Spybot S&D

[Jshine]

At KJamesJR,

I utilize Norton 360, Spybot S&D, and MalwareBytes Anti-Malware.
Three different applications for three different purposes. They are each well known, and generally agreed upon to being some of the most beneficial.

Norton 360 has a subscription fee, but can be used after your subscription ends (you just won't have access to new updates after the subscription ends then.) It offers top notch protection from viruses, spyware, malware, and security vulnerabilities. It also offers many other features, such as a PC backup tool.

Spybot S&D is an "oldy but goody". It has been around for a while because it's always helped in protecting computers from spyware. It has a strong database that is updated frequently, and offers other features such as web-immunization, and registry backup. It is a free program too, which is always a plus.

Finally, Malware Bytes is a really good tool for finding and removing malware, probably some of the most biggest issues people have on their computers in modern computing. It is also a free tool (but offers extra functionality if you choose to purchase it's full license.) It automatically removes the majority of problems people have when they get a fake "anti-virus" virus that asks to be purchased, and limits your computers functionality. Definitely a strong tool

And, if you wanted to go the extra mile, Windows Defender isn't too shabby itself.

-Jshine

 

[Trotter]

Spybot is totally awesome for removing viruses! I use it all the time.

You don't need to pay for anything to get rid of some of even the nastiest viruses.

I never use more than 6 things to remove viruses and its all free:
- Might have to boot into safe mode with networking.
- Turn off your system restore.
- Cleanup (just some basic software some guy made that deletes temp files and stuff). Get it here somewhere: www.stevengould.org
- Do a system scan using hijackthis and 'fix' everything that you are not sure of. You will want to get familiar with what this software detects in their scan if you want to be able to do things like get a computer with a nasty virus up and running in just a few minutes so that you can get back to work while running scans in the background to clean it up. I would recommend getting this software now and doing a scan just to see the list as it looks when your computer is NOT infected with a virus so that you can get familiar with everything that is legit. It is pretty easy to tell what is malicious when you are familiar with this scan and the legit things that it pulls.
- LSP fix is a must-have as well. Like hijackthis, run it right when you get it so that you know what legit stuff that it pulls.
- Use Malwarebytes AND spybot s&d to find and delete the remaining infected files. I always run both because these can find things that others do not.
- Use Process Explorer (free software as well) to find any files that nothing else has found if you know that there is still something wrong. A good way to find the infections is to watch this software as you do something like launch a web browser to see that is active while you do that.

I wouldn't pay a penny to any virus removal company . ... ever!

If you want virus protection that runs in the background AVG works good and is free as well.

: )

Spybot can't/won't touch a virus.

I recommend Microsoft Security Essentials over AVG.

At KJamesJR,

I utilize Norton 360, Spybot S&D, and MalwareBytes Anti-Malware.
Three different applications for three different purposes. They are each well known, and generally agreed upon to being some of the most beneficial.

Norton 360 has a subscription fee, but can be used after your subscription ends (you just won't have access to new updates after the subscription ends then.) It offers top notch protection from viruses, spyware, malware, and security vulnerabilities. It also offers many other features, such as a PC backup tool.

Spybot S&D is an "oldy but goody". It has been around for a while because it's always helped in protecting computers from spyware. It has a strong database that is updated frequently, and offers other features such as web-immunization, and registry backup. It is a free program too, which is always a plus.

Finally, Malware Bytes is a really good tool for finding and removing malware, probably some of the most biggest issues people have on their computers in modern computing. It is also a free tool (but offers extra functionality if you choose to purchase it's full license.) It automatically removes the majority of problems people have when they get a fake "anti-virus" virus that asks to be purchased, and limits your computers functionality. Definitely a strong tool

And, if you wanted to go the extra mile, Windows Defender isn't too shabby itself.

-Jshine

Nothing "Norton" will go into any computer I own and I always recommend to my clients that they move to something else. The reason for this is my past experiences with norton hogging system resources and basically making a computer completely useless. maybe they have changed since then, but once bitten twice shy.

As I said above, I recommend Microsoft Security Essential. It is free and does a bang-up job (better than almost any paid AV).

You can't beat Malwarebytes, period.

Windows defender has been incorporated into MSE (I think), or into Win7 itself. Either way, I am covered since I use both Win7 And MSE.

 

[KSoD]

Spybot is totally awesome for removing viruses! I use it all the time.

You don't need to pay for anything to get rid of some of even the nastiest viruses.

I never use more than 6 things to remove viruses and its all free:
- Might have to boot into safe mode with networking.
- Turn off your system restore.
- Cleanup (just some basic software some guy made that deletes temp files and stuff). Get it here somewhere: www.stevengould.org
- Do a system scan using hijackthis and 'fix' everything that you are not sure of. You will want to get familiar with what this software detects in their scan if you want to be able to do things like get a computer with a nasty virus up and running in just a few minutes so that you can get back to work while running scans in the background to clean it up. I would recommend getting this software now and doing a scan just to see the list as it looks when your computer is NOT infected with a virus so that you can get familiar with everything that is legit. It is pretty easy to tell what is malicious when you are familiar with this scan and the legit things that it pulls.
- LSP fix is a must-have as well. Like hijackthis, run it right when you get it so that you know what legit stuff that it pulls.
- Use Malwarebytes AND spybot s&d to find and delete the remaining infected files. I always run both because these can find things that others do not.
- Use Process Explorer (free software as well) to find any files that nothing else has found if you know that there is still something wrong. A good way to find the infections is to watch this software as you do something like launch a web browser to see that is active while you do that.

I wouldn't pay a penny to any virus removal company . ... ever!

If you want virus protection that runs in the background AVG works good and is free as well.

: )

Read Post #5 again and try to say that. Spybot's own website says that they dont do virus removal. Nice try on the pump for the software, but fail when i already quoted the developers website saying that they are for spyware removal only.

Plus who says i suggested a pay per use AV? Microsoft Security Essentials is completely free for life. Yet again failure to read the whole thread before making a post.

Trotter is completely correct. Windows Defender is built into Vista and Win7. But MSE has a better scanning engine and as such Defender is deactivated and it is incorporated into MSE.

 

[C0RR0SIVE]

If I remember right, windows defender is built into Win7 and Vista. I am using MSE on my server, not my favorite piece of software, but, it sure doesn't bog the computer down what so ever. I use AVG on my personal computer, and it keeps throwing hissy fits once in awhile, while great, MSE doesn't throw hissy fits over a video game or other important software that isn't a virus.

 

[KSoD]

No your right c0rr0sive. It was my last line in the post above as well.

Windows Defender is built into Vista/Win7.
MSE has a newer scanning engine built into it.
With the install of MSE; Defender is deactivated cause MSE is newer/better.

 

[KJamesJR]

Okay, I'm getting a pretty good compilation here... I think I'm going to go with MSE and Malwarebytes for now. Can anyone give me a safe link to Malwarebytes?

 

[KSoD]

Malwarebytes

Directly from their website.

 

[KJamesJR]

WTH... I was downloading desktop wallpapers and suddenly got a barrage of spyware... don't ever goto best-wallpappers.com or whatever it's called. Jeeze. Never thought I'd see KFC adds pop-up in unison to half nude dancing women. And I keep getting this DoubleClick BS. BRAND NEW MACHINE ******!!!

 

[KJamesJR]

Hijackthis log:


Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: Core Temp.lnk = C:\Program Files\Core Temp\Core Temp.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7662 bytes


Malwarebytes Log (nothing in it really)


Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 5746

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/12/2011 3:55:29 AM
mbam-log-2011-02-12 (03-55-29).txt

Scan type: Quick scan
Objects scanned: 155057
Time elapsed: 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Only thing I noticed were a lot of missing files in the hijack log... to be honest I ran this mostly for fun :| Couldn't run combo fix. Either MSE was preventing it, OR it doesn't operate on x64 versions.

 

[KSoD]

At this time ComboFix can only run on the following Windows versions:

Windows XP (32-bit only)
Windows 2000 (32-bit only)
Windows Vista (32-bit/64-bit)
Windows 7 (32-bit/64-bit)

They have updated it. It works on all versions of Windows expect XP 64 Bit. Since that is based off of Server 2K3. I have run it myself with MSE installed. I have Windows 7 64 Bit.

Your logs are clean.