|
Posted by on July 21, 2006, 6:48 am
If you were Registered and logged in, you could reply and use other advanced thread options
Hi all,
To protect our organisation, we are looking at Websense for the gateway
(we already have websense content filtering). This will only prevent
spyware from being introduced in the future.
To get rid of existing spyware, what do people recommend? I have used
the Microsoft Defender tool and Lavasoft Adaware in the past which
don't get rid of everything. Our support company recommends Webroot but
the www.adwarereport.com site gives it a 66% rating (Ad-aware is 54%
and Defender 0%)
Or is the only real cure for adware/malware/spyware only ever a system
rebuild?!
PS - I have used Ad-aware, the McAfee stinger tool, the Microsoft
Malicious Software Removal Tool, McAfee anti-virus and Sysinternals
Root Kit Revealer & Process Explorer (all in normal mode and some in
safe mode) to try and remove as much crap as possible from infected
machines. This has generally been good for me but is very
time-consuming.
Cheers,
Mat G
Birmingham UK
|
|
Posted by Malke on July 21, 2006, 8:48 am
If you were Registered and logged in, you could reply and use other advanced thread options
djmg2@lycos.co.uk wrote:
> Hi all,
>
> To protect our organisation, we are looking at Websense for the gateway
> (we already have websense content filtering). This will only prevent
> spyware from being introduced in the future.
>
> To get rid of existing spyware, what do people recommend? I have used
> the Microsoft Defender tool and Lavasoft Adaware in the past which
> don't get rid of everything. Our support company recommends Webroot but
> the www.adwarereport.com site gives it a 66% rating (Ad-aware is 54%
> and Defender 0%)
>
> Or is the only real cure for adware/malware/spyware only ever a system
> rebuild?!
>
> PS - I have used Ad-aware, the McAfee stinger tool, the Microsoft
> Malicious Software Removal Tool, McAfee anti-virus and Sysinternals
> Root Kit Revealer & Process Explorer (all in normal mode and some in
> safe mode) to try and remove as much crap as possible from infected
> machines. This has generally been good for me but is very
> time-consuming.
Here are my usual malware removal steps:
http://www.elephantboycomputers.com/page2.html#Removing_Malware
Yes, it is very time-consuming to remove malware. The best way to not get
malware is to practice "Safe Hex". In a corporation, workstations should be
configured so users can't install software or do random surfing to bad
sites. Depending on the size of the company, you can also set up a proxy
server as you are thinking, but you need both sides of the equation.
Malke
--
MS-MVP Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic"
|
|
Posted by David H. Lipman on July 21, 2006, 6:33 pm
If you were Registered and logged in, you could reply and use other advanced thread options
| Hi all,
|
| To protect our organisation, we are looking at Websense for the gateway
| (we already have websense content filtering). This will only prevent
| spyware from being introduced in the future.
|
| To get rid of existing spyware, what do people recommend? I have used
| the Microsoft Defender tool and Lavasoft Adaware in the past which
| don't get rid of everything. Our support company recommends Webroot but
| the www.adwarereport.com site gives it a 66% rating (Ad-aware is 54%
| and Defender 0%)
|
| Or is the only real cure for adware/malware/spyware only ever a system
| rebuild?!
|
| PS - I have used Ad-aware, the McAfee stinger tool, the Microsoft
| Malicious Software Removal Tool, McAfee anti-virus and Sysinternals
| Root Kit Revealer & Process Explorer (all in normal mode and some in
| safe mode) to try and remove as much crap as possible from infected
| machines. This has generally been good for me but is very
| time-consuming.
|
| Cheers,
| Mat G
| Birmingham UK
You have to realize what McAfee Stinger and Microsoft's Malicious Software
Removal Tool (MS
MRT) have in common. They are bot very limited "On Demand" scanners. When I
say limited I
mean they have a small target list. Therefore they should only be used when you
know you
are already infected with something on their respective target list. In the
case of the MS
MRT, a new version is downloaded and executed monthly.
The other tools you use are all after the fact removal tools.
What you need is pro-active "On Acces" scanning and prevention. That would mean
a complete
anti virus solution such as McAfee Enterprice v8.01 or other vendor's
enterprise/corporate
solution.
You also mentioned Ad-aware. I hope that was Ad-aware SE v1.06 but is wa the
full. paid for
version, not the free personal use version. The difference is the fiull paid
for version
afford prevention and potection rather than detection and removal after-the-fact.
I suggest the professional version of SuperAntiSpyware for anti spyware
protection --
http://www.superantispyware.com/
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
|
Posted by karl levinson, mvp on July 22, 2006, 7:21 am
If you were Registered and logged in, you could reply and use other advanced thread options
> You also mentioned Ad-aware. I hope that was Ad-aware SE v1.06 but is wa
> the full. paid for
> version, not the free personal use version. The difference is the fiull
> paid for version
> afford prevention and potection rather than detection and removal
> after-the-fact.
... also, the license for the "free" personal version of Ad-aware is not for
business use, legally speaking.
The one popular tool I didn't see the OP mention was Spybot Search &
Destroy.
If the OP is already using McAfee VirusScan 8 or TOPS along with Websense
configured to block adware / spyware, it may not be necessary to permanently
install an anti-spyware software. I think it's common to rely on one
antispyware [or antivirus that does spyware] on the desktop, but still need
and use a variety of on-demand spyware removal tools for one-time removal by
your computer support staff, accepting the fact that no anti-spyware
software detects everything. This is similar to how antivirus blocks most
things, but when things slip through, sometimes you have to do a one-time
scan with Stinger or a different AV product on an ad hoc basis.
|
|
Posted by David H. Lipman on July 22, 2006, 8:36 am
If you were Registered and logged in, you could reply and use other advanced thread options
|
| ... also, the license for the "free" personal version of Ad-aware is not for
| business use, legally speaking.
|
| The one popular tool I didn't see the OP mention was Spybot Search &
| Destroy.
|
| If the OP is already using McAfee VirusScan 8 or TOPS along with Websense
| configured to block adware / spyware, it may not be necessary to permanently
| install an anti-spyware software. I think it's common to rely on one
| antispyware [or antivirus that does spyware] on the desktop, but still need
| and use a variety of on-demand spyware removal tools for one-time removal by
| your computer support staff, accepting the fact that no anti-spyware
| software detects everything. This is similar to how antivirus blocks most
| things, but when things slip through, sometimes you have to do a one-time
| scan with Stinger or a different AV product on an ad hoc basis.
|
But I would NOT suggest Stinger. It has too limited a Target list of ~55
infectors which
are mostly Internet worms. A broad-spectrum "On Demand" anti virus scanner is
suggested.
Using the McAfe Commnad line Scanner you have 201,000 signatures rather than 55
signatures.
That's a BIG difference. This is the reason I created the Multi AV Scanning
Tool which
contains the McAfee Command Line Scanner and the scanners from Trend Micr,
Sophos and
Kaspersky as well.
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.
You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file. http://www.ik-cs.com/multi-av.htm
Additional Instructions:
http://pcdid.com/Multi_AV.htm
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
| Similar Threads | Posted | | permanent solution to viruses | July 10, 2006, 6:26 am |
| Looking for Single Sign on (SSO) solution | April 9, 2008, 3:06 am |
| Re: Advice - solution for a company server | September 26, 2005, 10:45 am |
| Advice - solution for a company server | September 26, 2005, 9:50 am |
| Solution for securing VPN/RAS using 2-factor SMS Authentication | June 12, 2005, 5:37 am |
| Looking for a proximity solution for Active Directory authentication | April 27, 2006, 4:39 pm |
| Cheap Easy Smartcard Solution for DC Logins? | January 28, 2007, 8:47 pm |
| Web Browser Password Change Solution Needed | September 13, 2007, 10:56 am |
| Any advantages by running a two-level certificate solution? | May 12, 2008, 7:12 pm |
| Sign a certificate from a sperate application with my PKI solution | October 9, 2008, 10:52 pm |
|
XML site map