30 replies to this topic

[RLD]

New member here. Just purchased MBAM.
I was having browser hijacks and various problems.
I downloaded the trial Kaspersky Anti Virus and did multiple scans.
Still many weird things happening.
Found MBAM and tried the free trial...BAM!...over 100 trojans and various infections found.
After quarantine I have no more problems and have purchased MBAM.
My question is, does this experience mean that Kaspersky Anti Virus just doesn't work?
I was thinking about a purchase but it obviously couldn't detect my problems.
Do I need additional protection on top of MBAM? Any thoughts?
Thanks,
RLD

[wyrmrider]

Congratulation on the purchase of MBAM the PAID edition provides valuable real time protection at boot time as opposed to the FREE "ON DEMAND" scanner (which is, of course very valuable in it's own right)

Kaspersky PAID is a great Antivirus system however the FREE Scan only scans and reports it does not remove anything

let' s start from the top
Is there currently an AV installed on this machine??? - not counting any on line scanners like Kaspersky
was there ever an installed run at boot up AV on this machine or preinstalled?
if so and you wish to install or reinstall any AV the OLD AV MUST be completely removed
many AV's Norton/Symantec, McAfee, AVG etc have special additional removal tools which MUST be utilized for a complete clean up

If you do NOT have a current active AV I would suggest AVAST free
It would make a great companion to MBAM
If you do have a current AV and it was installed over the top of an old AV even if the old AV was removed with Add-remove programs I would suggest the complete uninstall/ repair or reinstall drill
no one like "unpredictable" behaviour- very hard to diagnose

sorry for the long and redundant- it's just that this is a very common yet serious problem

After a complete/ updated AV scan I suggest that you visit the Malware Removal forum
read the stickies post what is requested
be prepared to follow instructions EXACTLY
make the title of your post meaningful
AND
DO NOT REPLY TO YOUR OWN FIRST POST

[exile360]

Pretty sure he mentioned he used the TRIAL of Kaspersky, which is the full product with a license that's only good for like 30 days. That being said, I do recommend the layered approach (using a good anti-virus along with a good anti-spyware program, both with realtime protection). Kaspersky has an excellent detection rate of viruses and other malware (I use it myself), but MBAM is great in it's own right, as it finds certain threats and new variants of known threats that all anti-virus softwares often miss, that being said, MBAM does not detect everything. It is designed to target certain very specific classes of malicous software that often goes undetected or is unremovable by anti-virus and even other anti-spyware products. I don't recommend running Malwarebytes by itself for that reason, it is not designed to replace a good anti-virus software (like Kaspersky), merely to compliment your anti-virus protection and make your computer's security more complete. By the way, although I haven't seen your log, I would guess that many of the detections made by MBAM were registry/file entries that were all part of only a few actual infections (that's one of the nice things about MBAM, it usually gets rid of every trace of an infection). Anyways, I'd say use Kaspersky and MBAM and you should be in pretty good shape.

[GT500]

RLD, Malwarebytes' Anti-Malware (MBAM) is designed to catch and remove things that your anti-virus software does not. It cannot take the place of a good anti-virus, and a good anti-virus cannot do what MBAM does.

Note that Kaspersky is one of the top anti-virus solutions, and that their response times are unparalleled. While most of us here recommend AntiVir, Kaspersky is also very good, and will usually do a better job at detection than most of it's competition.

[RLD]

Thanks for the replies folks...
Yes, the Kaspersky trial is fully functional for 30 days.
I was one step away from reformatting before MBAM fixed everything.
I've kind of lost respect for Kaspersky for the moment...I'm going to test some other products...trying Avira right now.
The bottom line seems to be; use an AV in conjunction with MBAM.
Thanks !

[JeanInMontana]

RLD, on Sep 30 2008, 09:52 AM, said:

New member here. Just purchased MBAM.
I was having browser hijacks and various problems.
I downloaded the trial Kaspersky Anti Virus and did multiple scans.
Still many weird things happening.
Found MBAM and tried the free trial...BAM!...over 100 trojans and various infections found.
After quarantine I have no more problems and have purchased MBAM.
My question is, does this experience mean that Kaspersky Anti Virus just doesn't work?
I was thinking about a purchase but it obviously couldn't detect my problems.
Do I need additional protection on top of MBAM? Any thoughts?
Thanks,
RLD

Yes you need more than just two programs. As stated above a layered approach to protection is essential.

All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal.

A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient.

Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.

Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.
MBAM

Avira Antivir

Spybot Search & Destroy Be sure to use the immunize feature.

SpywareBlaster from Javacool Software

WinPatrol by BillPStudios

SiteHound by FireTrust

RogueRemover

hpHosts

The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free


You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.

[wyrmrider]

Lots of good advice in this thread
you DO neet Both MBAM and a good AV Avast-Antivir-Kaspersky
and Jean in Montana's recommendations are based on years of experience
however
you need to COMPLETLY remove Kaspersky before installing Antivir - avast or any other AV
kaspersky sometimes has to be removed in safe mode and the used to recommend
Download KAV_Registry_Clean.zip from here
however I do not know if this is current
I would sugest going to the Kaspersky website and check
You do NOT want to AV's or portions fo two AV's installed at the same time

[G1111]

I use both MBAM and KAV (both with upfront protection enabled). I have both a hardware and software firewall (OutPost), a HIPS (Ghost Security AppDefend/Regdefend and WinPatrol) and a HOSTS file (MVPS & hpHosts with HostsXpert). They all run smoothly together. I believe you need something to counter a 0-Day type attack. Signature based programs can't handle them until they get a sample and then add an item to their database. KAV is very fast at that, but for me not fast enough.

[v.tew]

G1111, on Oct 2 2008, 03:04 PM, said:

a HIPS (Ghost Security AppDefend/Regdefend and WinPatrol)

What's HIPS?

[AdvancedSetup]

Short for host-based intrusion prevention system, HIPS is an IPS or intrusion prevention system designed for security over host-based systems where intrusions and infections are dealt with at the individual workstation level to provide a more effective level of security.

[YoKenny1]

RLD, on Oct 1 2008, 11:52 AM, said:

Thanks for the replies folks...
Yes, the Kaspersky trial is fully functional for 30 days.
I was one step away from reformatting before MBAM fixed everything.
I've kind of lost respect for Kaspersky for the moment...I'm going to test some other products...trying Avira right now.
The bottom line seems to be; use an AV in conjunction with MBAM.
Thanks !

I agree.

I tried Kaspersky on my XP Pro SP3 system and it detected McAfee SiteAdvisor as a virus and removed it.

As I did not want to continue using Kaspersky I tried to un-install it then install Avast! but no matter what I tried I could not so I tried using System Restore to go back before it was installed but that failed also.

I resorted to FORMAT then install from the recovery partition then apply a SP2 CD that I have from Microsoft then get the SP3 updates.

I use Avast! Free, hpHosts and MVPS HOSTS files, WinPatrol PLUS and Windows Defender.

I do not use a software based firewall due to my ISP supplied SpeedStream 6520 modem that has a built in firewall and after watching these 10 minute videos:
http://www.besttechie.net/2008/08/20/malwa...loper-interview

[lordpake]

YoKenny1, on Oct 3 2008, 01:26 PM, said:

As I did not want to continue using Kaspersky I tried to un-install it then install Avast! but no matter what I tried I could not so I tried using System Restore to go back before it was installed but that failed also.

You do know Kaspersky provides a removal tool in case their product is not properly removed via conventional methods?

[DaChew]

I did a little testing of teatimer and winpatrol running together, it lead me to mistrust any duplicate resident layer of protection.

That's the catch 22, trying to understand what each component of a security program does is beyond many user's means.

[wyrmrider]

Win patrol is NOT real time
it is an after the fact scanner
I use both on my W98 machine- no problems

those using the 30 day free trial need to run the removal tool if not purchasingnot just using add/remove programs

[nosirrah]

On a windows 98 system whitelist software is the only way to go if you do any kind of surfing as there are multiple unpatched security holes that will never be patched .

[wyrmrider]

System safety monitor

this machine basically just for word

other machine is w2k sp4

[maiki]

DaChew, on Oct 3 2008, 06:23 AM, said:

I did a little testing of teatimer and winpatrol running together, it lead me to mistrust any duplicate resident layer of protection.

That's the catch 22, trying to understand what each component of a security program does is beyond many user's means.

This is a little off the main topic, but which do you think works better, as a background checker of system changes--tea-timer or winpatrol?

[JeanInMontana]

wyrmrider, on Oct 8 2008, 09:53 PM, said:

Win patrol is NOT real time
it is an after the fact scanner
I use both on my W98 machine- no problems

those using the 30 day free trial need to run the removal tool if not purchasingnot just using add/remove programs

WinPatrol is too real time. It has real time options for IE changes and for the Hosts file. Screen shot attached.



@ maiki Both are good, but TeaTimer is a bit harder for someone who might not know what is good and what is bad to allow to run. WinPatrol gives the option to look up the stuff Scotty barks at in the data base and see what it is. WinPatrol is designed to do only this. TeaTimer is part of a great removal program and a secondary part of that program, it can interfere with other good tools too often if the user doesn't know what to allow. In the HJT forum we ask it is turned off during the removal process for this reason. IMO you can't beat Scotty for the job, Iv'e been saved from drive by Trojans by Scotty when nothing else had a clue.

Attached Images

• 

[berny]

JeanInMontana, on Oct 13 2008, 09:25 PM, said:

Iv'e been saved from drive by Trojans by Scotty when nothing else had a clue.

Hi Jean,

I have got WinPatrol Pro which i don't launch at StartUp to avoid to many additional shields
over and above antivirus and antispyware real-time protection.

I am just running from time to time WP on demand to check StartUp entries, IE Helpers, Services ... etc.
When reading your post i conclude that i better run WP at startup which i am not doing now.
I also use Spyware_Blaster which is in fact not a Real_Time shield ...
Is this not "overprotecting" my system ?

Thanks for any comment in this subject.

Berny +++

[JeanInMontana]

If you have paid for WP then by all means run it at startup. That is how it does the best protection, it is what it is designed to do. SpywareBlaster is a great program and doesn't do anything WP does and vice versa. Keep it and WP both on the job, a hosts file and the immunization of the sites in Spybot Search & Destroy are not a bad idea either and a program like SiteHound or SiteAdvisor. No your not overprotecting.