Navy Net - Royal Navy Community

Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

(Scumware) Should we trust Cleaners or not?

NotmeChief

Banned
We have all been infested with malware and all have at least some Adware present on our computers at this very moment. There are a lot of programs available for download to clean these up and to increase the speed of our PCs, some are free and some cost money.

Which ones are genuine and which ones not?

I would never recommend those that do a scan for free and then charge to download the cleaner. These invariably give false positives when the scan is done telling you that you have umpteen viruses and worms and countless other nasties. These positives are part of the program with the intention to harass and frighten and to coerce you into paying for the cleaning download. Never trust them.

Viruses.

You can’t clean a compromised system by using a virus scanner. To tell you the truth, a fully compromised system can’t be trusted. Even virus scanners must at some level rely on the system to not lie to them. If they ask whether a particular file is present, the attacker may simply have a tool in place that lies about it, (rootkit).

If you can guarantee that the only thing that compromised the system was a particular virus or worm and you know that this virus has no back doors associated with it, and the vulnerability used by the virus was not available remotely, then a virus scanner can be used to clean the system.
For example, the vast majority of e-mail worms rely on a user opening an attachment. In this particular case, it is possible that the only infection on the system is the one that came from the attachment containing the worm. However, if the vulnerability used by the worm was available remotely without user action, then you can’t guarantee that the worm was the only thing that used that vulnerability. It is entirely possible that something else used the same vulnerability. In this case, you can’t just patch the system.

Patches.

For those using Windows, ensure that the automatic updates is enabled, or if you don't want that, then make sure you visit the Microsoft Update site Microsoft Updates often. Microsoft issues a vunerability remover every first Thursday of the month, use it before you get a problem.

You can’t clean a compromised system by using some “vulnerability remover.†Let’s say you had a system hit by Blaster. A number of vendors published vulnerability removers for Blaster. Can you trust a system that had Blaster after the tool is run? I wouldn’t. If the system was vulnerable to Blaster, it was also vulnerable to a number of other attacks. Can you guarantee that none of those have been run against it? I didn’t think so.


You can’t clean a compromised system by patching it. Patching only removes the vulnerability. Upon getting into your system, the attacker probably ensured that there were several other ways to get back in.

You can’t clean a compromised system by removing the back doors. You can never guarantee that you found all the back doors the attacker put in. The fact that you can’t find any more may only mean you don’t know where to look, or that the system is so compromised that what you are seeing is not actually what is there.

You can’t clean a compromised system by reinstalling the operating system over the existing installation. Again, the attacker may very well have tools in place that tell the installer lies. If that happens, the installer may not actually remove the compromised files. In addition, the attacker may also have put back doors in non-operating system components.

You can’t trust the event logs on a compromised system. Upon gaining full access to a system, it is simple for an attacker to modify the event logs on that system to cover any tracks. If you rely on the event logs to tell you what has been done to your system, you may just be reading what the attacker wants you to read.

The only guaranteed way to clean a compromised system is to flatten and rebuild. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).

If you use your PC for Banking, Business, Important things and surfing, then you are vunerable. You should never use a Business PC for general surfing, buy another one for that.

For the rest of us, just ensure you have taken precautions, (not condoms), and update what we have installed regularly.

Who to trust.

Only trust programs from recognised vendors and coders or as recommended by well known and recognised computer magazines.

A few very trusted names for antivirus to remember are:


Aladdin Knowledge Systems
Alwil Software
Authentium Inc
Computer Associates International Inc
Dr Web Ltd
Eset
FRISK Software International
F-Secure CorpGFI Software Ltd
Grisoft
HAURI Inc
Kaspersky Lab
McAfee Inc
Microsoft Corporation
MicroWorld Technologies Inc
Norman
Panda Software
Proland Software
Sophos
Sybari Software Inc
Symantec
Trend Micro Inc

For malware.


Internet Security - Kaspersky
Lavasoft - Adaware
Safer Networking - Spybot Search & Destroy.


This list is not exhaustive.

There is one thing to bear in mind if you are contemplating Symantec Norton.

Norton contains 'Spyware' and Spybot search and destroy will pick this up.

Symantec advise the removal of Spybot for this very reason and to hide the fact that Norton contains spyware.

Do Not Remove Spybot, or at least install it again after installing Norton.

Linux

Linux has vunerablilities just like Windows, these may be different vunerabilities, but they are there all the same.

The advantage at present with Linux is it's low take up, so it is not newsworthy or profitable to attack it. There are attacks frequently though so just be aware of that.
It is becoming more popular and some big businesses are taking it up, especially for servers, so it will come under attack more often as it gains in popularity.

.
 

AfterSSE

War Hero
Just like to add to this very informative post.

For those that like to download everything or you are unsure if it's legit or not, compare it to this websites listings... :thumright:

Dodgy Programs
 

Quantum

Badgeman
Excellent advice, but may I add a couple of points?
1. You can clean a system using a virus scanner, you just have to do it from outside the system, as many of the worst trojans will run a hidden process which suppresses the installed anti-virus. An external command line scanner (such as Clam AV) will usually clean them out.
2. A good Process viewer (I use Daphne) will show hidden processes and allow you to kill them which often re-enables the installed anti-virus software
3. There is a resurgence of boot sector viruses which will linger in the boot block to come back after a reinstall. Most BIOS setup programs have the option to make the CMOS write only, it is sensible to do this. Reformatting will not necessarily get rid of one of these as a normal reformat does not reset the master boot record, only the partition table. Running Fdisk /MBR usually does the trick.
4. Always back up data you want to keep. I prefer to use a separate partition to keep data on, but still back it up anyway. Data recovery is expensive.
5. Remember, if you've found a virus, scan again, there will almost invariably be another one hiding under the first one, and another and another.
6. A good packet sniffer (I use Ethereal) can tell you if you're compromised by recording all the outgoing and incoming connections from your PC.

NMC is bang on in the assertion that you can't trust a compromised system, but sometimes you have to get the system working in order to recover important files - this happens a lot when people don't back up their stuff. The points I have made above are (with the exception of 3) aimed at those who must, for whatever reason, rescue their computer. It's cheaper, safer and less hassle to zap it and start again.
 

NotmeChief

Banned
Quantum said:
Excellent advice, but may I add a couple of points?
1. You can clean a system using a virus scanner, you just have to do it from outside the system, as many of the worst trojans will run a hidden process which suppresses the installed anti-virus. An external command line scanner (such as Clam AV) will usually clean them out.
2. A good Process viewer (I use Daphne) will show hidden processes and allow you to kill them which often re-enables the installed anti-virus software
3. There is a resurgence of boot sector viruses which will linger in the boot block to come back after a reinstall. Most BIOS setup programs have the option to make the CMOS write only, it is sensible to do this. Reformatting will not necessarily get rid of one of these as a normal reformat does not reset the master boot record, only the partition table. Running Fdisk /MBR usually does the trick.
4. Always back up data you want to keep. I prefer to use a separate partition to keep data on, but still back it up anyway. Data recovery is expensive.
5. Remember, if you've found a virus, scan again, there will almost invariably be another one hiding under the first one, and another and another.
6. A good packet sniffer (I use Ethereal) can tell you if you're compromised by recording all the outgoing and incoming connections from your PC.

NMC is bang on in the assertion that you can't trust a compromised system, but sometimes you have to get the system working in order to recover important files - this happens a lot when people don't back up their stuff. The points I have made above are (with the exception of 3) aimed at those who must, for whatever reason, rescue their computer. It's cheaper, safer and less hassle to zap it and start again.

Thanks Quantum. Of course there are a million other things to consider in the naughty world of hacks, not the less that virus writers are getting more sophisticated and a darn sight more clever as they progress.
We can't go too deep into it as we will end up with a book the size of war and piece.

It is always a good idea to scans from outside or even to go into safe mode (F8) to do scans, but not a lot have the time or inclination to do even that, and the likes of Adaware won't scan in safe mode.

There are some good measures that can virtually eliminate attacks all together. When testing for Microsoft, I allowed a pc online with just Vista and no protection for three months. The system was locked down so tight that I never had a single invasion. Unfortunately, Symantec complaind that Vista locked them out of the kernal and threatened MS with an Anti-competitive sues if they did not let their Norton into the kernal. Of course, MS had to capitulate, and there was the first compromise of Windows Vista.

I also need to mention that backups can also be compromised by decent self replicating scumware, so should not be taken that they will be 100% clean if you have had an attack.

Also it is very rare for a boot sector bug to survive format and reinstall. What the format does not invalidate, the setup usually gets.
 

NotmeChief

Banned
pluto said:
Have had excellent results removing spyware using this: http://www.malwarebytes.org/

It's certainly coming up in the world.

Unfortunately the download mirrors include 'brothersoft.com' which has dozens of fake/scam malware programs so one of the other mirrors should be used to download from.

Malwarebytes is looking into the use of brothersoft.com as a mirror for downloading it's products.
 
NotmeChief said:

:eek:mfg: ...Are you sure???!!!
 

NotmeChief

Banned
For those who are experiencing slow down, it is usually due to the junk left over from websites, defunct cookies and broken/no longer required links within the registry.

Probably the most respected cleaner of computer junk is Ccleaner. Tick 'all' the boxes except the bottom one 'Wipe Free Space' as that can take some time. You can, of course, tick that one if you are off for a cuppa.

When the cleaner has done it's work, click on the 'Registry' icon on the left and give the registry a good clean as well. I have never had to use the save registry to backup, it only gets stuff no longer of any use.


When you have done cleaning up your drive, it's time to tidy it up using Defraggler which is from the same company and both are free.
 

RabC

MIA
NotmeChief said:
For those who are experiencing slow down, it is usually due to the junk left over from websites, defunct cookies and broken/no longer required links within the registry.

Probably the most respected cleaner of computer junk is Ccleaner. Tick 'all' the boxes except the bottom one 'Wipe Free Space' as that can take some time. You can, of course, tick that one if you are off for a cuppa.

When the cleaner has done it's work, click on the 'Registry' icon on the left and give the registry a good clean as well. I have never had to use the save registry to backup, it only gets stuff no longer of any use.


When you have done cleaning up your drive, it's time to tidy it up using Defraggler which is from the same company and both are free.
Ran cleaner no problem then started defraggler and even though I use the vista defrag weekly its now 8 hours and still only 58% complete, so who is wrong?
 

The Admiral

Midshipman
Chaps , check out Vipre.com a fair dinkum anti V thing it does work. without reporting back to the CIA or FBI on your activities.
Not that you old gueezers present a threat any more than I.
Unlike Nortons or other US based programs that will do this shit.
Sure it will cost you but very little worth a go check it out
Seems pretty cool
 
Chaps , check out Vipre.com a fair dinkum anti V thing it does work. without reporting back to the CIA or FBI on your activities.
Not that you old gueezers present a threat any more than I.
Unlike Nortons or other US based programs that will do this shit.
Sure it will cost you but very little worth a go check it out
Seems pretty cool

Ermm - an old thread BTW and if seeking advice on this subject RR would not appear to be the first place most folk would look.

After all, look back at what happened to NMC & his poor relatives ... .... . ..

Meanwhile, welcome to the site.

Bob
 

21_Man

War Hero
Good info on this thread...many thanks

Fancy doing a similar thing on Backups?

I had Acronis and it made life so much easier, but have had to reformat the box 2 days ago due to gremlins

Before I lad up again, are there any better ones?
 
Thread starter Similar threads Forum Replies Date
MoD_RSS Puppy lovers should paws for thought to avoid being ‘Petfished’ this Christmas, warns Chief Veterinary Officer MoD News 0
MoD_RSS Guidance to parents and guardians: when you should book a coronavirus test for your child MoD News 0
G Should I tell my AFCO? Joining Up - Royal Navy Recruiting 3
K Passed medical, what is next and how long should I expect before intake? Joining Up - Royal Navy Recruiting 2
MoD_RSS How should competition policy react to coronavirus? MoD News 0
MoD_RSS 8 things you should know about your student loan MoD News 0
C Should I inform my afco about going to doctors? Joining Up - Royal Navy Recruiting 6
M Should I join the Reserves or Regular? Joining Up - Royal Navy Recruiting 4
MoD_RSS General public should not have to pay for 101 non-emergency calls from tomorrow MoD News 0
MoD_RSS Should an oral hearing be impacted by the coronavirus? MoD News 0
J Joining as a chef, should I join the RFA or the RN? RFA 11
J Should I join the RN or RFA as a chef. Joining the Royal Navy 6
MoD_RSS Housing Secretary: beautiful homes should become 'norm' MoD News 0
P How long before should you prepare for the PJFT? Joining the Royal Navy 20
MoD_RSS Charity can and should lead the way in taking people’s expectations seriously MoD News 0
slim Anyone should be allowed to 'identify' as black regardless of the colour of their skin or background, say university leaders Current Affairs 16
slim Should ID be required when Voting? Current Affairs 36
D Should I wait until PRNC? Joining Up - Royal Navy Recruiting 2
slim Should Retired Old and Bold Pharts Leave RR? Diamond Lil's 59
U First deployment coming up soon, what should I bring? RFA 12
MoD_RSS All new rapid chargepoints should offer card payment by 2020 MoD News 0
B What should I do. Joining Up - Royal Navy Recruiting 2
MoD_RSS Speech: International community should be united in demanding peace in Sudan and Darfur MoD News 0
skyvet Chas Cooke (Why Should Britain Tremble) The Book Club 5
B What should I do? UPO/Careers Office 36
MoD_RSS Speech: Effective solutions to gender issues should be sustained: speech by Philip Smith MoD News 0
MoD_RSS News story: Key facts you should know about the apprenticeship levy MoD News 0
MoD_RSS Speech: ‘What should the Spending Review focus on?’: speech by the Chief Secretary to the Treasury MoD News 0
slim Should the average white person apologise for Slavery? Diamond Lil's 26
MoD_RSS Press release: Damian Hinds: School leaders should ditch email culture to cut workload MoD News 0
MoD_RSS Press release: Girls’ education should be a development priority for the Commonwealth MoD News 0
MoD_RSS Press release: Business and communities should plan now for climate change MoD News 0
MoD_RSS Press release: Five steps motorists should take to avoid deer collisions this autumn MoD News 0
N Should I even be considering this? Joining Up - Royal Navy Recruiting 9
B Should I have received an application form in the post? Joining Up - Royal Navy Recruiting 2
vauxhall What is Abatement and Why Should I Care? Finance & Pensions 0
T what format and how long should my urn be. Joining the Royal Navy 14
R Should I wait? Joining Up - Royal Navy Recruiting 28
Maxpowers AET What aspects of math should I practice? The Fleet Air Arm 52
R How long should I expect to wait for my start date? Joining Up - Royal Navy Recruiting 5
TechFin Heading to the Careers Office, Anything I should ask? Joining Up - Royal Navy Recruiting 8
S How far past basic fitness requirements should I aim for? Joining Up - Royal Navy Recruiting 5
A How much should I be able to squat? Health & Fitness 5
Hooly How can the Navy operate with 35% of PO(ET) missing. Should Industry be taxed for poaching Engineers The Fleet 18
Walter_white Should I do A levels and become an officer even though I've already applied as a rating? Joining the Royal Navy 25
Sumo Just another day at the office or should have been? Miscellaneous 4
U temporary medicaly unfit - how long should it take Joining Up - Royal Navy Recruiting 12
BillyNoMates Every Forum should have its' own theme music. The Gash Barge 1
joeG How much money should i take to raleigh? Joining Up - Royal Navy Recruiting 2
Jack90 How long should I wait? Joining Up - Royal Navy Recruiting 2
Similar threads


















































Latest Threads

New Posts

Top