Jump to content


Photo

Best overall malware tool


  • Please log in to reply
32 replies to this topic

#1 esteban2323

esteban2323

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 08 June 2004 - 10:17 AM

Hi all,
Already using a variety of FREE software, such as Ad-aware, Spybot, Aluria, AVG, etc which have helped to keep me mostly trouble-free.
Looking for recommendations for a SINGLE piece of pay software that best protects against all malware: virus, trojans, hijackers, spam, adware, spyware,...

Thoughts?

Thanks much.
- E

#2 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 08 June 2004 - 03:43 PM

There is not any one program that can do everything, paid for or free.
AdAware, and spybot will account for about 90 % of adware/hijackers. The remainder require specialised tools, and the knowledge of how to use them.

Most of the anti virus programs detect and remove most of the viruses/trojans/ worms, if kept up to date.

There is very little that can be done against spam. Mailwasher is a good free filtering program, and there are others as well.

Beware of some of the paid spyware removers, as some are notorious for false positives, or based on stolen code from the free applications.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#3 esteban2323

esteban2323

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 08 June 2004 - 03:49 PM

Thanks Dave.

Are you aware if any of the pay versions of any of the freeware significantly better than their free counterparts?

-E

#4 wreck

wreck

    Always Learning!

  • Full Member
  • PipPipPipPip
  • 285 posts

Posted 08 June 2004 - 04:08 PM

I'm sure someone will correct me if I am mistaken, but most of the time the main difference between "paid" and "free" versions of these types of software is that "paid' versions usually will update themselves automatically. Also, some "paid'' versions offer "realtime" protection instead of being "manually" run.

** As an addendum, many "free" versions are only for "at home" personal use. Any businesses must use the "paid" or "professional" versions.

Edited by wreck, 08 June 2004 - 04:15 PM.

"It's not the size of the dog in the fight -- it's the size of the fight in the dog."

#5 lonewolf

lonewolf

    Advanced Member

  • Full Member
  • PipPipPip
  • 233 posts

Posted 08 June 2004 - 07:10 PM

In my opinion there is no one best app (pay or free) for detecting malware, spyware, adware ect... a layered approach is always the best way to go. What one detector may miss another may find so layering your security apps is a better way to bolster up your defenses.

Here's what i noticed about some of the pay versions and the free versions of some anti-malware apps.

Pest Patrol and Spysweeper will sometimes find more kinds of malware than Spybot and Ad-Aware, notably keyloggers and trojans. But Pest Patrol has alot of false positives, so you can't just go deleting everything you find with it. Spybot and Ad-Aware are generally more reliable at detecting spyware and adware IMO.

Another great program is TDS-3. An anti-trojan that is rated among the best of any anti-trojan available. It will also find some other forms of malware. But it will cost you some $.

Spycop is a great program for finding keyloggers. Have used it and like it. It seems to find keyloggers better than anything else out there. But Pest Patrol has done well in this area too, in my experiences.

A Squared(free) isn't too bad for detecting trojans. But i think i still like TDS-3 better for this area of malware detection.

There really doesn't seem to be a match for SpywareBlaster(free). True there are Programs that will do this for $. But they just don't seem to be any better than SB.

I wouldn't put too much faith in Aluria. I have never found a thing with it. Even when Spybot and other programs have.

The best free anti-viruses IMO are: AVG, Avast, and Antivir. And if your going the free route with an anti-virus, i would recommend you use more than one. Just use one as your primary. Shut off all functions in your secondary anti-virus and ONLY use it as an on-demand scanner for a second opinion.

The pay anti-viruses are better IMO. Among the best are NAV, KAV, & NOD32. Of course there are others, but it all comes down to what suites you best. Some use more system resources than others. Some are better at detecting trojans ect.. It just depends what your requirements are.

Zonealarm (v4.5 is best at this point as v5.0 still has too many bugs) is a good free firewall as is Sygate. The pay versions are better but not that much, for general protection.

Hope this very limited list helps you out. Good luck.

#6 Guitar Man

Guitar Man

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 08 June 2004 - 11:11 PM

Even if it just reflects one person's views and preferences, IMHO lonewolf's post is well written and thought out. And it sums up pretty much what is reality with the majority of these applications, whether free or pay versions.

The other members in this thread have valid points as well.

THANKS ! Posted Image

Edited by Guitar Man, 08 June 2004 - 11:15 PM.

<span style='font-size:11pt;line-height:100%'>Phil</span>
--------------------------------------------------------
Minimum "must haves":

ZoneAlarm Free - AVG 6.0 Free - Spybot S&D - SpywareBlaster - Ad-Aware - StartupMonitor - RegSeeker 1.35

#7 esteban2323

esteban2323

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 10 June 2004 - 01:54 PM

Thanks all, for all your expertise. Much appreciated.

- E :thumbsup:

#8 Safari

Safari

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 14 June 2004 - 02:49 PM

Spycop is a great program for finding keyloggers. Have used it and like it. It seems to find keyloggers better than anything else out there. But Pest Patrol has done well in this area too, in my experiences.


I find that Privacy Keyboard is the best anti-keylogger out there. It will not detect a keylogger on your machine like Anti-Virus, but it will prevent any type of keystroke recording (using windows hooks).

Try it out here:

.http://anti-keylogger.com/downloads/prvkbd.zip

I am currently searching for the best anti-spyware software on the market. From reading the forums here, I have found a great starting point for this task.

:D
Posted Image

#9 jlhough

jlhough

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 11 July 2004 - 07:31 PM

I too am looking for the "BEST" anti-trojan, anti-malware program, if there is any such animal. Lonewolf's post was great, as far as it goes.

But I have a malware infectionthat no one has been able to help with, either here, or on TomCoyotem or Adaware support furums. I've downloaded and tried just about every recommended freeware or trialware program available, and none will rid me of the pest, some version of Cool Web Search, and a home page hijacker. The paid version of Lavasoft's Adaware 6 Plus isn't working either, nor is their tech support.

Oh yes, Adaware and Spybot SD say they find many objects, and fix them, but they keep coming back, and spywareblaster and spyware gaurd keep notifying me of hijack attempts.

I'm about to try some of the paid, but guaranteed, products, like Pest Patrol, McCaffee, Trojan Hunter, etc.

The best programs are going to be the ones with the latest and most frequent reference file updates, and I'm suspecting that might be Pest Patrol.

Feedback appreciated.

Grampa Jere

#10 ErikAlbert

ErikAlbert

    Typical User

  • Full Member
  • PipPipPipPipPip
  • 787 posts

Posted 11 July 2004 - 08:34 PM

No comments, the very best products were mentioned.

The most interesting sentence for me was this one and I quote :
"But I have a malware infection that no one has been able to help with, either here, or on TomCoyotem or Adaware support furums"

It's a continuous struggle between brilliant brains and the smartest will always win the game.

Edited by ErikAlbert, 11 July 2004 - 08:47 PM.

ErikAlbert
Simplicity is always brilliant.

#11 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,757 posts

Posted 11 July 2004 - 09:02 PM

Ad-Aware and Spybot to kill 'em dead, then SpywareBlaster and IE-SPYADs to guard, Firefox and Netscape to browse, plus an education of what goes on inside your system - that's the only safe way to do things these days, other than running Linux.
Signature file is under revision. This will be back shortly.

#12 esteban2323

esteban2323

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 12 July 2004 - 09:58 AM

Thanks again to all.
I too have a situation similar to "Grampa Jere", with another PC.
The browser hijacker is persistent, and although it appears to be neutralized by Ad-Aware/ SpyBot it resurfaces within a day or so.
Working on getting the "Hijack This" log...

AND, while we're on it, something called "Adroar" keeps triggering AVG virus alerts. I scan, it finds and removes it, then a week later I get another alert. Anybody know a way to immunize against this?

Esteban :grrr:

Edited by esteban2323, 12 July 2004 - 10:05 AM.


#13 Paranoid

Paranoid

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 533 posts

Posted 13 July 2004 - 07:18 AM

I too have a situation similar to "Grampa Jere", with another PC.
The browser hijacker is persistent, and although it appears to be neutralized by Ad-Aware/ SpyBot  it resurfaces within a day or so.


A day or two? Sounds like a succuessful cleaning followed by a reinfection (probably by visiting the same site) rather than failure to remove?
Please note that the software I recommend above is entirely based on only my own experience and testing. In no way should my comments,opinions and endorsements be construed as an endorsement by the forum, nor do they reflect the advise or recommendations by the experts or helpers at spywareinfo.


#14 Guitar Man

Guitar Man

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 13 July 2004 - 11:41 AM

SpywareBlaster's setting that disables the IE home page from being changed SHOULD work.

Spybot's Tools>IE Tweaks setting also does the same thing.

I have yet to be hit, since having these 2 apps installed and updated regularly...
<span style='font-size:11pt;line-height:100%'>Phil</span>
--------------------------------------------------------
Minimum "must haves":

ZoneAlarm Free - AVG 6.0 Free - Spybot S&D - SpywareBlaster - Ad-Aware - StartupMonitor - RegSeeker 1.35

#15 thatman

thatman

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 21 July 2004 - 02:59 PM

Hi all

QUOTE
I too have a situation similar to "Grampa Jere", with another PC.
The browser hijacker is persistent, and although it appears to be neutralized by Ad-Aware/ SpyBot it resurfaces within a day or so.


Kill these running processes with Task Manager:

systemroot+\arupdate.exe
systemroot+\cpr.exe
systemroot+\cpruninst.exe

Unregister these DLLs with Regsvr32, then reboot:

systemroot+\adroar.dll
systemroot+\system\adroar.dll
systemroot+\system\cpr.dll
systemroot+\system32\adroar.dll
systemroot+\system32\cpr.dll




Remove these registry items (if present) with RegEdit:

HKEY_CLASSES_ROOT\adroar.band
HKEY_CLASSES_ROOT\adroar.band.1
HKEY_CLASSES_ROOT\adroar.band\clsid
HKEY_CLASSES_ROOT\adroar.band\curver
HKEY_CLASSES_ROOT\clsid\{e0f0e0e1-5d45-11d4-bc00-2dcc73302d70}
HKEY_CLASSES_ROOT\clsid\{fac6e0e1-5d45-4907-bc00-302d702dcc73}
HKEY_CLASSES_ROOT\cpr.iehelperop
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{bdf6ce3d-f5c5-4462-9814-3c8eac330ca8}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{e0f0e0e1-5d45-11d4-bc00-2dcc73302d70}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{fac6e0e1-5d45-4907-bc00-302d702dcc73}
HKEY_LOCAL_MACHINE\clsid\{bdf6ce3d-f5c5-4462-9814-3c8eac330ca8}
HKEY_LOCAL_MACHINE\clsid\{e0f0e0e1-5d45-11d4-bc00-2dcc73302d70}
HKEY_LOCAL_MACHINE\clsid\{fac6e0e1-5d45-4907-bc00-302d702dcc73}
HKEY_LOCAL_MACHINE\software\classes\clsid\{bdf6ce3d-f5c5-4462-9814-3c8eac330ca8}
HKEY_LOCAL_MACHINE\software\classes\clsid\{e0f0e0e1-5d45-11d4-bc00-2dcc73302d70}
HKEY_LOCAL_MACHINE\software\classes\clsid\{fac6e0e1-5d45-4907-bc00-302d702dcc73}
HKEY_LOCAL_MACHINE\software\cpr
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{bdf6ce3d-f5c5-4462-9814-3c8eac330ca8}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bdf6ce3d-f5c5-4462-9814-3c8eac330ca8}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{e0f0e0e1-5d45-11d4-bc00-2dcc73302d70}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{fac6e0e1-5d45-4907-bc00-302d702dcc73}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browserhelperobjects\{bdf6ce3d-f5c5-4462-9814-3c8eac330ca8}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browserhelperobjects\{fac6e0e1-5d45-4907-bc00-302d702dcc73}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\adroarupdate
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\cpr
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\cpr\displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\cpr\uninstallstring


Remove these files (if present) with Windows Explorer:

systemroot+\adroar.dll
systemroot+\arupdate.exe
systemroot+\cpr.exe
systemroot+\cpruninst.exe
systemroot+\system\adroar.dll
systemroot+\system\cpr.dll
systemroot+\system32\adroar.dll
systemroot+\system32\cpr.dll

#16 Taylor

Taylor

    Malware Detective

  • Full Member
  • Pip
  • 22 posts

Posted 23 July 2004 - 09:51 PM

My opinion on the best one tool question:

I think the key is to just stay informed on the various types/
variants of malware, so as to know which tool is best for what.
Because, just when you begin to put so much faith into ONE
product, a new virus or trojan is discovered that is missed by that tool.
The creators of spyware/viruses, etc. make it a point to stay
on top of the latest information and anti-malware tools just to
thwart our efforts. So, we should stay informed all the more.
I subscribe to several spyware information news letters and read the
forums regularly so I can feel somewhat "in control".
As for specific tools, one needs a good anti-virus tool such as AVG, along with your proven anti-malware tools like Spybot Search and Destroy, Adaware, and Spysweeper. A good firewall doesn't hurt (ZoneAlarm, etc.)
Ocasionally, an unexpected infection will occur, and present the need
for one to download other helps like CWShredder (which, unfortunately may never be updated again), HijackThis, or others.
I wish there was only one tool that could fix it all!

<span style='font-size:14pt;line-height:100%'>~Taylor~</span>
<span style='font-size:8pt;line-height:100%'>ASAP Member</span>
*********************

Malware Library--Information and Downloads:
What Is Malware?*What Are Parasites?*Spyware Explained
Have You Been Hijacked?*Help Prevent Viruses
Problems With Pop-Ups Or Spam?

Find And Eliminate Spyware!
Tools and Tutorials Available(Spybot S&D, Ad-Aware)
Spyware/Adware/Hijackware Removal Tools

Security Tools--Anti-Virus, Free Online Scans, & Firewalls:
AVG, BitDefender, Panda Scan, Kerio, ZoneAlarm

PC Instructions And Tips:
Show Hidden Files/Start Safe Mode/Configure System Restore
Microsoft Help*Microsoft Support (Trouble-Shooting)

Help Prevent Spyware Installation:
SpywareBlaster*IE-Spyad*Recommended Security Settings
******Click, Please!:o)

#17 esteban2323

esteban2323

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 02 August 2004 - 10:13 AM

This one is really aggravating me!
I have found a few of these files/reg keys (as posted here by "thatman") on my machine, but most were not present.

AVG continues to give alerts:
Virus
Trojan horse downloader.Adroar.A
is found in file c:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP755\A0152317.exe

I'll run AVG, it finds and "heals" it, but then within a short time it's alerting me again of reinfection.

Need more advice!
Thanks,
-E

Edited by esteban2323, 02 August 2004 - 10:15 AM.


#18 KinG

KinG

    Hmm...It's always raining...

  • Full Member
  • Pip
  • 85 posts

Posted 02 August 2004 - 10:29 AM

Man...the first person to create a program that cures all, saves all, and runs low will be rich.

#19 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 02 August 2004 - 02:03 PM

esteban2323, while it is a bit off topic for this thread, The file that is reported as infected is in the system restore archives, and nothing can actually clean it.

To remove it, you must disable system restore, and reboot, to remove all previous infected restore points, and the restart system restore.

Detailed how -to can be found here .
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#20 JethroBodine

JethroBodine

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 27 November 2004 - 10:18 PM

I'm curious if these recommendations (the applications, not the approach) have changed at all since the original post?


In my opinion there is no one best app (pay or free) for detecting malware, spyware, adware ect... a layered approach is always the best way to go. What one detector may miss another may find so layering your security apps is a better way to bolster up your defenses.

Here's what i noticed about some of the pay versions and the free versions of  some anti-malware apps.

Pest Patrol and Spysweeper will sometimes find more kinds of malware than Spybot and Ad-Aware, notably keyloggers and trojans. But Pest Patrol has alot of false positives, so you can't just go deleting everything you find with it. Spybot and Ad-Aware are generally more reliable at detecting spyware and adware IMO.

Another great program is TDS-3. An anti-trojan that is rated among the best  of any anti-trojan available. It will also find some other forms of malware. But it will cost you some $.

Spycop is a great program for finding keyloggers. Have used it and like it. It seems to find keyloggers better than anything else out there. But Pest Patrol has done well in this area too, in my experiences.

A Squared(free) isn't too bad for detecting trojans. But i think i still like TDS-3 better for this area of malware detection.

There really doesn't seem to be a match for SpywareBlaster(free). True there are Programs that will do this for $. But they just don't seem to be any better than SB.

I wouldn't put too much faith in Aluria. I have never found a thing with it. Even when Spybot and other programs have.

The best free anti-viruses IMO are: AVG, Avast, and Antivir. And if your going the free route with an anti-virus, i would recommend you use more than one. Just  use one as your primary. Shut off all functions in your secondary anti-virus and ONLY use it as an on-demand scanner for a second opinion.

The pay anti-viruses are better IMO. Among the best are NAV, KAV, & NOD32. Of course there are others, but it all comes down to what suites you best. Some use more system resources than others. Some are better at detecting trojans ect.. It just depends what your requirements are.

Zonealarm (v4.5 is best at this point as v5.0 still has too many bugs) is a good free firewall as is Sygate. The pay versions are better but not that much, for general protection.

Hope this very limited list helps you out. Good luck.

View Post



#21 ErikAlbert

ErikAlbert

    Typical User

  • Full Member
  • PipPipPipPipPip
  • 787 posts

Posted 29 November 2004 - 08:42 AM

JethroBodine
No, nothing changed (except for the application upgrades) since the original post.
As long different members ask the same question, members will repeat their answer.
That's what lonewolf did and I would do the same thing to save my fingers and my keyboard.

What I really want doesn't happen in the Malware World.
So I'm waiting for SENSATIONAL improvements for the benefit of the users.
ErikAlbert
Simplicity is always brilliant.

#22 Setsune

Setsune

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 07 December 2004 - 01:55 AM

Try Giant Antispyware (paid program) and Ewidos (anti-trojan, pay and free versions). Prevx is also a good program, as is Desktop Armor (both free).

I use KAV, Ewidos, Pest Patrol Corporate, Sygate Pro (all security settings turned ON), Spywareblaster, Prevx, Desktop Armor, Protowall, Giant Antispyware, Spybot S&D 1.3, CWS Shredder (old and new versions), Hijack This, Adaware Pro 1.05 SE, PAC files, eDexter, Firefox 1.0 a custom HOSTS file and F-Secure. Call me paranoid :)

Edited by Setsune, 07 December 2004 - 01:57 AM.

My Personal Prevention Choices
==========================
Protowall and the Blocklist Manager
------------------------------------------
B.I.S.S. Security

Spywareblaster
------------------------------------------
Javacool Software

TeMerc Internet Security
------------------------------------------
TeMerc Internet Security Site

Prevx
------------------------------------------
Prevx Computer Protection

#23 TopperID

TopperID

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 07 December 2004 - 11:34 AM

You can argue 'till the cows come home as to what is the best - but there aint no such baby! If you were to load all the available freebies (and some are very good) onto your machine you'd bring it to its knees!

Prophylaxis is better than cure, so it is always going to be better stopping malware from getting in, rather than trying to do something about it later. So real-time protection is better than demand scanning; for this I use a combo of KAV, Ewido and Giant AS. If you have SB S&D then be sure to use the Tea Timer facility.

If I have to recommend one single paid for item, in addition to the basics, I would say get Process Guard fron DiamondCS. It is the only thing out there that will protect you from the worst of the new generation of malware. With this you can stop rootkits and DLL injecting nasties before the signature based progs even know about them!

#24 cissp

cissp

    Member

  • Full Member
  • Pip
  • 88 posts

Posted 07 December 2004 - 05:13 PM

Thatman, please see The various helper groups here:

http://www.spywarein...p?showtopic=148.

Do join the team if you want to post help, we'd love to have you with us.

CISSP

[quote name='thatman' date='Jul 21 2004, 02:59 PM']
Hi all

QUOTE
I too have a situation similar to "Grampa Jere", with another PC.
The browser hijacker is persistent, and although it appears to be neutralized by Ad-Aware/ SpyBot it resurfaces within a day or so.


Kill these running processes with Task Manager:

Rest Deleted...

#25 countryboy123

countryboy123

    Member

  • Helper Trainee
  • Pip
  • 51 posts

Posted 25 December 2004 - 10:59 PM

Hi all,
Already using a variety of FREE software,  Aluria

View Post


First, it is not free. Unless you got a free version with its own ads and that one has spyware, they say.

Before any newbies uses Aluria Spyware Eliminator, please do a search on this site. It has everyone distrusting it right now. In my opinion, the owner forgot his reputation is everything even is a internet business. The search will explain in detail.

If anyone wants to be cross , about my opinion. I own a copy of it, because I trusted the owner of spywareinfo. recommendations , about 8 or 12 months ago and bought a copy. It was untrust worthy then calling out and shutting down my firewall. I got were I only loaded it once every few weeks. Now I wont load it at all.

#26 tide33

tide33

    Member

  • New Member
  • Pip
  • 4 posts

Posted 04 January 2005 - 05:50 PM

Hey guys,

I believe someone (lonewolf) waaaaay back mentioned that Webroot Spysweeper detects more trojans and keyloggers that Ad-aware and Spybot etc. etc. don't detect. I have heard from numerous sources that these are (in some cases) false positives caused by the way that Spysweeper scans (ie. by file name instead of actually scanning the data). I was wondering if this is still true, and if so was lonewolf referring to some newer threats that were not identified as false positives?

I'm just a bit concerned because I see Spysweeper being touted on this board and that...but it isn't the greatest from what I hear. I have yet to try it myself though (too many programs..soo little time) so I may be completely wrong. Hope this helps.

~tide out

#27 muf

muf

    Member

  • New Member
  • Pip
  • 3 posts

Posted 05 January 2005 - 07:16 PM

Not sure about the best, but this application pretty much covers 'a lot' of protection/analysis. It includes an anti-spyware module as well. Take a look at the features list. I'm currently using the standard version but i will be upgrading soon to the gold version.
http://www.greatis.c...rity/detail.htm

muf

#28 lonewolf

lonewolf

    Advanced Member

  • Full Member
  • PipPipPip
  • 233 posts

Posted 06 January 2005 - 03:02 AM

Hey guys,

I believe someone (lonewolf) waaaaay back mentioned that Webroot Spysweeper detects more trojans and keyloggers that Ad-aware and Spybot etc. etc. don't detect. I have heard from numerous sources that these are (in some cases) false positives caused by the way that Spysweeper scans (ie. by file name instead of actually scanning the data). I was wondering if this is still true, and if so was lonewolf referring to some newer threats that were not identified as false positives?

I'm just a bit concerned because I see Spysweeper being touted on this board and that...but it isn't the greatest from what I hear. I have yet to try it myself though (too many programs..soo little time) so I may be completely wrong. Hope this helps.

~tide out

View Post



Hi Tide33

Since your question is referring to something I said, who better to answer than the original poster, right?

What I said about SpySweeper detecting more keyloggers than either Spybot or Ad-aware is still true. Spybot and Ad-aware will find some keyloggers, but it's not their main use. SpySweeper is simply better at finding keyloggers than either SB or AA. But SpySweeper is still not the best program available for detecting keyloggers. I did my own tests on these programs, with keyloggers, to determine this information... they were not false positives.

If your looking for a good program to find keyloggers I have found Spycop & Anti-keylogger to be good ones, but they'll cost you.

Some very good free programs for the detection of keyloggers are

Snoopfree (finds keyloggers) http://www.snoopfree.com/default.htm

X-Cleaner (finds many kinds of spyware including keyloggers) http://www.xblock.co...-freeware.shtml

Ewido (cheifly an anti-trojan but will find some keyloggers too) http://www.ewido.net/en


Using the above three (free) programs along with Spybot and Ad-aware (which you should be using anyway) should give you pretty good coverage for keylogger detection. :)

Edited by lonewolf, 06 January 2005 - 03:12 AM.


#29 tide33

tide33

    Member

  • New Member
  • Pip
  • 4 posts

Posted 07 January 2005 - 08:45 PM

Thanks lonewolf,

However, I'm still getting mixed signals about Spysweeper. Does the fact that it scans by filename drastically reduce its effectiveness in identifying real threats (other than keyloggers and trojans) or does it only cause a small amount of false positives (ie. small problem) or is this even true anymore (the scanning by filename)?

Many thanks for the program suggestions, I will be sure to check some of those out. Thanks again.

~ tide out

Edited by tide33, 07 January 2005 - 08:46 PM.


#30 sun

sun

    Member

  • Full Member
  • Pip
  • 75 posts

Posted 07 January 2005 - 09:12 PM

I have been using spysweeper for sometime now and it picks up a few traces and I use spybot and adaware free versions as well as a2, spyware blaster and have been alright for about a year now and of course I have an AV, all programs I am continuously, update, update, update and regular scans. i also use Zone Alarm Pro 5 and Defrag regularly when needed.
I also run Panda standalone Active Scan or Trend Mirco House Call AV.. again free off the Net Anti Virus Program. No conflicts with my AV and I only use them occasionally.
One program that I did not see mentioned is Trojan Hunter.....the other program TD...was mentioned but I have heard that this program is for advanced users.
Any comments on Trojan Hunter???
Look forward to comments. :)

#31 Bobby

Bobby

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 08 January 2005 - 05:57 AM

Just to respectfully add my thoughts to this thread, I think the most single best overall malware tool is the knowledge learned from reading all the threads and essays from the experts and helpers in how to avoid becoming infected in the first place.

When I first came here several years ago, my machine was a mess. I loaded every security application, both free and paid, but I continued to have problems. Someone here taught me to have the mindset that I should guard my machine the same way I guard my house. Home security tools are fine but also needs to be tempered with common sense in how you "think" about security.

So today, I use a combination of paid and free security applications in a layered approach but I also use the knowledge gained here to help me know where to go, what not to do, where not to go, and other hints in my dealings on the Internet. As one person here once told me, the best locks on your house door may be fine but it's still a good idea to look out the simple peephole first.

This is probably a good time for me to thank those who are not thanked enough for giving me a free education here on Internet security and helping to keep me safe in the cyber jungle.

Kind regards,
Bobby

#32 tantricobstacles

tantricobstacles

    Member

  • Full Member
  • Pip
  • 19 posts

Posted 10 January 2005 - 01:11 PM

Thanks lonewolf,

However, I'm still getting mixed signals about Spysweeper. Does the fact that it scans by filename drastically reduce its effectiveness in identifying real threats (other than keyloggers and trojans) or does it only cause a small amount of false positives (ie. small problem) or is this even true anymore (the scanning by filename)?

Many thanks for the program suggestions, I will be sure to check some of those out. Thanks again.

~ tide out

View Post


Tide,
I'm not certain where you're getting the information that Spy Sweeper scans by filename alone, but it is incorect. You did mention some cases in which Spy Sweeper detects startup keys by run name and not by data - this is true only for run keys and future versions of Spy Sweeper will look at the data as well as the run key name. Any false positives that this has caused and have been reported to Webroot as such have been fixed - if you are aware of any others, please let Webroot know and they will get them fixed.

#33 tide33

tide33

    Member

  • New Member
  • Pip
  • 4 posts

Posted 15 January 2005 - 02:31 PM

Thank you for clearing this up tantricobstacles,

Well, I'm not exactly sure where I came upon that information. It was a long time ago (it may have even been on the old board here) so I don't remember. It may or may not have been the startup keys that said person was talking about, but I don't know since I have avoided Spysweeper ever since. However, it is good to hear that this issue is either being looked into or already fixed, and I look forward to trying out Spysweeper in the future.

As to whether or not I know any specific issues: No, I do not. I haven't even ever tried Spysweeper, but I will definitely report any false positives if I end up using it. As I say, I heard it on another board where someone mentioned that Spysweeper scanned by filename alone. I didn't ever bother testing it myself anyway, so I couldn't validate the claims. Thats why I came here.

Thanks again for the help.

~ tide out




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button