Recently, I was able to remove a persistent and malicious Vundo virus from my computer with the wonderfully helpful guidance of Oldman. He literally saved me from pulling out what little hair I have left.
As a result of Oldmanâs assistance, I began to read various forums on computer protection dealing with viruses, rootkits and possible computer hacking. I have a question which I am sure you great guys can give me some additional information. I am running Avast!, version 4.7 (on access protection enabled) and doing periodic scans with SuperAntiSpyware on an XP Professional system, SP2. As far as I know I now have a clean system. Are there any other scanning measures I can take to detect something I may not even be aware of (i.e. rootkits, backdoor, trojan or some other process)?
Oldman instructed me to change my firewall software that offers two way protection and I am still reading on possibles for that but I do intend to follow his guidance in that respect. We have a router for two computers using common internet access so that provides a hardware firewall which is helpful. I think I am becoming a little paranoid with all of the pernicious possibilities that can occur with computers that you might not even be aware of. So, in summary, is running Avast! and SuperAntiSpyware sufficient to ensure a clean computer or can I add another step to provide a higher degree of confidence that everything is fine? As always, thanks so much for your advice.
The only one I would add to that is Spywareblaster to immunise the CLSID area of the registry. Your set up is similar to mine and - touch wood - I have yet to be infected
[*]SpywareBlaster to help prevent spyware from installing in the first place.
SAS
Avast 4.8
Spywareblaster
Comodo firewall (seems to work now ;D )
Well for a start, its unlikely that 1 spyware scanner alone can find all malware on your PC, personally i use Spybot in conjunction with superantispyware to be on the safe side (this is across my home network).
As you said your going to follow Oldmans advice for firewalls, so ill let him reply/advise there.
If you would like to investigate rootkit scanners you could always try the avast rootkit scanner but be advised it still is in beta stage so cation is advised.
When using these scanners donât do anything on your PC while scanning, or you will create false positives, also not remove anything they find unless you are 100% sure about them.
Other programs such as SpywareBlaster as essexboy mentioned are very useful aswell.
Another nice program is Ccleaner (crap cleaner) which gets rid of them left over files on your PC that you not use + can be tracked.
Keep all programs upto date is extremely advisable aswell, this not only includes using windows update but also keeping media players, flash/shockwave players, archive unpackers etc all upto date.
Other then that just use common sense and keep a general knowledge of threats about you to help you along.
One of the Advantages of using this program is that there are Support
Forums, both a âRootkitRevealer Usageâ & âRootkitRevealer Logsâ at http://forum.sysinternals.com/ .
Yes I would go for that policy as well, but I also would like to invest (will cost you nothing actually) in some protective measures so it is not so likely or far from likely indeed I will get infected in the first place. So I like to add some in-browser-protection like NoScript add-on for Firefox and Flock, even protects me for dangers that were not even taken into consideration by the Mozilla devs that developed that browser. For the rest I do my surfing without full admin rights, by dropping full admin rights or use a normal user account I can prevent 90 % of known malware to be able to change anything about my OS settings. Then I use scandoo search engine and finjan add-on inside my browser to have certain indications as on what site-hyper links I might click through, and for real pre-scanning I use DrWebâs av-scanner to scan hyperlinks in real time. While furthermore having avastâs ashWebServ.exe listening in, I think I have been reducing the risk of getting malware there considerably,