Up to date Malware Removal

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,275
Location
I am omnipresent
An almost word for word re-enactment of what happens every time my boss wants me to do something on her latop:

6z3mZac.jpg
 

snowhiker

Storage Freak Apprentice
Joined
Jul 5, 2007
Messages
1,668
LOL Merc.

I'm actually glad this topic came up again as I'd like everybody's opinion on the use of browser cookies. I tried blocking ALL cookies, except for banking, the few web forums I use, gmail, youtube, etc. Basically stuff I use all the time. But I eventually get some weird problem and sites don't work right. My trouble with Newegg for example. I was blocking a cookie which had a name that didn't instantly register with me as a "newegg" cookie so I blocked it, and was getting the browser redirect.

tl;dr Is blocking cookies a good anti-malware strategy or just a PITA and not worth it.

THANKS.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,275
Location
I am omnipresent
Cookies aren't intrinsically bad and insofar as there might be any real concerns that come from them, it's related to privacy much moreso than security. There's really nothing IN a normal cookie to cause a problem and frankly if they're doing something weird with data from third party sites, it's far, far more likely to be manipulation of an active session in an XSS attack than your browsing history at Amazon. I'm really not aware of any serious anti-standard-cookies security experts. There are also Flash cookies and ISP session cookies and those are both different things that I don't think anyone really likes.

I think the best course of action, if you're concerned about privacy, is to use Noscript (whitelist as you go!), Ghostery and Adblock Plus on Firefox. Do most of your everyday browsing in a Private Window
 

Clocker

Storage? I am Storage!
Joined
Jan 14, 2002
Messages
3,554
Location
USA
My Mom's new laptop needs some type of AV software. Free is preferred. AVG Free 2015 is on it now. I see it has the bad habit of trying to change the default search provider and home page. Is there a better free option or a good inexpensive pay option for her?

Thanks!
 

sedrosken

Florida Man
Joined
Nov 20, 2013
Messages
1,811
Location
Eglin AFB Area
Website
sedrosken.xyz
Funny. AVG Free never used to do that to me, although admittedly I did get up close and personal with the settings.I don't remember that ever having been a problem, though. Where'd you get that copy? If it was from cnet, kill it with fire.
 

Stereodude

Not really a
Joined
Jan 22, 2002
Messages
10,865
Location
Michigan
The various free AV solutions continue to get more and more aggressive and annoying. MS Essentials looks better and better.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,275
Location
I am omnipresent
My Mom's new laptop needs some type of AV software. Free is preferred. AVG Free 2015 is on it now. I see it has the bad habit of trying to change the default search provider and home page. Is there a better free option or a good inexpensive pay option for her?

AVG is heavyweight to approximately the same degree as an aircraft carrier's anchor and its default behavior to do a daily virus scan, most likely as part of system startup (i.e. "Please let us make the first 45 minutes you spend on your computer today the worst experience possible."), does not help matters. The branded AVG toolbar is NOT removed by the supposedly all-purpose AVG removal tool and a couple of the other detection/removal programs I use actually treat it as malware.

I recommend Avast Free. Avast should be installed manually. I typically don't bother with the Mail shield and I un-check all the optional tools except Rescue Disk and Browser Cleanup. The for-pay version of Avast is an actively inferior product. I'm not sure which module is problematic, but something it does introduces huge slowdowns on machines where it's installed. Avira is still an option on the table, but for as increasingly obnoxious as Avast has gotten, I still think it's less annoying than Avira.

One nice thing about the very latest Avast update: It no longer makes users enter a name and Email address to register.

As far as paid options: Kaspersky for the paranoid owners of extremely fast computers; NOD32, Vipre and f-prot all seem to be pretty good otherwise.

Whatever you do needs to be combined with adblocking (specifically adding the Malware Domains blocklist) and with Spybot's immunizations at a minimum.

Stereodude said:
The various free AV solutions continue to get more and more aggressive and annoying. MS Essentials looks better and better.

MSE on Windows 7 is not antivirus software, no matter how Microsoft has pitched it. It's anti-malware, and even for that it's not very effective. As a safety measure, I'd liken it to seatbelts on an airplane.
 

Clocker

Storage? I am Storage!
Joined
Jan 14, 2002
Messages
3,554
Location
USA
Thanks guys. The AVG version I have is the latest from their website. With its latest 'update' it changed the default search and added some toolbar. In the following update I believe it tried to do it again but I found the option to avoid the changes. I'm sure my mom is not savvy enough to not let it happen though, next time.

She has Win8.1 64-bit with 4gb of RAM, btw. I'll give Avast a shot. Wish I could find a good deal on nod32 since I use it . But then again, I don't want her to have bother with updating her subscription etc. when it expires. I'd like to set it and forget it.
 

Clocker

Storage? I am Storage!
Joined
Jan 14, 2002
Messages
3,554
Location
USA
Merc- Could you explain how to do "adding the Malware Domains blocklist" further. I visited their website and don't quite understand how it works.

I have Adblock Plus with EasyList installed & Avast. So far so good. :)
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,275
Location
I am omnipresent
You can search for "abp subs." On first install, Adblock Plus asks if you want the Social Blocking and Malware Domains lists, but many people don't scroll down far enough to see that and just close that tab. The full list I use is Easylist, Adblock Warning Removal (for sites that bitch at you for having ABP), Fanboy's Annoyances, Malware Domains and Code 404. I also turn off non-intrusive ads, which cleans up Google Searches, and install the Element Hiding Helper, which is useful for hunting down Javascript based-fuckery.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,275
Location
I am omnipresent
In my system images and classroom PCs, I've also gone ahead and impregnated the Default User account with properly configured Adblock Plus settings for Firefox and Chrome. If those browsers are installed (and on a machine I'm responsible for, they are), stuff is configured beforehand for everyone always. Since the size of organizations I'm dealing with is typically not large enough to have full-blown desktop management in place, figuring out where to stick the .xpi and .crx and associated user settings was well worth the time.

I really wish ABP had a unified installer for multiple browsers and some kind of enterprise management. ABP's devs solicited request for comment on how admins are managing it now and the response I got back was basically "We figure the IT guys who are pushing this stuff out are smart enough to figure out their own ways to do it." But that doesn't mean it couldn't be easier.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,275
Location
I am omnipresent
The grab bag works. Do not knock the grab bag. It also scales very well to the hardware capabilities of the client. It's relatively lightweight overall, but components can be omitted for older or limited-use systems, whereas integrated security products are more or less designed for hardware less than probably five years old.
 

snowhiker

Storage Freak Apprentice
Joined
Jul 5, 2007
Messages
1,668
Yesterday I logged into my Hotmail account that I've had since the 90's (check it once/month) and was hit with a shit-storm of "Hotmail wants to create cookie XYZ" because I had "don't accept cookies" checked in Firefox. There must have been 25+ dialog boxes stacked on top of each other. You can't close the tab with those dialogs open. I'd click the "no cookie for you" button and 2-5 more would pop up. No matter what I did, more would pop up. Not a simple re-direct to a page saying cookies must be allowed for site to work. No. Just kept shoveling cookie requests at me. Annoying as F. I gave up and allowed cookies so I could continue with log in. I guess some sites are more annoying than others. Sigh.
 

Santilli

Hairy Aussie
Joined
Jan 27, 2002
Messages
5,278
Thanks, all.

Ran the data thread app and it gave me a bunch of stuff from drop box, related to my pictures. Removed them.
Dropbox still works fine.

Other then that, pretty much all system stuff.

Using Nod 32, version 8, and haven't had anything in a long time.

Using Firefox with the suggestions from Mercutio, and IE. Use IE only for Twitter and work stuff. For some reason, Firefox won't let me log into Twitter.

Also using Pale Moon, for just a few things.

Got rid of Chrome, since it ran constantly in the background, by default, and I missed that option to uncheck on the install.

Couldn't remove it for awhile, and I was having a hard time setting up Thunderbird to do emails out of IE, since Chrome had taken that function, on install, for itself, and would not allow me to remove it as the default app for sending emails, default programs. Problem is, Chrome didn't allow sending emails, it just opened a new window in Chrome, when I wanted to email from IE???
 

sedrosken

Florida Man
Joined
Nov 20, 2013
Messages
1,811
Location
Eglin AFB Area
Website
sedrosken.xyz
Chrome's systray icon allows for the stopping of background processes in its right-click menu, or at least it did the last time I installed it (about a month ago). It doesn't give you the option during the install process, to my knowledge. Yes, it's stupid.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,275
Location
I am omnipresent
As an interesting alternative to Adblock Plus, uBlock really does seem to be substantially more efficient for RAM utilization, sometimes by as much as 30%. Its installation procedure also includes the ability to select all of the additional lists I mentioned without any extra navigation.

I'm not sure I want to change my overall documented procedure, since there's a value in the consistency of saying "Install Adblock Plus in every browser" rather that "Install ABP in IE and ublock in Firefox and Chrome", but you guys might like to know about it if you didn't already.
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,926
Location
USA
I've read a bunch of good reviews and recommendations but haven't bothered switching over to it yet.
 

Tea

Storage? I am Storage!
Joined
Jan 15, 2002
Messages
3,749
Location
27a No Fixed Address, Oz.
Website
www.redhill.net.au
Good thread.

My cleanup routine varies with the circumstances, but it typically goes something like:

1: quick & easy stuff to make it usable while I do the real work: take out the most obnoxious start-ups with MSCONFIG and add/remove programs. (Some machines are too bad for this, but it's OK on most.)

2: knock out everything I don't like with .. er ... the program I usually use to knock out everything I don't like. Can't think of its name. Use it all the time, but I don't have my rescue toolkit handy and I'm having a senior moment. Was an independent (free) product, Microsoft bought it out. Still good, surprisingly enough. Works rather like the old Hijackthis.

3: reboot and run Superantispyware through it.

4: reboot and run Malwarebytes

5: reboot and run Adwcleaner. (Sometimes I skip Malwarebytes, sometimes not.)

6: Use Can'trememberthenameoftheprogram again, just to check.

7: Remove any and all browser add-ins unless I trust them and it's Tuesday.

8: Reset any and all search engine and home page settings.

9: Check. Test.

10: Check again. Test again.

Oh, and I often start (call it step zero) by removing the drive and using a known good machine to scan it with Bullguard.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,275
Location
I am omnipresent
I usually run adwcleaner FIRST because it's a five-minute scan on even shitty hardware. While it's running, I install/update the other crap I want. I actually have a script that pulls down the latest version of the MVPS hosts file, puts ABP in its common location in Firefox and runs the installer for ABP IE and installs Chocolatey and Spywareblaster. I keep up to date copies of Avast, Malwarebytes and Spybot on a flash drive (along with Norton, AVG and Mcafee removal tools) since they're a little too big for me to wait on their respective downloads.

"Scripting" isn't really that big of a deal. I'm just running a lot of wget commands. time was ragging on me up-thread for my process having so many steps but I've not found a single comprehensive cleanup tool that works worth a crap, but at least I've automated the process of getting almost all the stuff I need in place so that I can work.

I haven't tried Handy's tronscript thing yet. Maybe it's better.
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,926
Location
USA
I haven't tried TronScript yet either so I can't say it is better than the process you and others have been refining over all these years. It does seem similar to the steps that Tea has outlined. I might fire up a VM this weekend and just try it to see what happens.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,275
Location
I am omnipresent
I am going to say this in this thread also, since I just had it kind of save my ass: Forticlient is a big-boy grown-up Antivirus application that runs on Windows Server editions and does not cost money. One of my co-workers nearly hosed my production VM host with a Flash drive full of Autoplay Trojan crap this morning, but instead of having to murder her for that, I only have to beat her with my User Readjustment Tool for putting a flash drive in a production server in the first place.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,275
Location
I am omnipresent
It's straight up AV with limited antimalware, a web filter and a VPN client. The web filter can be configured to your needs or shut off. I think actual multiple-system management needs Fortigate, but since I'm not putting it on client machines I don't care so much about that part. The bottom of the application interface is an ad for the paid product, but it doesn't generate any pop ups or the like.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,275
Location
I am omnipresent
OK. It turns out that the very difficult to diagnose occasional instant-spikes-to-100% usage-of-all-cores hard locks on my SQL Server development machine were being caused by a deeply terrible interaction between it and Forticlient. No more Forticlient on things that are kind of important.
 

snowhiker

Storage Freak Apprentice
Joined
Jul 5, 2007
Messages
1,668
Mom had a dialog box with this on here computer today:

Cox+Communications Customer, your system has detected possible Suspicious Activity. Please call the toll-free number below for a Microsoft-Certified technician to help you resolve the issue:

1-855-410-9169.

For your safety, please do not open internet browser to avoid data corruption to the registry of youroperating system.

Please contact support at the toll-free Helpline 1-855-410-9169

PLEASE DO NOT SHUT DOWN OR RESTART THE COMPUTER, DOING THAT MAY LEAD TO DATA LOSS AND POSSIBLE FAILIURE OF THE OPERATING SYSTEM, AND POTENTIAL NON BOOTABLE SITUATION RESULTING IN COMPLETE DATA LOSS. CONTACT MICROSOFT CERTIFIED TECHNICIANS TO RESOLVE THE ISSUE CALLING TOLL FREE - 1-855-410-9169

Tollfree Helpline: 1-855-410-9169

.
.
.
.

The above block of text was repeated about 5-6 times. I copied and pasted the error then I ended the task and rebooted. Everything seems fine on her machine. I had Spybot Immunizations, and Spywareblaster Protections active and up-to-date.

Only problem now is that MS Security Essentials errors out when I try to update it. I should probably just delete it. I don't know if its failure is related to the problem above.

I told her it's bullshit. She was worried and didn't want to touch the machine till I looked at it. Sigh.

In case you missed the phone number it's 1-855-410-9169. LMAO.
 

snowhiker

Storage Freak Apprentice
Joined
Jul 5, 2007
Messages
1,668
Was it a browser pop or true windows dialog box?

Not sure to be honest. It didn't seem like a "correct" windows dialog box, so I suspect a browser popup. I'll have to take another look and see if anything got installed or if some goofy process in running. I didn't spend a whole lot of time on it as I had to get to work.

Is Java installed on her PC?

Java is not installed. I don't have noscript on her box as it would "break" too many things. Just your anti-malware suggested tools, AB+ with additional subs, etc.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,275
Location
I am omnipresent
Usually, when I see popups like that, they're infected Java craps. But it could be just about anything. Run adwcleaner and MBAM (in safe mode if posible) and I'd be willing to bet one or the other will take care of it. One crappy thing about malware is that there's always new malware. Your mom found some of it.
 

Bozo

Storage? I am Storage!
Joined
Feb 12, 2002
Messages
4,396
Location
Twilight Zone
What jumps out at me is since when does an internet provider scan your computer for viruses?
 
Top