Security Basics mailing list archives
RE: RE: Best spyware program
From: "Joe George" <j.george () conservation org>
Date: Mon, 1 Aug 2005 09:42:09 -0400
I agree with these sentiments as well. The 100% best solution has been to re-image a troubled computer and never allow it a connection to the Internet. Doesn't seem so efficient and is pretty much a waste of a computer, right? I have a hodgepodge of freeware and commercially-available anti-spyware apps, such as those mentioned by Mike. Some do indeed work better than others, that I have noticed, but it can be very frustrating sometimes. I've encountered spyware processes that specifically target the application which is designed to counter it. In cases like that, it is good to have handy the older version of the anti-malware application. All-in-all, it is an inordinate waste of time for any systems and support administrator. Joe -----Original Message----- From: Mike Fetherston [mailto:mike_sha () shaw ca] Sent: Wednesday, July 27, 2005 8:16 AM To: knieveltech () yahoo com; security-basics () securityfocus com Subject: RE: RE: Best spyware program
In my experience none of the spyware scanners ever seem to get a
system
truly clean, especially when dealing with some of the more devious
stuff
out there that keeps a process running with SYSTEM privs. They can be handy for early warning though, so I suppose it depends on what your
focus
is. If you're looking for something to tip you off to a possible infection, any of a number of scanners works great. If you're actually trying to get the system clean, nothing I've tried so far competes
with
booting to safe mode and running hijack this.
That's been my experience as well. I have the opportunity to see many infected machines a week all with different symptoms, so I've been able to try out the order of scanning and cleaning with each Spybot, Ad-Aware, MSAS, and HijackThis. All find traces that the other left behind no matter what order they've been run in. For a really bad infection I will do as you mentioned above as well as running the other three that I mentioned all in Safe Mode. In addition, I will enumerate the startup registry entries and go hunting for the individual files. You'd be surprised how many times these scanners leave the .exes and .dlls behind!! While you're in %systemroot%\system32 and other places that spyware favours, it doesn't hurt to manually scan the file list. Mike Fetherston
Current thread:
- Re: Best spyware program bytesman (Aug 02)
- Re: Best spyware program Saqib Ali (Aug 02)
- <Possible follow-ups>
- RE: Best spyware program Doug . Janelle (Aug 02)
- RE: RE: Best spyware program Joe George (Aug 02)
- RE: RE: Best spyware program Mancini, Jack (Aug 03)
- RE: Best spyware program Joshua Sanders (Aug 03)
- RE: Best spyware program Craig Wright (Aug 03)