Tag Archives: scan

Microsoft Security Essentials – Breaking Up Is Hard To Do – But, It’s Over; You’re Gone

imageSadly, Microsoft Security Essentials and I have had a falling out. We’re through – it’s over – that’s it. It’s broken the cardinal rule I’ve long established for all my applications – trust that it will perform as advertised.

It’s been replaced in my affection by another – one that lives up to its billing –  AVG AntiVirus Free 2013. Microsoft Security Essentials no longer does.

Frankly, I’ve avoided AVG’s products for years – with good cause I think. Applications that are slow, cumbersome, updates that crash systems ….. have a way of ending up in file 13 (the garbage), around here. In the past, AVG’s products were known for all of that, and more. It had its defenders of course, but I was not one of them.

As MSE has slowly lost its touch, AVG has bounded ahead. It’s sleek; it’s fast; it’s free – and, in the latest AV-Test.org’s (see AV-Test.org’s full results here), it pummels MSE – again.

In fact, for the second testing cycle in a row – Microsoft Security Essentials has failed certification as an effective security application.

Quick overview of AVG AntiVirus Free’s salient score points. Click graphic to expand.

image

Courtesy – AV-Test.org.

I’ve been running with AVG AntiVirus Free 2013 on a primary home system (a Windows 8 machine), since September 5, of last year. The verdict? I’m impressed – very impressed.

As you can see from the following screen shot, AVG AntiVirus Free offers substantial protection – not quite up to the standard of the company’s paid applications – but, more than enough (in my view), that an aware user should feel comfortable.

Keep in mind, that an educated user understands the limitations of relying on a single security application and, is conversant with the principal of layered security.

Windows 8 users will notice that the GUI (as shown below) owes a little something to Windows 8’s Metro (or whatever MS is calling it these days) GUI.

image

Multiple choices are available in the settings menu so that users can tweak and massage the application to meet their specific needs. I must admit – that was a major positive for me.

image

Running a scan: As is my practice – I run a complete scan on my machine’s boot drive every day. And a full scan on all attached drives, weekly.

image

Running a scan: 60 GB SSD – particulars as shown below.

image

image

Scanning time – just under 5 minutes with “High Priority” set.

image

Slip in a USB device – and….

image

System requirements: Windows 8, Windows 7, Windows Vista, Windows XP.

Download at: AVG

A Major Bonus – From the site:

It’s not just the software that’s free. So too is phone access to our team of support experts 24/7, 365 days a year (USA, UK, Canada). Kudos to AVG!!

You’ll notice a basket-full of additional free AVG products on the download page – you just might find something that fills a gap in your overall security plan.

Whether you’re an experienced user, or you consider yourself “average”, I recommend that you spend some time scouting around the application’s GUI – there’s lots to be discovered here. All of it good.  Smile

46 Comments

Filed under 64 Bit Software, Anti-Malware Tools, Antivirus Applications, Don't Get Hacked, downloads, Free Security Programs, Freeware

Rescue Your PC With Free Kaspersky Rescue Disk 10

imageMuch of today’s malware is expert at hiding or camouflaging itself – making it both hard to detect, and obviously more difficult to remove. But, if you can get to malware before it has a chance to run live within the installed operating system – you have a real chance of detecting and eradicating the varmint.

This is where a Rescue Disk (Live CD), which I like to think of as the “SWAT Team” of antimalware solutions – comes into play. More often than not, a Live CD can help you kill malware DEAD!

It’s important to know though, not all antimalware Live CDs are in fact, “Rescue Disks”. And, not all “Rescue Disks” are in fact – antimalware Live CDs.

Kaspersky Rescue Disk 10, by far and away my antimalware tool of choice,  combines the best of both genres. Not only is is superb at identifying and removing malware but, with it’s onboard tool kit it, definitely qualifies as a Rescue Disk.

Note: Kaspersky Rescue Disk 10, is designed to scan, and disinfect, both 32 bit and 64 bit machines. As well, Kaspersky Rescue Disk 10 can be run from a USB device.

The following is a quick walkthrough using Kaspersky Rescue Disk 10 in both malware scanning and “tool kit” capacities.

Kaspersky Rescue Disk 10 is available for download as an ISO file only, which means – you must burn the ISO image file to a CD/DVD, and then boot the application from your CD/DVD drive. If you’re unsure as to how to setup your machine to boot from your CD/DVD drive, PC Support at About.com has an easy to follow tutorial – How To Boot From a CD, DVD, or BD Disc.

If you don’t know how to burn an ISO image, you’ll find instructions below.

At boot-up, Kaspersky Rescue Disk 10 runs through a fairly large number of routines so be patient until the main menu screen appears.

From the menu screen, run the update task which will update the anti-virus databases. Following which, you can then go to “Scan your computer” or….

Click on graphic to expand to original size.

image

…….. you can choose to configure the scan settings to your specific requirements.

Click on graphic to expand to original size.

image

As the application is scanning, you will be reminded of both the percentage of objects scanned and, an estimated time to completion.

Click on graphic to expand to original size.

image

The bonus features bolted on to Kaspersky Rescue Disk 10 include:

Konqueror Web Browser

The Konqueror web browser integrated into Kaspersky Rescue Disk can view websites and save the pages you have visited. You can view all visited pages after exiting Kaspersky Rescue Disk. By default, the Kaspersky Lab website is displayed in the browser.

Click on graphic to expand to original size.

image

Integrated File Manager and Registry Editor

The Integrated file manager will allow you to access the Hard Drive/s. As a last resort (if it comes to that),  you will be able to save your important files (any file for that matter), using this tool.

As well, using the Registry Editor, you will be able to view and change settings in your system registry,

Click on graphic to expand to original size.

image

Kaspersky Rescue Disk 10 is an extremely powerful tool, with many more capabilities than I’ve been able to cover in this short review. I’m more than a little surprised that it can be downloaded at no cost. A serious computer user would do well to have this application ready to go when faced with one of those –  O No!!, moments.

To read a blow-by-blow description of Kaspersky Rescue Disk vs. Malware, checkout guest writer Mark Schneider’s – A Lesson In Malware Removal Using Kaspersky Rescue Disk, here on this site.

System requirements: Windows XP (Service Pack 2 or higher), Vista, Windows 7  (32/64 bit support for all).

Download the ISO image file at: Kaspersky

If you’re unsure as to how to burn an ISO image file to a CD/DVD in order to create a bootable disk, here’s an easy method. In this illustration I’m using a freeware application CDBurner XP.

1)  Activate  CDBurner XP.

2)  Insert a blank CD/DVD into the CD/DVD drive.

3)  Click on “Burn ISO image”, which will open the write screen.

image

4)  Select kav_rescue_10.iso which will reside in the location in which you saved the file.

5)  Click on “Burn disc”

image

6)  Sit back and relax until the job is complete (2/3 minutes).

11 Comments

Filed under Anti-Malware Tools, CD/DVD Recovery Tools, downloads, Freeware, Kaspersky, System Recovery Tools

OPSWAT’s Metascan Online – A VirusTotal Alternative

imageI’m right and you’re wrong.

No, I’m right and you’re wrong!

You’re listening to a couple of sports fans arguing over who’s the best tennis player maybe? Could be – but, if you’re analyzing a downloaded file with more than one antimalware application (and you should), you could be witnessing a more serious difference of opinion.

You’ve primary anti-malware application is advising you that the application you just downloaded contains malware. But, since you’re an aware computer user, you’ve launched your secondary malware scanner and – surprise – there’s a difference of opinion – no malware.

So, you’re now dealing with the big question – are you dealing with a false positive thrown up by the primary malware scanner, or is it more likely that the secondary scanner is misbehaving?

You could just flip a coin, or go with your best guess – but, you didn’t become a super user by flipping coins, or guessing, when it comes to your system’s security. No, you’re better than that, so you upload the questionable file to VirusTotal, where it will be scanned for nasties by thirty five plus diverse online scanners.

image

VirusTotal result – a clean file. Elapsed time on this scan – under a minute.

image

As an alternative to VirusTotal, or in addition to (maybe not a bad idea), you can run the file through a new service now being offered by OPSWAT, the company behind the highly recommended AppRemover.

OPSWAT’s Metascan Online, is similar in many respects to VirusTotal – as the following screen shots indicate.

Browse your Hard Drive for the file to be uploaded (for this test I’ve selected a different executable – 15 MB as opposed to 3 MB).

image

image

Detailed results are shown in the  following screen capture. As you can see – the file has been processed through 19 AVs and has come up clean. Elapsed time on this scan – just over a minute.

image

This new service was launched just a few days ago, so you may experience a glitch or two. In testing, over several days (in both Windows and Ubuntu Linux), I must admit I bumped my head a time or two,  but after speaking with the company, the minor server issues I encountered were resolved quickly.

Responsiveness to customer issues is the hallmark of a client centered organization, and OPSWAT certainly meets that test.

Fast facts:

Use of multiple antivirus engines

Real-time automatic updates of virus signatures

Detailed results from each antivirus engine

Real time global statistics available

image

image

Keep in mind, an online scanning service is not a substitute for an appropriate local defense system, including a firewall (either software or hardware), and a sound and effective anti-malware application.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

11 Comments

Filed under Anti-Malware Tools, Cloud Computing Applications, Don't Get Hacked, Freeware, Malware Protection, Online Malware Scanners, OPSWAT, Recommended Web Sites, Windows Tips and Tools

Runscanner – Aggressively Queries Your System And Applications For Unauthorized Changes

image

The developers of Runscanner describe this freeware utility as having been designed to “detect changes and misconfigurations in your system caused by spyware, viruses, or human error.”

Sounds a bit like HijackThis, the free utility from Trend Micro, which has a well deserved reputation for being aggressive in tracking down unauthorized changes that have been made to your system/applications.

Runscanner though, takes this process miles beyond HijackThis, and does so by  using an intuitive approach that casual users*, and experienced users alike, should find easy to work with.

*The only difficulty I see, that casual users might have a problem with is – the enormous volume of information this application is capable of producing. This could make it difficult for a casual user to interpret results.

Runscanner is a simple executable, and no installation is required. Just click on the file, and then choose your mode – beginner or expert.

image

The following screen capture shows the results of a full scan I ran on a Win 7 (32 bit), machine. The only entry I was unfamiliar with was Staropen.sys. Runscanner was right on the job though, with the right click context menu providing access to “lookup” services, as the screen shot below illustrates.

image

I took a look at Staropen.sys using a Google link to the Prevx file investigation site, and found the following: The filename Staropen.sys is used by objects that are classified as safe. It has not yet been seen to be associated with malicious software.

I then uploaded the file to VirusTotal (another context menu option),and VirusTotal reported the following – as shown in the screen shot below.

image

I suspected that this system driver was a component of CDBurner XP, and opening the location (another context menu option), then reading the driver with NotePad, indicated this was correct.

The next part of the test involved generating an online malware analysis report, which generates a massive report on all items which are considered safe, unsafe, whitelisted and additionally, verification of each file’s digital signature.

The screen capture below shows only a tiny (and I do mean tiny), portion of this report. The report is the most comprehensive of any I’ve ever seen, produced by this type of utility.

When you click on the screen capture below, to expand to the original size, you’ll notice that I’ve queried  Nitro PDF Spool Service. Rather than go directly to the site, instead, I’ve used COOL Previews to gather the relevant information. If you’re not yet familiar with COOL Previews – you can read a review of this outstanding time saver here – Surf Smarter – Take A Sneak Peek At Links With CoolPreviews Firefox Add-on.

image

Fast facts:

100+ start/hijack locations

Online malware analysis

Import and export of .run files

Powerful process killer

Save to text log file

Powerful file filtering

Host file editor

History backup / restore

Explorer jump

Analysis of file certificates

Beginner, Expert mode

Bit9 FileAdvisor MD5 lookup

Systemlookup.com lookup

Upload file to VirusTotal

Analyze loaded modules

Google lookup

Runscanner database lookup

Regedit jump

If you are a casual user, one caveat from the developer you should be aware of: Runscanner requires advanced Windows knowledge. If you delete an item, without knowing what it is, it can lead to major Windows problems. If you are not sure what to delete, post your Run file to a helper forum.

A list of helper forums is available directly from within the application, or here.

System requirements: Windows 2003, Windows 2000, Windows Vista, Windows XP, Windows 7 (according to the developers, the application is x 64 compatible).

Download at: Download.com

Public process list is an additional service provided by the developers. In this list you will be able to browse all processes and files found by Runscanner. Extra information for top processes is added to the database and optional security info is provided by research.

Runscanner has additional capabilities not reviewed here, so I recommend that you take a close look at this freebie. I think you’ll find that it’s worth the effort.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Comments Off on Runscanner – Aggressively Queries Your System And Applications For Unauthorized Changes

Filed under 64 Bit Software, downloads, Freeware, Geek Software and Tools, Malware Removal, Manual Malware Removal, Software, System Process Scanners, System Utilities, Utilities, Windows Tips and Tools

Using Kaspersky Rescue Disk 10 – A Quick Walkthrough

imageMuch of today’s malware is expert at hiding or camouflaging itself – making it both hard to detect, and obviously more difficult to remove. But, if you can get to malware before it has a chance to run live within the installed operating system – you have a real chance of detecting and eradicating the varmint.

This is where a Rescue Disk (Live CD), which I like to think of as the “SWAT Team” of antimalware solutions – comes into play. More often than not, a Live CD can help you kill malware DEAD!

It’s important to know though, not all antimalware Live CDs are in fact, “Rescue Disks”. And, not all “Rescue Disks” are in fact – antimalware Live CDs.

Kaspersky Rescue Disk 10, by far and away my antimalware tool of choice,  combines the best of both genres. Not only is is superb at identifying and removing malware but, with it’s onboard tool kit it, definitely qualifies as a Rescue Disk.

Note: Kaspersky Rescue Disk 10, is designed to scan, and disinfect, both 32 bit and 64 bit machines. As well, Kaspersky Rescue Disk 10 can be run from a USB device.

The following is a quick walkthrough using Kaspersky Rescue Disk 10 in both malware scanning and “tool kit” capacities.

Kaspersky Rescue Disk 10 is available for download as an ISO file only, which means – you must burn the ISO image file to a CD/DVD, and then boot the application from your CD/DVD drive. If you’re unsure as to how to setup your machine to boot from your CD/DVD drive, TechPaul has an easy to follow tutorial – How to boot from a CD.

If you don’t know how to burn an ISO image, you’ll find instructions below.

At boot-up, Kaspersky Rescue Disk 10 runs through a fairly large number of routines so be patient until the main menu screen appears.

From the menu screen, run the update task which will update the anti-virus databases. Following which, you can then go to “Scan your computer” or….

Click on graphic to expand to original size.

image

you can choose to configure the scan settings to your specific requirements.

Click on graphic to expand to original size.

image

As the application is scanning, you will be reminded of both the percentage of objects scanned and, an estimated time to completion.

Click on graphic to expand to original size.

image

The bonus features bolted on to Kaspersky Rescue Disk 10 include:

Firefox

The Firefox web browser integrated into Kaspersky Rescue Disk can view websites and save the pages you have visited. You can view all visited pages after exiting Kaspersky Rescue Disk. By default, the Kaspersky Lab website is displayed in the browser.

In the following usage example, I have chosen to search Google for “malware help”. Let’s hope you’ll never have to do this but, if you need to you can – without having to boot back into Windows.

Click on graphic to expand to original size.

image

Internet configuration

By default, the web browser works with system proxy server. You can specify the proxy server settings when configuring the web browser. Since malware can often affect Internet settings, this feature can be an invaluable assist.

Click on graphic to expand to original size.

image

Integrated file manager

The Integrated file manager will allow you to access the hard drive/s – as the following screen capture shows. As a last resort (if it comes to that),  you will be able to save your important files (any file for that matter), using this tool.

Click on graphic to expand to original size.

image

Heuristic analyzer

Threat detection technology for threats that cannot be detected using Anti-Virus databases. It allows detecting objects suspected of being infected with an unknown virus or a new modification of the known viruses. This mechanism is fairly effective, and very rarely leads to false positives.

Kaspersky Rescue Disk 10 is an extremely powerful tool, with many more capabilities than I’ve been able to cover in this short review. I’m more than a little surprised that it can be downloaded at no cost. A serious computer user would do well to have this application ready to go when faced with one of those –  O No!!, moments.

To read a blow-by-blow description of Kaspersky Rescue Disk vs Malware, checkout guest writer Mark Schneider’s – A Lesson In Malware Removal Using Kaspersky Rescue Disk, here on this site.

System requirements: Windows XP (Service Pack 2 or higher), Vista, Windows 7  (32/64 bit support for all).

Download the ISO image file at: Kaspersky

If you’re unsure as to how to burn an ISO image file to a CD/DVD in order to create a bootable disk, here’s an easy method. In this illustration I’m using a freeware application CDBurner XP.

1)  Activate  CDBurner XP.

2)  Insert a blank CD/DVD into the CD/DVD drive.

3)  Click on “Burn ISO image”, which will open the write screen.

image

4)  Select kav_rescue_10.iso which will reside in the location in which you saved the file.

5)  Click on “Burn disc”

image

6)  Sit back and relax until the job is complete (2/3 minutes).

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

12 Comments

Filed under 64 Bit Software, Anti-Malware Tools, Computer Tools, downloads, Firefox, Free Anti-malware Software, Freeware, Geek Software and Tools, Kaspersky, Malware Removal, Portable Applications, Software, USB, Windows Tips and Tools

Two Free VirusTotal Apps Can Help You Catch Malware Preemptively

imageYou’ve run your primary anti-malware application, and up pops a notice advising you that you have an infection. But since you’re an aware computer user, you launch both your secondary malware scanners in sequence and – surprise! According to your secondary scanners you are not infected.

But, you’re aware that anti-malware programs that rely on a definition database to identify malware files, can often be behind the curve in recognizing the newest threats.

So, decision time. Do you then trust your primary anti-malware application and attempt removal, or instead, do you trust the results produced by your secondary scanners, and leave well enough alone?

In reality, you’re not limited to just these two choices. There is another option open to you.

If you’re worried about a specific file, here’s an interesting twist on free Online scanners – you can have any computer file (files are restricted to a maximum of 20 megabytes), scanned for nasties by thirty five plus diverse online scanners; all in one go, through VirusTotal.

To take advantage of this service, simply upload a file that you’re uncertain of to Virus Total, or as an alternative, submit your suspicious file to Virus Total by email. What could be simpler?

image

File submissions (Last 7 days)

This graph shows the number of files received at VirusTotal over the last 7 days. The image illustrates how many of these were new at VirusTotal, and the submissions which were detected by at least one antivirus. Click on any graphic to expand to original size.

image

Top 10 file submissions (Yesterday – December 29, 2010)

This table shows the most submitted files yesterday to VirusTotal, the last detection rate, and the number of times they were submitted is specified.

image

Quick facts:

Free, independent service

Use of multiple antivirus engines

Real-time automatic updates of virus signatures

Detailed results from each antivirus engine

Real time global statistics

Keep in mind, this service is not a substitute for an appropriate local defense system, including a firewall (either software or hardware), and a sound and effective anti-malware application.

Upload your suspicious file/s to: Virus Total

VTzilla:

 

VirusTotal recently released a Firefox only extension – VTzilla. VTzilla has been designed to scan URLs, links, and files (potential downloads) for malware, by employing the installed toolbar, or alternatively, the right click context menu.

Using the toolbar, I’ve plugged in my own site address as an example.

image

VirusTotal’s report indicates my site is a safe site, and does not contain malware.

image

Next, I visited Download.com and set up a download. Before saving the file however, using the right click context menu again, I had VirusTotal perform a scan.

image

The result indicates a clean site.

image

A couple of caveats:

Regular VirusTotal users are aware that file size is restricted to 20 MB or less, and this restriction unfortunately, is still in effect for this new service.

VTzilla is available only as a direct download from the developer’s site at the moment. It should be available from Firefox’s add-on repository, in due course.

Overall, I think this extension has some value. But, it is not a panacea. More and more, if a site is imbedded with malware, just visiting the site can trigger a driveby download. Porn surfers particularly, need to take note of this.

System requirements: Firefox 1.5 – 3+

Download at: the developer’s site.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

7 Comments

Filed under Anti-Malware Tools, Browser add-ons, cybercrime, Don't Get Hacked, downloads, Firefox Add-ons, Freeware, Internet Safety Tools, Malware Protection, Safe Surfing, Software, Windows Tips and Tools

Download Free Runscanner – HijackThis On Steroids!

imageIf you’re a malware hunter, and you’re in the market for a free system utility which will scan your system for running programs, autostart locations, drivers, services and hijack points, then Runscanner should make your shortlist.

The developers of Runscanner describe this freeware utility as having been designed to “detect changes and misconfigurations in your system caused by spyware, viruses, or human error.”

Sounds a bit like HijackThis, the free utility from Trend Micro, which has a well deserved reputation for being aggressive in tracking down unauthorized changes that have been made to your system/applications.

Runscanner though, takes this process miles beyond HijackThis, and does so by  using an intuitive approach that casual users*, and experienced users alike, should find easy to work with.

*The only difficulty I see, that casual users might have a problem with is – the enormous volume of information this application is capable of producing. This could make it difficult for a casual user to interpret results.

Runscanner is a simple executable, and no installation is required. Just click on the file, and then choose your mode – beginner or expert.

image

The following screen capture shows the results of a full scan I ran on a Win 7 (32 bit), machine. The only entry I was unfamiliar with was Staropen.sys. Runscanner was right on the job though, with the right click context menu providing access to “lookup” services, as the screen shot below illustrates.

image

I took a look at Staropen.sys using a Google link to the Prevx file investigation site, and found the following: The filename Staropen.sys is used by objects that are classified as safe. It has not yet been seen to be associated with malicious software.

I then uploaded the file to VirusTotal (another context menu option),and VirusTotal reported the following – as shown in the screen shot below.

image

I suspected that this system driver was a component of CDBurner XP, and opening the location (another context menu option), then reading the driver with NotePad, indicated this was correct.

The next part of the test involved generating an online malware analysis report, which generates a massive report on all items which are considered safe, unsafe, whitelisted and additionally, verification of each file’s digital signature.

The screen capture below shows only a tiny (and I do mean tiny), portion of this report. The report is the most comprehensive of any I’ve ever seen, produced by this type of utility.

image

Fast facts:

100+ start/hijack locations

Online malware analysis

Import and export of .run files

Powerful process killer

Save to text log file

Powerful file filtering

Host file editor

History backup / restore

Explorer jump

Analysis of file certificates

Beginner, Expert mode

Bit9 FileAdvisor MD5 lookup

Systemlookup.com lookup

Upload file to VirusTotal

Analyze loaded modules

Google lookup

Runscanner database lookup

Regedit jump

If you are a casual user, one caveat from the developer you should be aware of: Runscanner requires advanced knowledge about Windows. If you delete an item, without knowing what it is, it can lead to major Windows problems. If you are not sure what to delete, post your Run file to a helper forum.

A list of helper forums is available directly from within the application, or here.

System requirements: Windows 2003, Windows 2000, Windows Vista, Windows XP, Windows 7 (according to the developers, the application is x 64 compatible).

Download at: Download.com

Public process list is an additional service provided by the developers. In this list you will be able to browse all processes and files found by Runscanner. Extra information for top processes is added to the database and optional security info is provided by research.

Runscanner has additional capabilities not reviewed here, so I recommend that you take a close look at this freebie. I think you’ll find that it’s worth the effort.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

11 Comments

Filed under 64 Bit Software, Anti-Malware Tools, Diagnostic Software, downloads, Freeware, Geek Software and Tools, Malware Removal, Software, System Utilities, Utilities, Windows 7, Windows Tips and Tools, Windows Vista, Windows XP