Transcript Slide 1

Identifying the Enemy
Today in the all out fight with spyware, adware,
malware and viruses we as consumers have a
plethora of options when it comes to software
programs for removing these pesky bugs.
I keep my eyes open for new software and utilities
to remove known issues and even go as far as
infecting test systems to run trials of new programs.
Program Testing
First let’s talk about the computer we used, so that you know what we are working
with.
Dell Demission 8200
Windows XP Home sp2 all updates and IE7
P4 2.4
512 Memory
Integrated sound & video
80G HDD
We did not install any other software at the time of the infestation.
Please note that all programs were updated to the latest version.
When testing each program we did not remove the infections, as we
wanted to see what program would detect the most spyware.
I want to take some time to talk about what an infected computer looks like, what
programs I installed to infect the computer, and what program that I chose to use to
identify threats.
From working on so many computers I have
found the following to be the most common
type of spyware, adware and malware. Using
this knowledge, I found and downloaded the
most infectious programs:
BearShare
SharePro
Limewire
Kazaa
Hotbar
WeatherBug
Freeze.com
Coupon.com
Registry Power Cleaner
Weather Bug.com
MyWay
Starware
So what does an infected
computer look like?
Locked Desktop Images
Internet Explorer Tool Bars
Fake Blue Screens
SUPERAntiSpyware (What the company claims)
SUPERAntiSpyware is a powerful anti-spyware solution designed to be the first
line of defense and/or to compliment your existing security solution.
SUPERAntiSpyware will detect and remove the toughest of spyware infections
such as Gromozon, Zlob, SmitFraud, Vundo, WinFixer, SpywareQuake,
VirusBurst and well over 100,000 other harmful
application components.
SUPERAntiSpyware detects and removes Adware, Spyware, Malware, Trojans,
Parasites, Dialers, Rootkits, Worms, Browser HiJackers and Keyloggers.
SUPERAntiSpyware features many unique technologies such as our First Chance
Prevention system that detects and removes threats before your system starts in
order to block infections from infecting and re-infecting your system during the
startup and shut down sequences.
For more information please go to www.SUPERAntiSpyware.com
Adaware 2007 (What the company claims)
Ad-Aware is no ordinary anti-spyware, it is the original anti-spyware product,
offered to consumers worldwide to protect their personal and home computers
from malware attacks. And today, with over a quarter of a billion downloads,
computer users put their trust in Ad-Aware more than any other anti-spyware
software program.
For more information please go to www.adaware.com
SpyBot Search and Destroy (What the company claims)
Spybot - Search & Destroy detects and removes spyware, a relatively new kind
of threat not yet covered by common anti-virus applications. Spyware silently
tracks your surfing behavior to create a marketing profile for you that is
transmitted without your knowledge to the compilers and sold to advertising
companies. If you see new toolbars in your Internet Explorer that you haven't
intentionally installed, if your browser crashes inexplicably, or if your home
page has been "hijacked" (or changed without your knowledge), your computer
is most probably infected with spyware. Even if you don't see the symptoms,
your computer may be infected, because more and more spyware is emerging.
Spybot-S&D is free, so there's no harm giving it a try to see if something has
invaded your computer.
For more information please go to www.spybot.com
Counterspy (What the company claims)
-Heavy-duty Anti-Spyware protection, but light on CPU and Memory.
-Kernel-level Active Protection™ guards you 24/7.
-Hybrid design combines VIPRE Anti-Malware technology with our award - winning
spyware detection and removal.
-Deep-rooted malware is exterminated at boot time, before Windows loads.
-Small, regular definition updates greatly reduce update downloading time.
-Over 2,000,000 threat definitions!
-Vista compatible: Integrates seamlessly with the Vista Windows Security Center.
For more information please go to www.sunbelt-software.com
A-Squared (What the company claims)
Security must not be a privilege. Under this motto, Emsi Software provides
the Malware scanner a-squared Free completely free of charge for private
use. But it is not a very limited version, it is a full tool to clean your computer
from Malware. Not only Spywares, as detected by classic Anti-Spyware
programs, but also especially Trojans, Backdoors, Worms, Dialers,
Keyloggers and a lot of other destructive pests, which makes it dangerous to
surf the web.
For more information please go to www.emsisoft.com
The latest version of avast! antivirus kernel features outstanding detection
abilities, together with high performance. You can expect 100% detection
of In-the-Wild viruses (viruses already spreading between users) and
excellent detection of Trojan horses.
For more information please go to www.avast.com
So we have our test computer that is widely infected and we have chosen
our programs to test. Now it’s time to do the testing.
However, before we go to the results let me say a few things about removing
infections from your computer.
Firstly, as far as I can see there will never be just one program that will
remove 100% of all infections.
So you will need to use multiple programs to do the job. It is not unheard of
to use 10-15 programs to clean up a computer taking, in some cases, 4+
hours to do so.
In most cases you can’t use the everyday programs that I have tested to
remove some of the more severe programs that can infect your computer. I
will go over some tools that can help you in removing those programs later
on.
The Numbers
ASquared Found 1175
Super Antispyware Found 700
Adaware 2007 found 323
SpyBot Serch and Destroy found 252
Counterspy found 2995
Avast N/A
What I thought about each program
SUPERAntiSpyware
Why did I use this program?
This program does find some of the hard ones, but it does not usually remove all of
them; however, knowing the computer is infected with a specific piece of spyware
can sometimes be half the battle. From that point on you can use other utilities to
remove those threats. So this program is good at removing some threats, but is better
at identifying them.
Adaware 2007
Why did I use this program?
Adaware is the most commonly used program and it’s a must for any tool kit for
programs to rid a computer of infestation. I like the old version better than the 2007,
updates are slow and you can tell that they are trying to sell you the upgrade.
I wish the program was more proactive about identifying threats that are not always not
considered adware, such as webshots and weatherbug, both which are known in the
industry as being adware and install related programs such as mysearch toolbar.
SpyBot Serch and Destroy
Why did I use this program?
Like Adaware I’m not a huge fan of their latest program release; slow and not very
accurate when it came time to detecting some of the less severe types of infestation.
However, if you are looking for an easy way to see if you have smitfraud then this is
not a bad way to use this program. I also have issues with the tea timer that is set in
the new program to run as default when running the installation; making it not the
most user-friendly program. (New Update today Feb 13th - a new release came out
and fixed the update time, so that the program acts as it use to) It’s still a good tool to
use, but don’t make it the only one you use.
Counterspy
Why did I use this program?
Smart, fast and reliable for the down and dirty jobs, this program is one of my
favorites. It can identify and remove some of the hardest pieces of infestations that I
have seen. You can see in the numbers that this program holds its own when it
comes to removing rogue programs. Again don’t make it your only tool, because you
will find yourself still infected.
A-Squared
Why did I use this program?
Another one of my top picks for removing known and some not so known
adware/spyware/malware. Fast scanning offers deep scans and, as you
can see in the numbers, has the ability to identify more than the others in
its field; however, it’s slow to update.
Keep in mind that some programs do not see each registry entry as a separate
infection; it looks at the name and sees that as one.
However, Counterspy and A-Squared did a better job identifying far more than
SpyBot and Adaware when comparing name and registry entry data.
The infections that each program found were not always the same, and had I used
just one program, I would not have cured the computer. In our test computer case I
had to use all the programs plus other utilities to completely clean the computer.
Proving the point that, it takes more than one program to do the job.
So what about those other utilities that I keep referring to? Well first let’s talk about
the risk involved in using these utilities before we delve into what they are and what
they do.
You must take extreme caution when using these programs. Some of these
programs expose Windows core elements allowing you to edit change and even
delete. If you are unsure of what you are doing then exit the program and do more
research, or take the computer to a repair shop. I know of one that is around…
combofix
This tool removes SurfSideKick, QooLogic, Look2Me or any combination of that
group.
Also nicely picks out Vundo infections.
One of the better things it does is pick files recently created, which can give clues to
other infections. You can use it to unhook any dll in the system32 folder. You can use it
to delete as many as 8 files using its command line functions.
Also it deletes a bunch of files related to the infections above automatically and is
updated fairly regularly.
SmitFraudFix is a tool that S!Ri created to remove rogue anti-spyware applications
that utilize Trojans to issue fake taskbar security alerts or that change your
background in order to scare you into purchasing the full commercial version of their
software..
These infections are difficult to remove and are usually bundled with so much other
malware, that traditional antispyware or antivirus programs have difficulty completely
cleaning these infections. Due to this fact, a specialized tool was created in order to
help a user clean their system of these infections.
VundoFix is a cleaning tool made by Atribune. Its purpose is to remove Vundo
infections from computers and it scans based on registry searching with an additional
CLSID list.
As stated above, and as the name implies, VundoFix's purpose is to remove Vundo from
infected computers. VundoFix has a relatively powerful method of brute scanning the
registry, as well as scanning for files that upload Vundo onto one’s computer. It also has
an attached "blacklist", and all the files in it are scanned. It also relies on a method of
examining the binary strings inside suspicious files to determine how the file behaves.
Because Vundo has random file names, it is not possible for VundoFix to have a 100%
detection rate. Often, the infected files must be removed using VundoFix's "Add more
files" option (they cannot be removed manually in any way).
HijackThis lists the contents of key areas of the Registry and hard drive--areas that are
used by both legitimate programmers and hijackers. The program is continually updated
to detect and remove new hijacks. It does not target specific programs and URLs, only
the methods used by hijackers to force you onto their sites.
As a result, false positives are imminent, and unless you're sure about what you're
doing, you should always consult with knowledgeable folks before deleting anything.
RogueRemover
RogueRemover is a tool that can remove various rogue antispyware, antivirus and hard
drive cleaning utilities. Rogue applications are applications that, rather than remove
spyware, provide false positives, distribute malware or spyware, advertise, or provide
useless uninstallers.
RegSeeker is a perfect companion for your Windows registry.
RegSeeker includes a powerful registry cleaner and can display various information like
your start-up entries, several histories (even index.dat files), installed applications and
much more. With RegSeeker you can search for any item inside your registry,
export/delete the results, open them in the registry. RegSeeker also includes a tweaks
panel to optimize your OS. Now RegSeeker includes a file tool to search for duplicate
files, bad shortcuts and more.
After 4 hours and many programs our test computer is
back to its good old self. As you can see, it takes time and
sometimes a lot of work to get the bugs off an infected
computer.
And as programs and people advance this will be an
ongoing battle, but with tools and knowledge this is a
battle that we can win!
Thank you!