spybot will put sdnclean64 back when it is removing stuff. BootExecute
executes early in the boot sequence, and allows un-deleteable files
to be removed at system startup. BootExecute would normally host
commands like "CHKDSK" to repair the C: partition if needed.
BootExecute can hold multiple commands, so it's possible for
Spybot to sandwich in its command, without interfering with
other commands running in the same time slot.
On the fifth page, the BVTConsumer is some sort of WMI script
used by Microsoft.
http://pcsxcetrasupport3.wordpress.com/2011/10/23/event-10-mystery-solved/
"Traveling back thru this process we find out that when
something pushes the processor over 99% utilization then
it triggers the script "cscript KernCap.vbs" which is supposed
to be in the C:\\tools\\kernrate folder."
A viewer can be used, to collect the information from the kernrate
folder. But since the file is missing, then that (yellow) entry
should not be triggering.
http://blogs.msdn.com/b/adioltean/archive/2004/12/21/329321.aspx
*******
Conclusion: Only the Findopolis ones are worth unticking. I know
after a reboot, the tick marks will go back, because
that is how malware and PUPS work. It's very hard to
nail these things!
The computer can put malware back, for many reasons. A process or
svchost entry, can do repair work while the system is running. Things
like RKill program, attempt to stop that. When the system is headed
for shutdown, it's possible for things to run at shutdown, to undo
your good work. And when the system starts up, the things displayed
in the Autoruns can fix things. Like something stuffed into the
BootExecute entry, is a perfect place to hide. And once the
computer is running again, a repetitive entry in the Task Scheduler
part of Autoruns, can run and perform malware repair work. It's very
difficult to hit all these things, in the right sequence, so they
can't put themselves back. If it was easy, MBAM would have removed
it. Or AdwCleaner for that matter.
I have done only a cursory examination, because the file names
are not visible in your pictures. But even if the file name
was visible, it's also possible for malware to use the same
name and file path, as a real file. Which makes it rather
difficult to decide anything, when skimming through the entries.
The only good thing, is finding the two Findopolis entries. At
least you get to tick those, and test with a reboot, and see
if they come back
Paul
M
Mark Twain
Hell Paul,
Here's what I've done:
I was able to delete updatefindopolis and utilfindopolis
but am unable to find mcmpfsvc to delete it.
I do know that if I use Combo fix (which I have) that I
need to delete it afterwards so perhaps its pointing to
some text? I couldn't find the 'OMCI' Open HCL port
driver.
The fst_us_208 was point to that free software so I deleted
it.
You mentioned Spybot, but I don't have Spybot installed,
although I use to.
Interesting reading on the BVT Consumer/WMI script
trigger
Well, I restarted the computer but the virus is still there
so at this point I think I'm going to post the problem to
Malwarebytes.
Thanks for the help and will keep you posted,
Robert
Here's what I've done:
I was able to delete updatefindopolis and utilfindopolis
but am unable to find mcmpfsvc to delete it.
I do know that if I use Combo fix (which I have) that I
need to delete it afterwards so perhaps its pointing to
some text? I couldn't find the 'OMCI' Open HCL port
driver.
The fst_us_208 was point to that free software so I deleted
it.
You mentioned Spybot, but I don't have Spybot installed,
although I use to.
Interesting reading on the BVT Consumer/WMI script
trigger
Well, I restarted the computer but the virus is still there
so at this point I think I'm going to post the problem to
Malwarebytes.
Thanks for the help and will keep you posted,
Robert
P
Paul
Mark said:
So you'll probably be showing them your list
of "suptab" files. Maybe they'll know what variant
this is. Good luck.
Paul
M
Mark Twain
Once I get over this virus problem;
With your discussion about home built systems vs Dell/HP
(kitchen sinks) is there a program or way of eliminating or
tailoring those non-essential drivers so that I can make
my system more of a home built system?
Thankfully, the 8200 is still up and running and I'm still
able to function with the 8500.
I'll keep you posted,
Robert
With your discussion about home built systems vs Dell/HP
(kitchen sinks) is there a program or way of eliminating or
tailoring those non-essential drivers so that I can make
my system more of a home built system?
Thankfully, the 8200 is still up and running and I'm still
able to function with the 8500.
I'll keep you posted,
Robert
P
Paul
Mark said:
On my Windows 7 laptop, I used the COA key on the sticker. Then
took a regular Windows 7 installer DVD and reinstalled the operating
system. The installer DVD is one from Microsoft. In that way,
I was able to remove all traces of the Acer added stuff.
It's not a big deal that those files are present on the Dell
install. Just that it makes your task (looking through Autoruns
for suspicious stuff) a little tougher.
Paul
M
Motor T
You can also go to:> http://www.spywarehammer.com/.
You start a session and they work with you all the way thru it.
M
Mark Twain
As a fellow Vet (Navy) I want to thank you for
your service.
Robert
M
Mark Twain
Hello Paul,
I have been working on my virus problem
and would like you to take a look at the
programs he gave me to install (near the
end) and if you know anything about them?
https://forums.malwarebytes.org/index.php?/topic/155518-my-computer-is-infected/
Thanks,
Robert
I have been working on my virus problem
and would like you to take a look at the
programs he gave me to install (near the
end) and if you know anything about them?
https://forums.malwarebytes.org/index.php?/topic/155518-my-computer-is-infected/
Thanks,
Robert
P
Paul
Mark said:
OK, I'm going to give you an overview of what happened.
1) You present symptoms. Good so far. A few too many
pictures perhaps.
Let's look at this picture.
https://forums.malwarebytes.org/uploads/monthly_08_2014/post-156944-0-17427700-1408570599.jpg
Autoruns...
Eleventh tick box down says "SunJavaUpdate".
Check the program path (which I cannot read).
Knowing where the file is and its name, allows a
casual legitimacy check...
You can untick the box, in an attempt to avoid
the Java Update prompt. But, read on...
You could also examine your Control Panels for "Java"
with a colorful icon, and it has an "Update" tab. This
picture is small, so zoom in to see the "Update" tab.
Unticking the box there, should result in the line
disappearing the next time, when you review Autoruns.
OK, the other thing I get from the pictures, is
an actual Findopolis installed item. In the Program
Files folder, even with a BHO (browser helper object)
label and everything.
At the current time, you should have a look in Program Files
again, to see if the Findopolis is removed. At the very
least, any BHO should have been given the boot, even if
the folder itself is still sitting there.
2) TwinHeadEagle dumps his "standard text blurb" about
Piracy and P2P clients. People who use certain clients would
constant be infected, because much of the "merchandise"
on such channels is infected by the various kinds of black
hats. For example, steal a movie, get an exe instead.
Who knows how the movie got replaced with a malicious exe.
So that warning about P2P clients is delivered to all visitors,
and was not specifically about something you'd done.
He then gets you to run FRST. This is the first
"custom action and guided help" he provided.
Next, he didn't tell you to visit Programs and Features
in Control Panel, as that's where you would remove these
if it is possible to remove them. Some Adware can actually
be removed this way. So "Programs and Features" in Windows 7
Control Panels, is where you'd look.
First, go to Control Panel and uninstall following
(skip lines that cannot be uninstalled):
- FreeSoftToday 025.208
- Remote Desktop Access
- WindowsMangerProtect20.0.0.502
Next, he gets you to run Adwcleaner.
Next, he uses Farbar (FRST) and gives you a custom fixlist.
This is a text file, which can be opened in Notepad. And you
can see that much of what was detected is listed in here as things
for it to fix.
https://forums.malwarebytes.org/index.php?app=core&module=attach§ion=attach&attach_id=142954
After that comes Adwcleaner (which does its own scan and later, clean).
3) In Post #14, TwinHeadedEagle thinks he has cured your
problems. Now, FRST has a Quarantine folder, a file is still
in there, for your later scanning to "trip over" by accident.
In this picture
https://forums.malwarebytes.org/uploads/monthly_08_2014/post-156944-0-66539100-1409189383.jpg
the MalwareBytes is detecting the thing that FRST already
quarantined. That file would probably get deleted if FRST
was uninstalled or something. Or maybe you're supposed to
manually remove it. I would not panic, as it isn't hurting
anything there. Go to Control Panels, use the
Programs and Features, and see if Farbar has an entry
for removal.
I don't think it is intended to leave Farbar on the
computer forever. It is a guided help tool, gets fed a fixlist,
and you'd want a fresh copy the next time a guided help person
asks you to run it. It probably should not stay on the computer
when the problem is removed.
4) You reported:
I also contracted Win32:Eorezo - cy [pup] via a supposed
upgrade to Firefox. I was able to delete it and ran full
scans afterward twice and it appears clean.
I can get clean, complete, copies of Firefox from the FTP server.
This is the top level where I'd look for a copy...
ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/
This would be my selection, if installing on my Windows English setup.
I have navigated to the highest release number, identified Windows
and a US English download, then located the 34MB full installer.
This is as close as you can get, to a clean complete install. If
you had a brand new computer with no Firefox, this would install it,
and install it without any further download needed. I could carry
this in my Geek Squad bag and use it to put Firefox on client computers.
ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/32.0b9/win32/en-US/
( look for the big "Firefox Setup 32.0b9.exe" file )
Note that Mozilla doesn't really want us pounding their release FTP
server for regular installations. My point in showing you this
link and the domain it's on, is the principle of *Go to the site
that wrote the software*.
Do not accept copies of Firefox from some random (malicious)
download page. Not every green Download button is run by whitehats.
5) In Post #17, based on the evidence, TwinHeadedEagle thinks
you have a "Java" entry in your Programs and Features control
panel, and your Java installation is legitimate. That's why he
did not panic. He sees the Autoruns entry, and assumes it was
put there by a real copy of Java. If you don't need Java, you
could remove it. You could use the actual Java control panel,
to disable updates. You would do that *only* to prove that you
have control over the dialog popping up all the time. Java
really should be kept up to date.
a) Java is not fun and games. Only install it if you actually need it.
If the need for it has passed, *remove it* from Programs and
Features.
b) If you must have it on the computer, use the "Java" control
panel to configure it. Normally, you leave updates enabled,
because Java is subject to a lot of exploits that need to
be fixed immediately. Disabling updates, is to see if the
pesky Update dialog actually belongs to Java or not. Or is
some kind of scam.
c) If you don't know why Java is on the computer, remove it
and see what breaks. Seriously.
d) If you need to reinstall it, the Oracle site offers infected
and non-infected downloads.
Top level:
http://www.oracle.com/technetwork/java/javase/downloads/index.html
Look for JRE (Java Runtime). That is for end users.
That takes you to the next page.
http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html
The big ones (offline) are the safe ones. The one to use
depends on whether your Windows is 32 bit or 64 bit. Based
on the giant RAM memory your 8500 has, you want 64 bit, as
Dell would be silly to install anything other than an x64 OS.
Windows x86 Offline 32.17 MB jre-8u20-windows-i586.exe
Windows x64 91.68 MB jre-8u20-windows-x64.exe <---
You have to click the License Agreement box, before the
download links will work.
As far as I know, those are safe. I can't unpack them with
7ZIP any more, and I don't have time to use WINE to test them.
I'm getting hungry!
6) In Post #17, he wants you to use Delfix.
But if you have uninstalled Farbar, and cleaned out C:\FRST, that
would amount to largely the same thing. The only reason I hesitate to
use Delfix, is whether there will be side effects (damage to MBAM).
He also gives a list of other things.
TFC - "to clean unneeded temporary files."
You could probably do this with CCleaner, avoiding any usage
of Registry cleaning, and just cleaning temporary folders with it.
Malwarebytes' Anti-Malware - "to scan your system from time to time"
You're doing this already...
Malwarebytes' Anti-Exploit - "to prevent exploits"
That looks promising. Description is here.
http://www.bleepingcomputer.com/download/malwarebytes-anti-exploit/
There is a nice download button here, and this *is* the source.
https://www.malwarebytes.org/antiexploit/
My main problem with some of these programs, is whether they
cause side effects and prevent legit activities on the computer.
I don't want to recommend anything which will be nothing but a
PITA.
McShield - "to prevent infections spread by removable media."
If you don't move a lot of USB keys from machine to machine,
maybe you don't need this. Disabling the Autoplay stuff, the
Microsoft way, turns off USB but leaves CDROMs enabled. If you
use U3 USB sticks (equipped with U3 software), those prevent
fake CDROM images, so can fool Microsoft's idea of protection.
I expect McShield turns it all off.
CryptoPrevent - "to secure yourself from CryptoLocker infection."
Cryptolocker makes it impossible to open your data files,
and they demand a "ransom" of $200 to get the files back.
CryptoPrevent initially started as a tool to install "Software
Restriction Policies", to prevent the bad software from running
the built-in system encryption tools. This was a good idea. The
tool adds a couple hundred rules to the Registry.
Reading the description now though, the feature set of
CryptoPrevent has expanded. It is more intrusive. It could
have side effects. The initial program design probably wasn't
all that bad. Reading the description now, I'd just pass on this.
Maybe a power user with years of experience could use this,
but once they try to do too much for you, then it's
"Why doesn't my XYZ program work any more?". And we don't
want that to happen.
Unchecky - "to prevent from installing additional foistware,
implemented in legitimate installations."
A nice idea, but likely needs to be updated once in a while
to be effective. The changelog hints at it being constantly
improved.
http://unchecky.com/changelog
FileHippo.com Update Checker - "to keep your programs up-to-date."
The only problem with this idea, is where do the
updates come from ? Are they safe ? I would get the
actual updates from a site other than FileHippo.
I like to trace as close to the source as possible,
to avoid the stinking toolbars.
If you want to run the program and just write down on a piece
of paper, what needs updating, that would be OK. Your AV scanner
will examine this program, when you download it.
Adblock - "to surf the web without annoying ads!"
Yet his link shows AdBlock Plus, which is a different thing.
https://adblockplus.org/en/chrome <--- his link
Adblock, is described here.
http://en.wikipedia.org/wiki/Adblock
(Product main web site is here - https://getadblock.com
Use a modern browser to view the site... )
Adblock Plus (what he wants you to install), is described here.
http://en.wikipedia.org/wiki/Adblock_Plus
(Product main web site is here - https://adblockplus.org )
A concern here, would be side effects, and whether certain
sites would appear blocked when it comes to delivering their
actual content. If these tools put an icon in the browser
bar somewhere, you may be able to disable the stuff on a
per-site basis. I don't use either of the above...
I'm a "lightweight" protection guy. Of the list I'd
be interested in:
Malwarebytes' Anti-Exploit (find a review for it somewhere!)
McShield (if you use USB flash keys a lot)
Unchecky (may help you get one less toolbar...)
You already know and use MBAM, and for the others, I'm worried
there would be side effects and then you wouldn't know what
to switch off. We don't want to turn your computer into
something that looks like the control panel on a 747 airplane
HTH,
Paul