Virus removal

[mbpark]

Quote:

Originally Posted by classicman

Where is MBPark when you need him... (taps foot)

I would get rid of Spyware Doctor. It honestly isn't that good. McAfee is good, but only if you get the corporate version.

I'd rip those out and get MalwareBytes and AVG. Seriously. Neither of the two is that good at all.

TW, I recommend you get the book Security Warrior so you can watch every supposition you just made about detecting malware get thrown out the window. I've seen malware that hides from Task Manager, netstat, and even anti-virus programs (McAfee, Symantec, Trend, and AVG). The code's been out there for years, and it's not just for Windows. UNIX users have had this problem for years, especially with kernel-level rootkits in Linux or UNIX that will "patch" the API calls.

This is a big reason why Microsoft re-wrote the Windows Kernel for Vista and Windows 7 to include ASLR (Address Space Layout Randomization), so it would be much harder to attack known holes via static memory locations. Apple will be including this in OS X 10.6 "Snow Leopard", OpenBSD has had this for years, and Linux has additional functionality to find it.

MalwareBytes does have some "interesting" technology to get rid of malware by checking for patched APIs by executables, and a known database of it. However, most anti-spyware programs get rid of cookies because of the privacy issue. Additionally, some installers out there do install adware/spyware, or share DLLs with them. Therefore, they get flagged as a false positive. I've seen Symantec and McAfee do it.

The best thing to do is to get the Ultimate Boot CD for Windows, use the AVG plug-in, grab the latest definitions, burn it to CD or USB, and use that to scan your machine in an offline state so that the machine can't initialize itself and the offending DLLs.