Spyware Warrior

[FatalChopstix]

I have the following security programs on my computer:

SUPERAntiSpyware
PC Tools Firewall Plus
ThreatFire
avast! Home Edition

From what I understand, you're not supposed to have two Antivirus programs, and that Antispyware and Antivirus are two different things. So, I assume SUPERAntispyware is an Antispyware program and avast! Home Edition is an Antivirus program. Is this correct,
or is there too much protection on my computer? And avast! scans rather very slowly, is that abnormal? Please let me know, thanks

[roger_m]

Generally you should never have more than one antivirus program installed, as the real time protection from the two program can conflict and cause a blue screen of death or Windows to freeze.

You shouldn't have any problems with your setup.

Avast does has spyware detection as well as virus detection, but I'm not sure how well it works. But it find to both Avasy and SuperAntiSpyware installed.

I think Avast scans are a bit slow, but the realtime protection should not have any major impact on system performance.

ThreatFire is useful because it can intercept malware before it infects your computer.

[FatalChopstix]

Alright. Well, is there another antivirus program you would recommend? Avast seems to be too slow

[roger_m]

Is it slowing down your computer just having the realtime protection running, or are you talking about doing a manual virus scan?

[FatalChopstix]

Well, when I manually scan Avast, it scans extremely slow. But the realtime protection doesn't appear to be slowing down my computer, but I dunno. Maybe another AntiVirus program is more compatible with my computer, but then again, I used to have Avira on this computer and it also scanned really slow. It took, if I'm not mistaken, about an hour or a little more but if that's normal then let me know. And if you have any idea about why it scans slow, then please also let me know. Thank you for your input

[roger_m]

I wouldn't worry about the slow scans, just start a scan when you are aren't going to be using your computer for a while.

Avast can be configured to not alert you every time it finds a threat during a scan. but just give a report when the scan is finished - and from there you can remove any found viruses.

If the realtime proection isn't slowing down your computer then I see no need to switch to a different antivirus program.

[wyrmrider]

Hi
With avast free you set the alearts after the first baddies is found just ignore and "remember this decision"
Only the paid version allows you to automatically defer action
Scans may be slow- to you have the full scan option checked?
This is not necessary after the first scan
als
with the real time scanner you do not have to do on demand scans very often- like once a month unless you are into unsafe surfing.

Unless you have Super Anti Spy PAID you have no real time component- just an on demand scanner which will not conflict with anything
a hosts file and spywareblaster would add another layer of protection with no impact on performance

[FatalChopstix]

Alright, thanks

[Osage]

To Fatalchopstix,

I have to feel you are getting good advice from both roger m and
wyrmrider. And while there is lots of advice on what programs to use, there is no magic formula or right answers, its more risk reward problem, and like all of us, you hope you can wall the bad guys out.

And as as self professed newbie, you are just starting to learn about the vast subject of computer security. And have come to a good forum to learn, if you will take the time to read back posts, because in the end, computer security is better described as a way of life than any set formula. Its a sad fact of life, the bad guys get to shoot at us and we can't shoot back, all we can do is make it as hard as possible for them to hit us. And as the bad guys get smarter, so do we, and keeping up to date is best done with this and other security forums.

The first thing I would question about your security set up is the use of the PC tools firewall, its not very highly rated, and something like the Comodo3 freware firewall, or the online armor freeware firewall would give you better protection IMHO.

After that, I would recommend you get some process control program to warn you if some malware tries to install, and if it can't install, it can't infect. And I have to agree with the host file and spyware blaster recommendation.

Then just keep reading and learning, be willing to try new things as you learn more, as for virus scans, just do them in the background while you surf, most modern computers are more than fast enough to do both.

[FatalChopstix]

Thanks for the info. Osage

[wyrmrider]

Not to overwhelm a newbie
welcome to Spyware Warrior
keep up the questions
A real time anti-spyware can be run con-currently with Avast
(which is the best free IMHO) (define free- ok not bloated like AVG however Antivir also works well but not enough difference to warrant a change

Some housekeeping
did your pc come installed with an AV or suite like Norton or McAfee?
answer up and we will fix some of the incompatibility problems which may be giving you that slow feeling

Today
Run Secunia Software Inspector - Secunia website- free
get everything updated
if your Java is out of date and even if it is not remove ALL old java
old javas are vulnerable if installed and they do not self uninstall with updates- remove old java's first
write back if this is the case and we'll give you some tips

next time we can talk about some real time anti malware- anti spyware free and compatible programs- but first things first

[FatalChopstix]

Alright, I'll be sure to let you know wyrm . I'll be replying as soon as possible. One thing to note though, I followed the suggestion to use spywareblaster and Comodo firewall. So I uninstalled PC Tools Firewall Plus and SUPERAntiSpyware. Comodo wanted to do a scan after my initial installation, so I let it do it. I left the house and went somewhere and came back, and the scan took 2 hours with only 170k files or so. Now to me that's insane but maybe that's normal? I deleted the malware it detected and attempted to close the Comodo box. It closed and then I went to click Firefox, the computer froze. Completely. I had to manually restart the computer, and it booted up. When doing so a screen came up before the desktop screen and it said "Please wait..." only for a second though, but I had never seen that screen before so idk. Anyhow the desktop screen came up, and it was like Comodo had never been installed, period. Only the setup was there, and Comodo wasn't. Weird. And I noticed in the bottom-left toolbar that shows your tabs, I looked at my internet connection. It had a yellow box with an exclamation mark in it, and it said it had little to no connectivity, but I dunno. Any thoughts? I'm typing from a different computer, not the one that's having problems.

[FatalChopstix]

Excuse me, I meant bottom-right toolbar, sorry

[wyrmrider]

best uninstall comodo and reinstall and not do the scan (although I've never had a problem with it)
also uncheck any toolbar add ons

ps
The avast forum is VERY responsive
I've always gotten prompt answers from Comodo and I'm sure they would be interested in your "incident"

Incidentally- rollback?

also no reason to or not to uninstall SAS
aside from the updater- which you can turn off- it just sits there waiting for an on-demand scan

MBAM is less visible- the little SAS type bug does not pop up
it is also an excellent on demand scanner
heck- I keep both loaded up just in case on my xp machines
some nasties break your connection so you cannot easily download when you need them most

With all these programs- watch for False Positive Hits
Google up anything suspicions
always quarantine (avast move to chest) do not just remove -delete
exceptions makes the rule- with MBAM you do click "remove" but it makes a backup anyway

[Osage]

To fatalchopstix,

I am fairly familiar with comodo3, and it can be fairly intimidating to use for a total newbie, especially if you select the wrong options.

But without defining exactly, you hinted that you may be networked
and share the internet connection with other computers. And while all firewalls including the comodo3 tend to firewall out other computers on the network, comodo3 can be configured to play nice
with networks. Basically you open up comodo3, select the firewall tab at the top, go to the define my network zones icon, and then finish up by using the stealth port wizard icon to approve the network zone. But as wyrmrider said, you can get excellent help on the comodo forums.

As a definitive diagnosis, you can open up comodo3, select disable for the firewall, and see if the limited connectivity message goes away. Then do the same for D+. It beats the work of totally uninstalling it to get your answer to the is it the firewall or not question easily. And then you can re-enable the firewall, read comodo instructions with comodo forum help, and have a better experience.

But I think wyrmrider still has it correct, best uninstall comodo3, and its directory, and start fresh with a new copy when you are finished with the disable the firewall step, and you will be better prepared to reinstall it after knowing where you went wrong last time. And I do not believe its necessary to run its passive virus scan.

[FatalChopstix]

Sorry, but MBAM and SAS?

[Osage]

[FatalChopstix]

But Osage, wouldn't it be bad to have both SAS and MBAM on your computer? I mean, wouldn't they fight for the same resources, or do they scan for two different things. I would assume MBAM scans for Malware and such, but doesn't SAS as well?

[FatalChopstix]

Just to update but I've installed/uninstalled:

COMODO Internet Security
SpywareBlaster
MBAM
ThreatFire

Now, just a thought; do I need an Antivirus program, or is that what MBAM is? I mean it's obviously a malware remover, so I assume I need an Antivirus program now?

[FatalChopstix]

Malwarebytes' Anti-Malware 1.33
Database version: 1656
Windows 5.1.2600 Service Pack 3

1/15/2009 6:49:32 PM
mbam-log-2009-01-15 (18-49-32).txt

Scan type: Quick Scan
Objects scanned: 53575
Time elapsed: 9 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 8
Registry Data Items Infected: 4
Folders Infected: 3
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f58ff278-2198-403b-9170-c95022a194c6} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hiqmlqfsenh (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ASpyC (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wblogon (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\WinUpdater (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\WinUpdater\Temp (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\857060 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\WinUpdater\Temp\license.txt (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regsvr32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\ijjistarter2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Google\mjkspc.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSfxmp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

Well there's certainly trojans, and other nasty things on this computer. Unfortunately, the admin haven't replied to my HJT log . Hopefully it will be soon.

[roger_m]

It's not a problem having two or more antispyware programs installed as they don't integrate as deeply into the system as antivirus software so they won't make your system crash.

However if you are using ones with realtime protection, make sure it's only in one program so as not to slow down your computer too much.

[FatalChopstix]

Well roger, if I'm not mistaken, doesn't Threatfire, SpywareBlaster, and Comodo Internet Security have realtime protection?

[Oldfrog]

[FatalChopstix]

I see, thanks OldFrog

[wyrmrider]

Spyware Blaster and a Hosts file provide blacklists
which are checked when you access the internet
this is usually so much quicker than the internet access that you never notice
as Old Frog mentions they are not Active
MBAM also has an active forum for MBAM questions

Fatal
You can have as many of these passive programs as you wish
SAS-MBAM- Spybot search and destroy A- Squared etc
they just take up disk space till you use them
It's the load at boot up real time programs where you only want one

PS
I do not know what Comodo whatever it is you have but if it's antivirus would not be as good as AVAST
however - no more changes for the moment
please let us have a LIST of ALL the AV's which have EVER been installed since the last format

run that Secunia thing is more important than re-arranging the deck chairs on the titanic

[FatalChopstix]

once I scan with Secunia, then what do I need to do?

[wyrmrider]

Update everything that needs updating
especially java, adobe, ms office, etc

ps
you're doing good

[FatalChopstix]

Bah-Humbug.

When I scan with Secunia's online scanner, it says my Adobe Reader's out of date, and my Macromedia Player's out of date. I go on to update both, and install the latest version they have and it still says I have the same version I had before I installed it. Wtf. I restarted my computer, and it still said I had the previous version, so idk.

[Coldmoon]

[jamalt]

[mikey]

More signature spam!

The user makes his first post to an older thread where his comment has little relevance.

The site pitched in his sig is an affiliate for garbagewares. The affiliate links are hidden under 'hide-a-link' URLs. Example; hxxp://pinurl.com/n2y which is really hxxp://ibizonline.adalert.hop.clickbank.net/

Info for the blocklists;

03/12/09 11:36:48 Spade Log
Checking server [whois.onlinenic.com]

Results:

Registrant:

jamal taharin domain@malaysiahosting2u.com +60.123183125

jamal taharin

B-5-9 Kemensah Villa Condo, jalan melati indah 1, kemensah heights,

Kuala Lumpur,ulu klang,MY 52200


Domain Name:kookija.com

Record last updated at 2008-06-18 10:22:57

Record created on 2007/6/18

Record expired on 2009/6/18


Domain servers in listed order:

ns9.dns-exchange.net ns10.dns-exchange.net

Administrator:

name:(jamal taharin)

Email:(domain@malaysiahosting2u.com) tel-- +60.123183125

jamal taharin

B-5-9 Kemensah Villa Condo, jalan melati indah 1, kemensah heights,

\r

t Kuala Lumpur

ulu klang,

MY

zipcode:52200

Technical Contactor:

name:(jamal taharin)

Email:(domain@malaysiahosting2u.com) tel-- +60.123183125

jamal taharin

B-5-9 Kemensah Villa Condo, jalan melati indah 1, kemensah heights,

\r

t Kuala Lumpur

ulu klang,

MY

zipcode:52200

Billing Contactor:

name:(jamal taharin)

Email:(domain@malaysiahosting2u.com) tel-- +60.123183125

jamal taharin

B-5-9 Kemensah Villa Condo, jalan melati indah 1, kemensah heights,

\r

t Kuala Lumpur

ulu klang,

MY

zipcode:52200

Registration Service Provider:

name: *** MalaysiaHosting2u.com is NOT owner this domain ***

tel: +60.122888003

fax: +60.362725084

web:http://www.techavenue.net

03/12/09 11:41:53 dig kookija.com @ ns9.dns-exchange.net
Dig kookija.com@ns9.dns-exchange.net (202.190.197.134) ...
Authoritative Answer
Recursive queries supported by this server
Query for kookija.com type=255 class=1
kookija.com MX (Mail Exchanger) Priority: 10 mail.kookija.com
kookija.com TXT (Text Field)
v=spf1 a mx ip4:202.190.197.138 ?all
kookija.com A (Address) 202.190.197.135
kookija.com SOA (Zone of Authority)
Primary NS: ns9.dns-exchange.net
Responsible person: root@kookija.com
serial:2007061800
refresh:14400s (4 hours)
retry:3600s (60 minutes)
expire:1209600s (14 days)
minimum-ttl:86400s (24 hours)
kookija.com NS (Nameserver) ns9.dns-exchange.net
kookija.com NS (Nameserver) ns10.dns-exchange.net
mail.kookija.com A (Address) 202.190.197.135
ns9.dns-exchange.net A (Address) 202.190.197.134
ns10.dns-exchange.net A (Address) 2
_________________
-
W2K/2K3/XP/2K8/Vista/W7/RHE/DEBIAN/SUSE

Spyware/Adware is NOT freeware, it costs all of us dearly.

Mikey's Stuff

Fiddler and friends...essential web diagnostic, forensic, & development tools.
-

[suzi]

He's banned and the link removed. Good catch Mikey.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

[Harry Letterman]