Emsisoft Mamutu – Free (Save $30) Until Sunday, May 1, 11:59 PM PDT

Regular reader, and my good Aussie friend, John W., has just given me a heads up on a pretty cool offering from Emsisoft. Emsisoft is noted for developing some of the better antimalware applications, so you might want to consider giving  Mamutu a try.

This application appears, in many respects, to run along the same lines of ThreatFire – an antimalware application I recommend as a formative part of a layered security approach. See – ThreatFire Version 4.7.0 – Free Protection Against Zero Day Malware, on this site.

From the developer:

Today, we bring you this special offer on Emsisoft Mamutu. From now until Sunday, we are giving away a free copy of Mamutu. Not only does it monitor all active programs for dangerous behavior, but it also blocks malicious activities in real time.

Its Behavior Blocking and Zero-Day-Attacks technology recognizes new and unknown Trojans, backdoors, keyloggers, worms, viruses, spyware, adware, and rootkits without the need of daily signature updates, protecting you long before the signature databases have been updated.

So, where does this funny-sounding name come from? The word Mamutu is composed of two words: “Malware” and “Mutu,” which comes from the Maori language. It means “stop,” so we were told that the developers of Mamutu wanted to describe exactly what the program does: terminate all types of Malware.

In summary, here is a quick rundown of Emsisoft Mamutu’s features:

• It monitors all active programs for dangerous behavior real-time
• Recognizes new and unknown Trojans, worms, and viruses
• Protects your PC without weighing down its resources, so it does not slow you down

This free offer is good until Sunday, May 1, 11:59 p.m. PDT, so grab your free copy while you can and give it a try.

Note: registration required.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

NEW – Panda Cloud Antivirus 1.3 Blocks Malicious And Suspicious Websites

Panda Cloud Antivirus 1.3, Panda Security’s newest release (October 27, 2010), of it’s popular cloud-based antimalware application, should be even more effective at keeping the bad guys at bay with it’s newest enhanced feature – blocking suspicious and malicious websites before they can exploit vulnerabilities (available in both the Free and Pro versions).

Equally as important, a drawback to using previous editions of the free version of Cloud Antivirus has been eliminated – the free edition will now automatically update to new releases as they become available.

How good is Panda Cloud Antivirus at shutting down the bad guys? How about 100% of the time. Well, not quite – but having established a detection rate of 99.87% in recent comparative tests carried out by AV-Test.org – places Panda Cloud Antivirus at the head of the class.

Testing anti-malware applications takes considerable time in order to get to the heart of the matter – does an application work in the “real world?”

Will the application do what an average user expects – does it block malware effectively and efficiently? Particularly new, or emerging, malware threats.

Is the interface crafted in such a way that an average user doesn’t need to digest an instruction manual in order to navigate the application?

Is the application capable of providing adequate protection without stressing system resources?

I’ve been running Panda Cloud Antivirus, on a secondary system, since April 2009, and in this extensive testing, Panda Cloud Antivirus has met, or exceeded, all of these requirements.

Happily, Panda Cloud Antivirus  is not a resource hog – on my secondary system it  consumes only 15 MB of RAM, or so, when idle, and only 60MB, or so, while  scanning.

Backed by a year and a half’s experience running Panda Cloud Antivirus in various editions, I have no hesitation in recommending Panda Cloud Antivirus as a front line antivirus application.

Panda Cloud Antivirus 1.3 Quick Highlights:

Malicious Web & URL Filtering. This feature blocks websites that push malware, exploits and drive-by downloads. It is available both in Free and in Pro Editions and is installed by the toolbar. Unlike similar solutions, this web filtering works at a low level so it works under all browsers: Internet Explorer, Firefox, Chrome, Safari, etc. For those of you that didn’t install the toolbar but would like to install the Web & URL Filtering, you can download it from here and install it manually.

Unified Recycle Bin and Quarantine. Previously the Recycle Bin handled suspicious detections and the Quarantine handled deleted malware detections. This has been unified into a new Recycle Bin for ease of management. This is included in both Free and Pro Editions.

Automatic and transparent upgrades to new product versions, previously only available in the Pro Edition, this is now available in the Free Edition as well. All users of Free Editions versions 1.1.0, 1.1.1 and 1.1.2 will automatically and transparently upgrade to the new 1.3. See notes below for the upgrade schedule.

No more nagging advertising. After listening to many of you we have decided to turn off the nagging advertising popups prompting to upgrade to Pro Edition. If you want to support Panda Cloud Antivirus and wish to get the Pro Edition, you can do so from here, but we won’t bug you anymore from the popups.

Hot updating of behavioural blocking rules. In order to increase protection on the fly against new vulnerabilities and attacks and to fix false positives, hot updating of behavioural blocking rules allows faster response time in both the Free and Pro Editions.

Immediate notifications of virus detections. Previously if Panda Cloud Antivirus encountered multiple viruses, it would delay its traybar notification and show them grouped. This behaviour has been changed so that the notifications are shown immediately.

Suspicious detection counter. Under the statistics window there’s some new counters for the different types of heuristics and behavioural detections.

System requirements: Windows 7 32-bit, Windows 7 64-bit, Windows Vista 32-bit, Windows Vista 64-bit, Windows XP 32-bit,  Windows XP 64-bit.

Panda Cloud Antivirus is available in 20 languages.

Download at: Cloud Antivirus

About Panda Security

Founded in 1990, Panda Security is the world’s leading provider of cloud-based security solutions with products available in more than 23 languages and millions of users located in 195 countries around the world.

Panda Security has 56 offices throughout the globe with US headquarters in Florida and European headquarters in Spain. For more information, visit the Panda site.

Update: A reader has just advised that Panda Security is giving away Pro licenses for free for 48 Hours at CNET! (See below).

CNET Exclusive Discount: FREE Panda Cloud Antivirus Pro Edition

Here’s some great news for anyone in need of antivirus software. TrialPay has teamed up with CNET and Panda Security to give away unlimited free copies of Panda Cloud Antivirus Pro Edition. That’s right, free. And unlimited. It’s complete Panda-monium!

For the next 48 hours only, Panda Cloud Antivirus Pro Edition (reg. $29.95) will be available for FREE exclusively on CNET download.com. Simply follow this link, click on the “SPECIAL OFFER: Get It Free” promotion, then enter your name and e-mail, and you’ll get a one-year license for Panda Pro absolutely free.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Avira AntiVir Personal 10 – Is It The Best Free Antivirus Available?

If you were building a wish list of the features that you would like to see in a free anti-virus program, I’m sure you would include the following:

An easy to use and understand, yet comprehensive, user interface.

An on demand scanner to seek out viruses, Trojans, backdoor programs, hoaxes, worms, dialers and other malicious programs.

And, perhaps most important, the ability to stop a detected malicious program  dead in its tracks.

The ability to repair, delete, rename and quarantine programs, or files.

Well you’re in luck. Avira AntiVir Personal will meet, and even exceed, all of your wishes. This anti-virus program offers comprehensive protection, driven by an easy to use interface.

Avira AntiVir Personal is not just another free AV solution. Avira may just be the best free AV solution available. It’s certainly the most popular in its class, and with good reason, in my view.

I’ve been using Avira, in one release or another for years on a Windows XP Professional machine, and I have never had to deal with an infection on that particular computer.

I’m not suggesting that Avira is the only reason this machine has never been infected, but – it is the foundation on which all of the other security solutions, specific to that machine, are built. Regular readers are well aware, that I faithfully follow the Three Commandments of Safe Surfing:

Stop – consider where you’re action might lead.

Think – consider the consequences to your security.

Click – only after making an educated decision to proceed.

If you’re a typical, or an average user, you should find that Avira AntiVir Personal will meet, and even exceed, all of your requirements.

As an indication of this programs popularity, Download.com reports 100+ MILLION total downloads – 665,000 last week alone.

Fast facts:

Highly Configurable

Protection from viruses, worms and Trojans

Includes anti-spyware and anti-adware features

Protection against expensive dialers

Protection from hidden rootkits

Protection from phishing

Extensive malware Recognition

Monitors every action executed by the user or the operating system

Reacts promptly when a malicious program is detected.

Automatic updates of antivirus signatures, engine and software – I have to admit, I love this feature

Now in Version 10.0.0.567 (updated April 22, 2010)

Quick Summary:

Easy to download, easy to install, easy to configure, easy to use, and very effective.

System requirements: Windows 7, XP, Vista (32-bit and 64-bit).

Download at: Download.com

Note: Free for home-users only.

If you find the nag screen annoying, take a look at “Remove Avira Notifier – Here’s How”, on this site. If you’re running a 64 bit system, then checkout my buddy G’s site –Disable Avira Notifier in Windows 7.

Note: Since we’re talking about Avira, you should be aware that Avira offers a free Avira AntiVir Rescue System, “which is a Linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to repair a damaged system, rescue data, and scan the system for virus infections”.

If you are an active computer user, you should consider adding this application to your antimalware tool box.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Panda Cloud Antivirus Releases Pro Version, but Free Version Does the Job

Today, Panda Security announced that it has significantly upgraded and extended its Panda Cloud Antivirus product line to offer both a free, and a Pro version to users.

According to Panda “With nearly 10 million downloads since the beta launch one year ago, Panda Cloud Antivirus is the fastest growing free antivirus today”.

I’ve been running Panda Cloud Antivirus, on a secondary system, since April 2009 (the Beta launch), and I’ve been pleasantly surprised with it’s performance, particularly the light use of system resources.

After all, who needs a resource hog interfering with one’s computer experience?  Happily, Panda Cloud Antivirus  consumes only 15 MB of RAM, or so, when idle, and only 60MB, or so, while  scanning.

Testing anti-malware applications takes considerable time in order to get to the heart of the matter – does an application work in the “real world?”

Will the application do what an average user expects – does it block malware effectively and efficiently? Particularly new, or emerging, malware threats.

Is the interface crafted in such a way that an average user doesn’t need to digest an instruction manual in order to navigate the application?

Is the application capable of providing adequate protection without stressing system resources?

In the long term test on my secondary system, I found Panda Cloud Antivirus met, or exceeded, all of these requirements, and I have no hesitation in recommending it as a front line antivirus application.

Should you consider installing and running Panda’s Cloud Antivirus? Well, let me offer you this, from previous correspondence with Panda’s CEO Juan Santana “The threat climate demands a new protection model”.

Given the unstable security state of the Internet, I can certainly agree, and it comes not a moment too soon, in my view.

Quick highlights:

FREE, antivirus thin-client service for consumers which is able to process and block malware more efficiently than locally installed signature-based products.

The immediate benefits to users thanks to Panda’s new protection model are: 100x faster protection against new malware and 50 percent less impact on PC performance, compared to the industry average.

Utilizing its proprietary in-the-cloud scanning technology called Collective Intelligence, to automatically identify and classify new malware strains in near real-time (less than six minutes.

This same process takes up to 48 days with traditional AV products, according to a recent study from the University of Michigan.

New functionality in Panda Cloud Antivirus Free Edition includes:

New and improved interface makes Cloud Antivirus even easier to use.

Improved performance with cache optimization and memory management lowers CPU utilization and memory consumption.

Advanced configuration and exclusions allow users to customize certain features, such as behavioral blocking and analysis, to suit their individual needs and system requirements.

Behavioral blocker provides instantaneous protection against new malware and targeted attacks.

Self-protection of antivirus files and configurations ensures protection can’t be disabled by targeted malware attacks.

Collective Intelligence Monitor give users access to a list of malware from the community that is updated in real-time.

Ability to restore any neutralized file.

Improved detection & protection against rootkits.

Free Technical Support forums.

Choosing the Cloud Antivirus Pro Edition gets you these additional features:

Automatic, transparent upgrades provide completely “hands-free” protection by eliminating the need for reinstalling the antivirus each time a new version is released.

Automatic vaccination of USB and hard drives ensures neither drive type can transmit an infection while users are offline.

Dynamic behavioral analysis provides an added layer of protection by analyzing running processes and blocking any found to be malicious.

24/7 multilingual technical support online.

System requirements: Windows 7 32-bit, Windows 7 64-bit, Windows Vista 32-bit, Windows Vista 64-bit, Windows XP 32-bit,  Windows XP 64-bit.

Download at: Cloud Antivirus

Rick Robinette over at What’s On My PC, has also completed a substantial test run on Cloud Antivirus, so be sure to read his report – Panda Cloud Antivirus – Is It Netbook ready?

My friend Steve Mallard, at the The Tennessee Technology Center at Shelbyville, has posted on  “Panda Cloud Antivirus Free”, which provides additional information including their installation experience, screenshots, and findings.

About Panda Security

Founded in 1990, Panda Security is the world’s leading provider of cloud-based security solutions with products available in more than 23 languages and millions of users located in 195 countries around the world.

Panda Security has 56 offices throughout the globe with US headquarters in Florida and European headquarters in Spain. For more information, visit the Panda site.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

New Symantec Cloud Based Security Solution for Small and Medium Sized Groups Announced

On the whole, businesses, at every level, have virtually the identical need to protect computer systems as you and I. It’s just a matter of degree.

Both businesses, and individuals, need protection against viruses, spyware, rootkits, spam, phishing, and other types of malware.

One major difference does exist however. You and I, at a personal level, uncomfortable as it may be, are likely to survive a malware infection with either limited, or no cost.

Not so a business. Computers, and automated business systems, have become crucial to the effective operation, and stability, of most businesses. Downtime, caused by cybercrime, can have lasting impact on a business’s long term viability and reputation.

Given the current threat conditions on the Internet, small and medium sized business, now, more than ever, need an effective cyber security plan. A plan that is relatively simple – but comprehensive, and in keeping with the realities of the present business environment – cost effective.

Based on these recognized needs, Symantec Hosted Services today announced a new cloud-based service, designed specifically with the SMB market in mind.

According to Symantec “Customers will now be able to protect their Windows-based laptops, desktops, and file servers from the proliferation and growing sophistication of threats with the simplicity and convenience of a cloud-based service.”

By taking advantage of this cloud based service, Symantec clients will realize considerable savings; since there is no need for additional hardware, or management software.

At the moment, Symantec Hosted Endpoint Protection is available only to customers in North America.

Fast facts:

Comprehensive Protection for Customer Systems: Advanced technologies for antivirus, antispyware, firewall and host intrusion prevention.

Always-on Protection for Endpoints: Automated updates occur transparently over an Internet connection to keep employee systems current and consistent with client policies when employees are in the office or on the road – even when they’re not logged into their corporate VPN.

Web-based Management Console: Administrators can access the administration portal over a supported Web-browser and corporate VPN access is not required to monitor and manage each computer. Administrators receive real-time alerts via SMS or email and can easily perform functions such as initiate a Live Update to refresh system protection levels, view history on systems and change local policy settings.

Ease of Management: Adds and manages new computers without requiring on-site management servers. Updates occur automatically and new features are introduced as they become available during the subscription period for no additional fee.

Scalable: Flexibility provided through a hosted model allows the solution to scale to incorporate new endpoints quickly and efficiently without requiring additional hardware or management software.

Fast to Deploy: Can be quickly deployed to users via standard download, an email invitation or silently pushed to the customer’s network.

To sign up for a Hosted Endpoint Free Trial visit Symantec’s MessageLabs.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Free Tizer Rootkit Razor – Detect Kernel Mode Trojans or Rootkits

A Rootkit (a Kernel Mode Trojan), is a malware program, or a combination of malware programs, designed to take low level control of a computer system.

Techniques used to hide rootkits include; concealing running processes from monitoring programs, and hiding files, or system data, from the operating system. In other words, the rootkit files and processes will be hidden in Explorer, Task Manager, and other detection tools.

It’s easy to see then, that if a threat uses rootkit technology to hide, it is going to be very difficult to find.

Enter the Rootkit detector which will provide you with the tools to find and delete rootkits, and to uncover the threats Rootkits may be hiding.

We’ve written here a number of times on Rootkits and free tools designed to uncover and remove these scourges, and thanks to regular reader Robert, we can share with you a new free tool, Tizer Rootkit Razor, which will allow you to identify and remove Rootkits from your computer.

I should be clear however, this tool is not “one-click simple” to decipher, and users need to be particularly mindful of false positives.

Since the false positive issue, is always a major consideration in using tools of this type, you should be aware that tools like this, are designed for advanced users, and above.

Here’s a reasonable test to determine if you have the skills necessary to use this application effectively. If you’re not capable of using, and interpreting, an application such as HiJackThis for example, it is unlikely that using this program would prove to be beneficial. On the other hand, if you can interpret the results of a  HiJackThis scan, you’re probably “good to go”.

The user interface is dead simply – functional and efficient, as the following screens from my test system indicate. BTW, no Rootkits were found during this test.

Fast facts:

Main Screen: This page displays information related to your operating system and memory usage.

a.) Smart Scan: This feature automatically scans all the critical areas in the system and displays hidden objects, hence making things easier for the user.

NOTE: User is provided with a feature to fix the hidden object (if any).

Process Scan: This module scans processes currently running on the machine. A process entry will be highlighted in red if it is a hidden rootkit. The user can click on an individual process to display any hidden modules loaded by the process.

NOTE: The user is provided with the option to terminate processes and delete modules.

Registry Scan: This module scan is for hidden registry objects.

a.) Smart Scan: A smart scan will scan the critical areas of the registry.

b.) Custom View: This module provides a virtual registry editor view, hence enables the user to navigate through the registry and check for hidden keys or values. (Hidden keys/values will be highlighted)

Kernel Module Scan: This module scans for loaded drivers in the memory. A module entry will be highlighted in red if it is hidden.

NOTE: The user is provided with a feature to unload and delete a driver module from memory.

Services Scan: This module scans all installed services on the local machine. A particular service entry will be highlighted if it is hidden.

NOTE: The user is provided with start, stop, pause, and resume features. They may also change the startup type of service.

SPI Scan: This module lists all the LSPs installed in the system. This is read only information.

NOTE: The user can check for any unauthorized LSP installed.

SSDT Scan: This module scans for any altered value in the System Service Descriptor Table (SSDT). The process of alteration is termed as “Hooking.”

NOTE: The user can restore the altered value to its original value.

Ports Scan: This module will scan all open TCP and UDP ports. A particular port entry will be highlighted if it is hidden.

NOTE: The user is provided with the option to terminate the connection.

Thread Scan: This module will enumerate all running processes. The user can click on a particular process to view and scan all threads running in context of that process. Any hidden threads will be highlighted in red.

NOTE: The user is provided with the option to terminate a thread.

File/Object Scan: This module will scan for any hidden files in the system. The user selects a location on the computer to scan.

Much like anti-spyware programs, no one Rootkit detector application catches everything, and to highlight the differences in Rootkit detection applications, the publisher of Tizer Rootkit Razor has provided the following comparison chart.

If you think you might have hidden malware on your system, I recommend that you run Tizer Rootkit Razor. Scanning for Rootkits occasionally is good practice in any event, and if you have the necessary skills, Tizer Rootkit Razor appears to be a good choice to help you do that.

System requirements: Windows XP, Vista, Win 7 – (there is no indication on the developer’s site that this app is x64 compatible).

Download at: Tizer Secure

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Computer Infection? – Search Engine Links Might Be The Culprit

Search engines, including Google, do a relatively good job of scanning their index for potentially dangerous sites. Nevertheless, scanning does not detect all potentially dangerous sites – not even close.

According to Dasient, a Web Anti-malware developer – using a proprietary malware analysis platform, which gathers data on web-based malware attacks from across the web, they concluded that more than 560,000 Web sites, and 5.5 million pages, were infected with malware in the fourth quarter of 2009.

Keep in mind that these infected sites and pages have, in most cases, been indexed by search engines.

We should all be aware by now, that cybercriminals are masters at seizing opportunity, and in the current environment, Internet search engine results provide just that.

Consider this: if one were to poll a group of typical Internet users as to the safety and reliability of search engine results, including the pervasive ads that search engines sprout; there is little doubt that the answer would be positive.

This is an image of Google search results that link to malware infected sites, courtesy of Sunbelt Software.

Paradoxically, it’s because current anti-malware solutions are more effective than they have ever been in detecting worms and viruses, that we’re now faced with yet another form of insidious attack – the drive-by download, resident on many of these compromised sites.

Drive-by downloads, which don’t require user action to create an infection, are not new; they’ve been lurking around for years it seems, but they’ve become much more common, as these statistics indicate.

Given that search engine results can be manipulated in this way (see “Search Engine Results – Malware Heaven!” on this site), it’s reasonable to ask the question – why aren’t more typical Internet users aware of this situation?

The obvious answer is – search engines make little or no effort to educate their users in the risks involved in relying on search results, or advertisements, appearing in their applications.

As a consequence, the typical user I come into contact with believes search engine output to be untainted, and free of potential harmful exposure to malware.

Fact: Consumer confidence in the strength and reliability of search engine results, particularly ads, is seriously misplaced.

Fact: The ongoing failure to protect the Internet, which by definition is an open network, will continue to expose users to substantial penalties; ranging from productivity decreases, infrastructure compromise, to a failure in consumer confidence, and more.

I’ve said it before, and I’ll say it again – an argument can be made, that the Internet has turned into a playground for cyber-criminals.

So will search engine providers address the issues described in this article? Sure, but only when outraged consumers finally force them to. Great business model!!

To reduce the chances that you will be victimized by malicious search engine results, you should consider installing WOT, which in my view, is the best Internet browser protection available. WOT, a free browser add-on, is designed to warn you of unsafe, or malicious links.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Free Avira AntiVir Personal Protection – Get the Real Deal!

Avira AntiVir Personal is not just another free AV solution. This application may just be the best free application for monitoring interactions with your operating system, to ensure that if a malicious program is detected it will be stopped dead in its tracks! It’s certainly the most popular in its class, and with good reason.

Avira AntiVir Personal offers effective, on demand scans for viruses, Trojans, backdoor programs, hoaxes, worms, dialers and other malicious programs. It’s simple interface provides easy access to a command structure, that makes it easy to repair, delete, block, rename and quarantine programs, or files.

I’ve been testing Avira in one release or another for years, and I continue to be impressed with its performance. I have come to rely on it as my primary anti-virus application on my test platforms.

If you’re a typical, or an average user, you should find that Avira AntiVir Personal will meet, and even exceed, all of your requirements.

As an indication of this programs popularity, Download.com reports almost 70 MILLION downloads, making it the leading antivirus software, offered for download on this site.

Fast facts:

Highly Configurable

Protection from viruses, worms and Trojans

Protection against expensive dialers

Protection from hidden rootkits

Protection from phishing

Extensive malware Recognition

Monitors every action executed by the user or the operating system

Reacts promptly when a malicious program is detected.

Automatic updates of antivirus signatures, engine and software – I have to admit, I love this feature

Now in Version 9.0.0.415

Quick Summary:

Easy to download, easy to install, easy to configure, easy to use, and very effective.

System requirements: Windows 2000/XP/Vista/Win 7, UNIX

Download at: Download.com

Note: Free for home-users only.

If you need more convincing, watch the CNET video review of Avira AntiVir Personal – Free Antivirus ( 2:17 mins.)

If you find the nag screen annoying, take a look at “Disable Avira Notifier”, on this site.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Malware Removal Tips – Experience From the Trenches

Guest writer Mark Schneider gives you the best advice you’ll ever get on malware removal – “when it comes to malware removal, use a shotgun – not a rifle”.

Cleaning an infected computer is a challenge. Unfortunately, malware writers are talented, and that translates into real trouble if your machine gets infected.

Many computers ship with large all-in-one security suites. These all-in-one programs look good on a checklist comparison in PC Magazine, but I prefer to use a variety of free programs from different vendors, each using a slightly different method of cleaning a machine, which gives you the best chance of finding all the bad files.

Recently, I had to deal with a Lenovo Thinkpad my daughter had been using – the laptop is a spare machine I use only occasionally, and had just been given a clean install of Windows XP.

After my daughter had finished using it, I did a routine scan using Malwarebytes, a very good free anti-spyware program. The initial scan found 15 infections, including some Rootkits, which can be very difficult to remove. Malwarebytes told me I needed to reboot the computer to finish the removal. I complied and rescanned.

Same results, same Trojans, same Rootkits, so I scanned with Microsoft’s Security Essentials, a new free anti-virus Microsoft recently released. Security Essentials found nothing at all, so I tried a new (to me) website, virustotal.com.

Virustotal allows you to upload suspicious files to scan to determine if they are a threat or, possibly a false positive. I uploaded the file that was showing up the most frequently on the quick scans. Virustotal scans the file using over 40 different malware removal engines. Only one engine, McAfee Virus scan, found the file to be suspicious so I was beginning to think I might have a false positive. But, the fact that the file kept reappearing was very suspicious. Now I needed to get serious.

The next step was to run CCleaner a very good registry, and temporary file cleaner. CCleaner will make virus scans faster, and may delete files that are allowing a possible payload to reload when you restart the computer.

After using CCleaner, I installed Superantispyware Free, a program that I always install as one as my primary tools to combat spyware. The fact that this computer was a fresh rebuild was the only reason I hadn’t installed it yet.

Installing and running Superantispyware goes very fast – it’s a great program that is the favorite of many computer technicians. Super lived up to its reputation, and found a number of problems, including one Trojan with multiple registry entries.

Rebooting the machine after Superantispyware ran, finally yielded some results. Additional scans from Superantispyware, and Malwarebytes, came up clean.

My next test is to run HijackThis. HijackThis is a very powerful tool which must be handled with care. Installing HijackThis is simple; using it effectively is another story. The best method, for most people, is to run HijackThis and create a log file. Next, post this file to a web site where experts can parse your results and determine if you still have any suspicious files.

My preferred site is HijackThis.de – the site is primarily in German, but don’t let that deter you. They have a scanner which will scan your log file in real time and give you a good idea, right away, if HijackThis has found anything.

If you have run, and re-run your scanning tools, run a HijackThis, and everything comes up looking okay, you’re probably malware free. But for the next few reboots, you should continue to make sure your anti-malware programs are up to date, and keep rescanning periodically.

Most malware these days wants to hide in the background. You may be infected and never know your machine is stealing your passwords, and draining your bank account. So stay safe, keep your data backed up, and if you get infected, use as many tools as it takes to get secure again.

This is a guest post by Mark Schneider of the Techwalker Blog, who brings a background as a high level techie, to the blogging world.

Why not pay a visit to Mark’s site today.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Search Engine Results – Not to be Trusted!

It’s been more than a year since I last reported on fake search engine results, and in that time, this Internet scam has not gone away, but it did seem to develop a lower profile.

Despite developing this lower profile, cyber-crooks continued to be unrelenting in their chase to infect web search results. Recently, there has been a resurgence in the use of custom-built Websites designed to drop malicious code on computers, and in the manipulation of legitimate pages in order to infect computers with malware.

A new grouping of 200,000+ compromised sites has been discovered, all of them redirecting to fake security software. The following graphic (courtesy of Cyveillance Blog), shows an attack underway.

As is usual with this type of redirection, when a potential victim visits one of these sites the likelihood of the downloading of malicious code onto the computer, by exploiting existing vulnerabilities, is extremely high.

The following graphic (courtesy of Cyveillance Blog), illustrates 260,000 sites, they discovered, which will redirect.

Redirection exploit process:

Generally, there are several ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate.

Another method is the insertion of false dialogue boxes, fake toolbars, and more on sites; all designed to load destructive malware which could include rootkits, password stealers, Trojan horses, and spam bots.

It’s often difficult to determine who the cybercriminals responsible for specific attacks of this type are, but not in this case. Researchers have concluded the infamous Koobface gang are responsible.

Regular readers are aware that we repeat the following advice regularly, but it’s worth repeating.

Keep all applications (including your operating system) patched.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is WOT (Web of Trust), an Internet Explorer/FireFox add-on that offers substantial protection against questionable or unsafe websites.

Turn off your computer or disconnect from the network when not in use.

Disable Java, JavaScript, and ActiveX if possible.

Disable scripting features in email programs.

Make regular backups of critical data.

Make a boot disk in case your computer is damaged or compromised.

Turn off file and printer sharing on the computer.

Install a personal firewall on the computer.

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.

Ensure the anti-virus software scans all e-mail attachments.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.