Friday, April 3, 2009

Virus Issues

Recent Problems and Virus Information

Most of you know I work in the Technology Industry and that I pride myself on my knowledge of Security, Virus, Spyware and other Malware issues. This blog is not intended as a technology blog nor do I want to write about technology except for the Camera and Photography World. I do this to get away from the computer world as a means to relax.

As someone that Consults on these technologies I need to be aware of what is going on at all times and to keep up on news and on recent Security Threats which include new Viruses and Spyware concerns. Sometimes this news comes from special reports that are sent to me, sometimes from my searching out information on the Internet and sometimes first hand because I get called upon to help out other companies that have IT departments with specially nasty problems that they cannot resolve on their own.

This first hand knowledge is why I am posting this blog.

It is generally accepted in the IT Industry that Symantec Anti Virus Corporate Edition is the best corporate solution available. This is NOT to be confused with Symantec's Norton Anti Virus Program or Internet Security Suite.

In the Spyware World the two corporate big boys are Webroot Spy Sweeper and PCTools Spyware Doctor. I have promoted these products and written about these products and they are even recommended in another blog on this site now.

In the last three months I have encountered three separate computers at three separate companies that have been infected with particularly nasty Viruses/Spyware that have infected the systems via a Trojan. This infection seems to use a Rootkit technology of some kind to hide itself. In ALL three cases the systems had Symantec Anti Virus Corporate Edition and two had Web Root Spy Sweeper and the other had PCTools Spyware Doctor. In all cases Anti Malware programs were properly installed and all programs were fully updated using the most current versions and updates.

When I am given these systems I go through an assortment of Anti Virus and Anti Spyware programs to see how good they are and which ones will find the culprits. I keep notes and records of my findings and provide them to industry watchdogs.

The first of the three systems's I am speaking about could not be cleaned via any of the programs I tried and the list is fairly extensive.

Anti Virus Programs Tested
Avast Antivirus
ESET NOD32 Antivirus
F-Prot Anti Virus
Grisoft AVG
Kaspersky Anti-Virus Security*
McAfee Internet Security
Panda Anti Virus Pro
Symantec Anti Virus Corporate Edition
Trend Micro PC-Cillin

*Note: Kaspersky found something but could not do anything about it.

Anti Spyware Programs Tested
EMSI a-Squared
PCTools Spyware Doctor
Webroot Spy Sweeper
Lavasoft Ad-Aware
SpyBot Search & Destroy
Trend Micro RUBotted

Anti Rootkit Software Tested
Sophos Anti Rootkit
Panda Anti-Rootkit

**Rootkit Technologies have been built into some of the above Antivirus and Anti Spyware products.

Note than none of the programs found the culprit program. Several found traces of the program and removed the traces but upon reboot it was all back. Kaspersky did find something in a specific file but it could not do anything about it. It did turn out to be the problematic file. It was a System File that needed to be replaced with a good copy from another system and I had to clean this manually.

With the next two similar infections on the other two computers I first looked at the same file. In both cases the file was then a different one. In both cases Kaspersky could identify the infected system file but could not do anything about it.

Upon inspecting the second system I added STOPzilla Anti-Spyware and F-Secure Antivirus to the list of programs I tested. Both of these programs found the problems and removed them!

The third and final system was tested this week again with all of the above listed utilities and again ONLY F-Secure and STOPzilla found and removed the problems!

Several points here.

1. I have been in the industry for many many years now and it appears that the new kids on the block and sometime the under dogs seem t spend a ton of time and energy on making sure they can find and fix the most problems possible. The top dogs very often get lazy and spend more time marketing with the hype they are number one and more time creating new updated software that looks better with new packaging but tend to forget about the malware issues. Over the years I have seen many companies rise to the top and then quickly fall. When they are down they seem to put their efforts into finding malware again and then they rise to top levels again.

2. Even if you have the best rated and updated Antivirus and Anti Spyware programs you can still be infected. Running an occasional scan with another well rated free utility is a good idea.

3. Many of the problems come from FAKE Anti Spyware or FAKE Antivirus programs. You need to be very carefull and never ever click on a pop-up that you do not know about. There are sites that will cause pop-ups to appear on your computer that look like Windows Dialog Boxes and others that look like common antivirus programs telling you your system is infected and they ask if you would like to "Clean" or "dissinfect" your computer. You must NEVER answer YES or NO on these pop-ups. In order to infect your computer they need you to click on any button within the pop-up. You should only click on the X at the top right hand side of the pop-up and if there is none you should close all your apps and then just shut down your computer. Even if you X out you should re-boot your system and then you should update your Antivirus and Anti Spyware programs and then run a full scan with both to make sure your system is clean.

4. If you are not properly protected you may get infected by simply looking at the site without even getting a pop-up!

5. Always back up your systems before installing other programs as they may cause problems and may even kill your system. Also note that trying anything is done at your own risk. You do have a backup right?

6. See Note 5!! I would recommend that you download STOPzilla which is free to run but will require payment to resolve problems and it is a good deal at only $9.99 for a year. This should run fine with your existing Antivirus and Anti Spyware Programs. You can un-install it after you are done.

7. See Note 5!! If you think you have problems you can try F-Secure Anti Virus which is free for 30 days and will clean your system without any payment. F-Secure is a great product and it includes their famous Blacklight Rootkit Technology. Note however that you should never have two Antivirus programs on your system at one time and that you should un-install any existing anti virus program first. If F-Secure finds an Antivirus program it may un-install it for you but not always very well so you should do it your self. Make sure you have your original Antivirus software and any registration keys or Serial Numbers so that you can re-install it after you are done with F-Secure. Or, you can always buy F-Secure!

8. A WARNING. Many of these companies rely on other sites to help with distribution of software and bandwidth issues. The other sites in many cases have big ads for other products that you do NOT want. These ads have big "Download Now" buttons that make you think you are downloading the program you want only to find out you downloaded something else. Make sure you do not click on the ads or buttons within these ads.

9. If in doubt, get help! Again, always make sure you have a backup of your system or at least your important data as the process of removing nasty Viruses or Spyware can trash your system. Re-building your system (installing the Operating System and all the software can be costly). If you are not sure what you are doing, get professional help.

Current Recommended Products as of 09-04-02

Anti Spyware - STOPzilla Anti-Spyware - - (Click on the big green button and the download will start.)

Antivirus - F-Secure Anti Virus 2009 - - (Download only the Free Anti-Virus 2009 Trial Version, you will need to register with a real E-mail address and then you will get the link to do the download)

Note that these recommendations are for "Personal" use only. F-Secure does make a corporate version but I do not have any knowledge of STOPzilla in a corporate environment.

If you have any questions about any of the content in the post please ask. Note that I will not be helping out if you do have problems, please refer to your Computer Professional for specific help.

Disclaimer: Always make sure you backup your DATA before attempting to install any new programs or running any utilities, specially if you suspect you have a Virus or Spyware!! If you have any doubts or require any help, please call your computer specialist. Attempt any suggestions or recommendations in this blog at your own risk.

© 2009 Francois Cleroux

(Version 1.02 - April 2009)

Please feel free to leave comments, corrections, ideas, thoughts or suggestions.

1 comment:

  1. Do you know that some of antivirus are fakes that operates to steal our financial information?


I value thoughtful comments and suggestions. If you like or dislike this post, please let me know. If you have any ideas or suggestion, comments or corrections (I do make mistakes) please also let me know. Thanks.

- Francois Cleroux