Infection Removal and Prevention Guide

Infection Removal Guide

This guide will cover basic infection removal.​
  • If you have an infection you'd like to remove...
    • Please follow the Setup and then Removal posts.
      If that doesn't fix it, look at Advanced Removal.

  • If you want to learn how to stop future infections...
    • Check out the Infection Prevention Guide lower in this post.

  1. Intro/T.O.C.
  2. Setup
  3. Removal
  4. Advanced Removal


Setup
Setup

Before you start removing infections, there's a few precautions you should take.
These steps will help cripple most infections, making them easier to remove.​

  1. Restore file associations.
    Sometimes infections will remove your ability to directly run programs. This is often done so that while you can use shortcuts to still launch your browser and other programs, you can't run installers or tools to remove the infection. Luckily this is a quick fix.

    www.dougknox.com/xp/fileassoc/xp_exe_fix.zip
    Download that file and open/run it. You should see something called xp_exe_fix.reg inside. Double-click that, and you should get a confirmation/warning. Click the Yes or Merge button (whatever your system says) to fix the EXE association information. You may need to restart afterwards before programs will run.

  2. Disable Browser Addons
    During the removal, you should run your browser with addons disabled so they don't get in the way of removing the infection.
    • Internet Explorer
      In your start menu's programs list, go to Accessories, then System Tools, and then Internet Explorer (No Addons).
    • Firefox
      Hold down the Shift key while starting firefox to go into it's Safe Mode (which has addons disabled).
    • Chrome
      Open chrome normally, then press CTRL+SHIFT+N to open an incognito window, which has addons disabled. Close the original window and use the incognito one.

  3. Disable System Restore
    Viruses and other infections can hide in restore points, so we need to clear them.
    • XP
      In your start menu, go to the control panel, and there should be a bunch of icons, one of them being system. If not, click switch to classic view on the left. Open system, and click the system restore tab at the top. In that section, click the checkbox to turn off system restore on all drives, if it not already checked. Save the settings. That will delete any older system restore points, which could easily contain viruses, to prevent them from coming back in the future if you use a restore point.

    • Vista
      Open the start menu, right-click Computer, and click properties. In the new window, go near the top-left and click System protection. In a new window, you'll see a list of your drives. Uncheck them. Tell windows that you want to turn system restore off by clicking the button when it asks you.

    • Windows 7
      Open the start menu, right-click Computer, and click properties. In the new window, go near the top-left and click System . In a new window, you'll see a list of your drives. Below that, click the configure button. In the next new window, choose Turn off system protection, then click the OK button.

  4. Delete the HOSTS file.
    The HOSTS file can be used to redirect good addresses (like google.com) to bad ones (like thiswebsiteisavirus.com), so we should delete it to be safe.

    In your start/globe menu, go to the Run command. If you're on vista/7, you'd click in it the little white box near the bottom. Copy the below text and paste it in the box, then press [/b]enter[/b].
    %systemroot%\System32\drivers\etc\
    In the folder that pops up, there should be a file named hosts with no extension. Delete it.


Removal
Removal

  1. Malicious Software Removal Tool
    Malicious Software Removal Tool (32-bit)
    Malicious Software Removal Tool (64-bit)
    This is the first program that you should download and run. It's a tool that checks your computer for infection by specific viruses known to affect windows, it is not a replacement for a normal anti-virus, but it is useful in removing something that has already infected you.

  2. rKill
    This tool will further attempt to kill any malicious program that's running, so we can actually get on with the removal. It comes in five "flavors", if one doesn't work try the others.
    http://download.bleepingcomputer.com/grinler/rkill.exe
    http://download.bleepingcomputer.com/grinler/rkill.com
    http://download.bleepingcomputer.com/grinler/eXplorer.exe
    http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe
    http://download.bleepingcomputer.com/grinler/iExplore.exe

  3. Anti-Malware
    Next thing to do is a scan with an anti-malware. Download and install Malwarebytes, let it update, and then run a full scan with it. Fix/remove whatever it finds.
    www.malwarebytes.org

  4. Anti-Virus (Run-Once)
    It's time to do an antivirus scan, this is a run-once tool meant to remove any existing standard virus infections. Download and run this tool, and allow it to scan your computer.
    www.microsoft.com/security/scanner/

  5. Anti-Virus (Boot-Time)
    It's time for another antivirus scan, but this will be done a bit differently. Download and install Avast, then open the control window (main window). Go to the menu, and choose Schedule Boot-Time Scan. In the new window select scan all local discs and then confirm the schedule. After that, restart and Avast should boot before anything else, and it should scan and remove whatever it can find.
    www.avast.com


Advanced Removal
Advanced Removal


If the normal removal steps didn't work or you can't follow them...
We can help you get past those blocks personally.
We will need certain pieces of info from you.

Post a thread with the following info.​

  • Windows version.
    In the start/orb menu there should be a My Computer or Computer option. Right-click it and click Properties. The new window that comes up should have information about which version of Windows you're using. If you're not sure which info it is, just take a screenshot for us.

  • Nature of infection.
    What's the exact problem? Are you getting slowdown? Random ads popping up? Google search is redirecting to ads? Can't open the task manager? Can't access certain files? Persistent ad trying to scare you out of your money?
    Tell us exactly what's going on, and remember that a picture tells a thousand words, and we like screenshots!

  • Why you can't remove.
    Unable to download one or more of the programs? Can't find a setting the guide told you to find? Can't run any of the programs for some reason? Did the programs run but not find anything? Does the infection keep coming back after you remove it?
    The more you tell us about the situation, the easier it'll be to find the source of the infection and get rid of it.

  • HijackThis log.
    Download and run the executable version of HijackThis from free.antivirus.com/hijackthis. Choose Do a system scan and save a log file. It will open the log file when it's done scanning. Visit dpaste.com and copy-paste the log into the big white box and submit/paste it. Then give us the link of the new page.

  • Msconfig startup list.
    In your start/globe menu, go to the Run command. If you're on vista/7, you'd click in it the little white box near the bottom. Type msconfig, then press enter. In the new window, click the Startup tab, then take screenshots to show us everything that's checked.


Infection Prevention Guide

This guide will show you how to prevent infections in the first place.​



  1. Intro/T.O.C.
  2. Program List
  3. Future Prevention
  4. F.A.Q.

Program List
Program List
There's multiple classifications of infection in the computer world, just like there's multiple classifications of infections in the real world (for example viruses versus bacteria versus fungal infections). These infections work in different ways, and are often removed in different ways as well.

There's two main common categories for computer infections because of this. The first is "viruses", this generally includes viruses, worms, trojans, and malicious modifications to core system files. The second is "malware", which generally includes spware, adware, rogue software, and malicious system settings changes.

Often a scanner for one category won't aim for the other category due to the major differences, so it's recommended to have two programs. One antivirus and one antimalware, unless you have an antivirus that specifically includes antimalware instead (such as one of the paid anti-virus programs.)

It's important to only keep one anti-virus program installed at a time. Antivirus programs aren't normal programs, they hook into core parts of the system (such as filesystem I/O) and expect to be the only things doing so. Having multi antivirus programs can actually cause them to perform worse, or actually damage your system under rare circumstances.
  • Anti-virus
    • Free
      Avast! - Has a boot-time scanner which can be really helpful to remove infections.
      Microsoft Security essentials - Good at staying out of your way unless there's an issue. Updates definitions along with Windows Update, is light on requirements.
      Comodo - Includes a software firewall and other such additional protections, but may be too restrictive for power users.
      Avira - Standard antivirus, but the free version displays an ad when it updates.
      AVG - Light on requirements, but can be seen as a little behind the times.

    • Paid
      Kaspersky - Big focus on Heuristics, so it can often catch infections before other AV programs can.
      NOD32 - Low amount of false positives.
      Bitdefender - Big focus on phishing protection, includes various other things such as parental controls (but the controls are easily bypassed).
      F-Secure - Very fast and lightweight, but weak anti-malware protection.
      Trend Micro - Website blocker, modern firewall, and a spam filter. Not the best malware protection.

  • Anti-Malware
    • Free
      MalwareBytes - Excellent, takes steps that other programs don't in order to remove stubborn infections.
      SUPERAntiSpyware - Light on resources when scanning.
      Spybot S&D - And old standby, but can be considered deprecated. The TeaTimer component should not be installed or used.


Future Prevention
Future Prevention

How did I get that infection in the first place?
What can I do to prevent it?
Where do infections come from?
How can I spot bad programs?

An ounce of prevention is worth a pound of cure.​

  • Q - How do I avoid getting viruses and spyware and all that other bad stuff?

    A - Here's a list of preventative measures you can take.
    • Turn windows update on and leave it on! It's very important that your version of windows is kept up to date!
    • If you are in windows Vista/7, make sure UAC is on.
    • Make sure to allow your antivirus to update automatically.
    • make sure your web browser is always updating, It doesn't matter if you like the look if Firefox 0.9 better, if it's way out of date you shouldn't be using it as the security holes in it will not be fixed. There's often methods and options to make new programs look or function like old ones, so just update and get used to it. Running an older browser is just asking for infections.
    • Make sure that your antivirus is set to automatically scan every file that's created/modified. Any good antivirus software will have what's known as an "active guard" or "resident shield". What that does is scan every file before it enters your computer, like a robot security guard at the door of a nightclub. If it detects an infection, it can stop it from doing anything, and alert you.

  • Q - Why did my current program not protect me?

    A - Here's some possible reasons.
    • It was not fully updated.
    • It was a pay program, and you stopped paying for it, so it stopped protecting you.
    • It was a scanner for a different type of infection then you got. Virus scanners usually will not scan for spyware/adware, and the same goes the other way way around.
    • The virus managed to break your protection program.
    • What you thought was your protection program could have been a rogue program that actually doesn't protect you and was just scamming you for money by giving you false error reports.
    • What you think is an infection is actually on your computer legally. Increasingly now programs that are normally good may also install other software that displays ads. If it's in the EULA and you click the "agree" button, then it's on your computer legally, so virus scanners often won't pick it up! You need to be very careful because installers will use all sorts of tricks to get you to agree to install additional software! They'll swap what buttons do what, hide the "do not install" option unless you click certain areas, and more.

  • Q - Where do infections come from?

    A - Many, many places.
    • Advertisements
      Yes, random advertisements on websites can attempt to infect your computer. You can even get infected by good sites like The New York Times. Almost any site that displays advertisements could possibly give an infection, this is partially why it's so important to keep some protection that's always on.

    • Rogue Software
      Sometimes you might see a random popup or a page claiming it's scanning your computer, and showing you hundreds of problems it's finding that claims it can fix. THESE ARE FALSE. It is not scanning your computer, it is not detecting issues, all it's trying to do is scare you into buying it.

    • Crack/Serial/Warez Sites
      These are absolutely packed with infections and should be avoided. Their advertisements are rarely monitored and often contain infections, and the cracks and warez on the site itself often hide keyloggers and other such infections.

    • P2P/Filesharing Programs
      When you use programs like Frostwire, you are downloading files directly from other people's computers, and other people are downloading files from your computer. That's why it's called "file sharing"! If anybody has an infection on their computer, you could catch it since your computer connects to theirs in order to get the file. Every single one of these programs has a very high risk of infection, you should try to avoid these. The Done To Death sticky has lists of where to get free music safely and legally.
    These are just a few of the places to pick up infections. The people who make them are always looking into new ways to infect a large amount of machines, so if you're not sure on something look it up before you use it!


F.A.Q.
F.A.Q.
  • Q - A lot of the steps in the Removal Guide seem useless, do I still need to do it all?
    A - Every step has a purpose. Far too often people will skip steps, only to find they are still infected later. By the very nature of many infections, it's best that they remain hidden. After all, if you KNOW there's an infection you're going to try to remove it, right? Most actual viruses and bad infections will do all they can to prevent you from finding them, because they don't want you to try to remove them. Some steps you're told to follow may seem excessive, but they will catch stuff a simple virus scan won't.

  • Q - Why not just format when you get infected?
    A - At least once a month, windows receives automatic security updates. These fix security holes that viruses and other types of infections can use to get into your computer and mess it up. When you format and reinstall windows, you are taking it back to a time before all the updates, meaning you are just opening the door for even more infections to get in! Most of the time it's better to remove the current infection and then take steps (listed in the "future prevention" post) to prevent reinfection. Formatting is a last resort, some people may have 50 gigabytes of personal files on their computer, and some people have their computers set up a very specific way that would take hours or days to restore to working order after a format. Just because formatting is your choice does not mean it should be the first suggestion to somebody else.

  • Q - Why doesn't the Removal Guide specifically list (name of infection here)?
    A - There's thousands and thousands of computer infections, but most infections can be categorized into groups based on how they work, so a few tools and instructions can remove most of the computer infections people get. Furthermore the same infection can often call itself multiple names in order to try to disguise itself. This is most often true of infections that pretend to be virus scanners and try to scare you into "buying" them.

  • Q - I found this (verified legit) program that I installed and it scanned my computer and says it found the problem and is only asking me $30 to remove it, isn't that a good deal?
    A - No, these programs are often just out for your money. If the program has scanned and found issues, that's the hard part. The actual fix should be easy, so the fact that it's waiting until then to make you pay shows that it's just after your money. This is especially true if the program doesn't actually tell you what and where the problems are, this shows that the makers of the program don't want you going and fixing it yourself. They're not interested in actually fixing your problem, they just want to scare you out of your money.

  • Q - A scanner is telling me that something I know is clean (for example, a game like Maple Story) is an infection, why?
    A - Either it really DOES have an infection (remember that viruses infect other programs in order to reproduce!), or the scanner you're using is doing "heuristics" scanning. That's where it takes the program, and basically puts it in a virtual environment and tests how it reacts to certain actions, and if it does anything the scanner finds suspicious (that the scanner thinks it has no right doing, like a fast food employee carrying a gun), the scanner will mark it with a generic alert based on what type of infection the scanner thinks it is.

    http://www.virustotal.com/ - Go there, upload the file it says is infected, and it will scan it with many virus scanners. There you can see what the results are. If only a small percentage of the scanners mark it as bad, and they use generic terms, like just "spyware" or "trojan" or "keylogger", then you can assume that the file is really clean. Real viruses are given codenames, like "Fojack" or "Hidrag.a".

  • Q - What is all this stuff about DNS and HOSTS?
    A - DNS means "Domain Name Server". A DNS server keeps information which web address relates to which IP address on the internet (like how google.com is 74.125.45.100). It's sort of like how "Jack's house" means "123 Oak Tree Lane" in the real world. Unfortunately, sometimes an infection will misdirect your computer, sending it to the wrong websites. The HOSTS file is a file on windows that holds information about DNS entries on your own computer, it's usually used to bypass a normal DNS server for whatever reason. Unfortunately infections will add entries that make real sites redirect to fake sites.

  • Q - What's a tracking cookie?
    A - A tracking cookie is not a virus, it will not hurt your computer. They are used by ads on websites for marketing purposes. They record what "genre" of sites you generally visit (such as anime sites, military sites, car sites) so that the advertisements on a site know which types of ads to show you. They do not record any personal information about you, they do not know who you are.

    A cookie is a text file created by a website on your computer to store information about what you've done there. A text file is several kilobytes, which is one thousandth of a megabyte, which in turn, is one thousandth of a gigabyte. It would take millions of cookies to amount to anything that might slow down your computer.
 

Rydian

Resident Furvert™
OP
Member
Joined
Feb 4, 2010
Messages
27,880
Trophies
0
Age
36
Location
Cave Entrance, Watching Cyan Write Letters
Website
rydian.net
XP
9,111
Country
United States
They update it all the time o.o
I don't know if somebody picked it up again recently, but I saw it untouched for months, so I decided to stop using it. Even a month or so ago, I saw it didn't account for any of the new tricks.

EXE association removal? Not touched.
Hiding the user's profile folder? Not fixed.
Removing system objects from the user's start menu? Not replaced.

These actions are commonplace nowadays (mostly part of the "scare-ware" tactic modern malware uses), and tools need to account for them (which is partially why RogueKiller was made and why I've been checking it out).

Either way, you're hilarious and I enjoyed your brutality. +1 Rydian :D
I'm a hardass when it comes to infections.
 

Kurt91

Well-Known Member
Member
Joined
Sep 9, 2012
Messages
589
Trophies
1
Age
33
Location
Newport, WA
XP
2,217
Country
United States
Probably a stupid question, but I'd rather be safe than sorry. The guide states that both an anti-virus as well as an anti-malware program are recommended to be on your computer. Currently, I'm using Avast Antivirus as well as Spybot S&D. I'm considering replacing Spybot with MalwareBytes, having had to use it before to fix issues that came up on my mother's computer and knowing how well it works. (the bit about Spybot being a bit outdated, as well as the constant popups whenever I do anything also help)

The guide also says that it's a very bad idea to have multiple anti-virus programs on the computer at the same time. I figured I'd ask, then, if Avast and MalwareBytes play well together, or if I should keep my current setup as it is.

Also, I used to have a program called ThreatFire on my computer, which claimed that it was designed to work alongside another anti-virus. What do you guys think about that program? I stopped using it after I had a virus issue anyways, but back then, my main anti-virus was AVG, so I'm not sure if it was just a useless program itself or just a crappy anti-virus I had paired it up with.
 

Rydian

Resident Furvert™
OP
Member
Joined
Feb 4, 2010
Messages
27,880
Trophies
0
Age
36
Location
Cave Entrance, Watching Cyan Write Letters
Website
rydian.net
XP
9,111
Country
United States

Kirito-kun

Disciple of GabeN
Banned
Joined
Jul 23, 2013
Messages
290
Trophies
0
Location
22nd Floor
XP
165
Country
Canada
How to Deal With Any Malware Issue

Step One: Download ISO of popular Linux distribution (Linux Mint is a highly recommended distro).

Step Two: Install on hard drive, dual boot is preferable as you keep your current OS.

Step Three: Boot into Linux.

Step Four: Continue to use Linux for general computing use. Don't don't boot into Windows unless you have to (For gaming, etc.).

Step Five: ???

Step Six: PROFIT?!?!?!
 

Rydian

Resident Furvert™
OP
Member
Joined
Feb 4, 2010
Messages
27,880
Trophies
0
Age
36
Location
Cave Entrance, Watching Cyan Write Letters
Website
rydian.net
XP
9,111
Country
United States
How to Deal With Any Malware Issue

Step One: Download ISO of popular Linux distribution (Linux Mint is a highly recommended distro).

Step Two: Install on hard drive, dual boot is preferable as you keep your current OS.

Step Three: Boot into Linux.

Step Four: Continue to use Linux for general computing use. Don't don't boot into Windows unless you have to (For gaming, etc.).

Step Five: ???

Step Six: PROFIT?!?!?!
How to deal with not getting laid

Step One: Sex-change to female.

Step Two: ???

Step Three: PROFIT?!?!?!
 
  • Like
Reactions: Thanatos Telos

PityOnU

Well-Known Member
Member
Joined
Jul 5, 2012
Messages
1,182
Trophies
1
XP
1,614
Country
United States
How to Deal With Any Malware Issue

Step One: Download ISO of popular Linux distribution (Linux Mint is a highly recommended distro).

Step Two: Install on hard drive, dual boot is preferable as you keep your current OS.

Step Three: Boot into Linux.

Step Four: Continue to use Linux for general computing use. Don't don't boot into Windows unless you have to (For gaming, etc.).

Step Five: ???

Step Six: PROFIT?!?!?!

Oh, you're one of THOSE guys... *sigh*

This has nothing to do with the topic. Also, you're forgetting about a million steps between 3 and 4 that include (but are not limited to)

1. Learning how to use Linux
2. Getting your graphics drivers up and running (can be a real bitch)
3. Becoming familiar with the terminal
4. Figuring out equivalent programs to the ones used in your regular OS

etc.

Also, you didn't mention anything about removing malware.
 

Kirito-kun

Disciple of GabeN
Banned
Joined
Jul 23, 2013
Messages
290
Trophies
0
Location
22nd Floor
XP
165
Country
Canada
Oh, you're one of THOSE guys... *sigh*

This has nothing to do with the topic. Also, you're forgetting about a million steps between 3 and 4 that include (but are not limited to)

1. Learning how to use Linux
2. Getting your graphics drivers up and running (can be a real bitch)
3. Becoming familiar with the terminal
4. Figuring out equivalent programs to the ones used in your regular OS

etc.

Also, you didn't mention anything about removing malware.

The thread is about malware removal and prevention. By using Linux, you're removing malware from your computing experience and preventing yourself from getting any additional malware. I see no issues.

Secondly, distros like Mint and Ubuntu are so candy coated, most users can get by without the terminal. Likewise, the learning curve is small, smaller than transitioning to Windows 8. Linux driver support has improved in the past few years, and is not a significant issue. As for equivalent programs, there is Google and forums.
 

Thanatos Telos

random stuff
Member
Joined
Sep 13, 2009
Messages
848
Trophies
1
Age
25
XP
577
Country
United States
The thread is about malware removal and prevention. By using Linux, you're removing malware from your computing experience and preventing yourself from getting any additional malware. I see no issues.

Secondly, distros like Mint and Ubuntu are so candy coated, most users can get by without the terminal. Likewise, the learning curve is small, smaller than transitioning to Windows 8. Linux driver support has improved in the past few years, and is not a significant issue. As for equivalent programs, there is Google and forums.

AMD cards past the HD 5000 series make the UI in Linux too sluggish. Official or non-official drivers.
 

PityOnU

Well-Known Member
Member
Joined
Jul 5, 2012
Messages
1,182
Trophies
1
XP
1,614
Country
United States
The thread is about malware removal and prevention. By using Linux, you're removing malware from your computing experience and preventing yourself from getting any additional malware. I see no issues.

That's a stretch, but meh, I guess you deserve credit for the effort.

Secondly, distros like Mint and Ubuntu are so candy coated, most users can get by without the terminal.

I use Ubuntu 12.04 regularly, and this is just not the case. Most of the "candy coating" applications you speak of are often extremely buggy (I'm looking at you "Additional Drivers" and "Software Center") and have a horrible UX because of hangs and lag.

Likewise, the learning curve is small, smaller than transitioning to Windows 8.

Seriously? You're saying that learning a whole new operating system paradigm is easier that learning the new look of the start menu?

Questions from previous Windows to Windows 8:

1. Where's my start button?

Questions from previous Windows to Linux:

1. Where's my C: drive?
2. What's a "swap"?
3. What is this "windowing system" I keep hearing about?
4. What is root?
5. Can I use Office?

... and so on.

Linux driver support has improved in the past few years, and is not a significant issue. As for equivalent programs, there is Google and forums.

It has improved greatly, but still I don't think it would be an understatement to say that it is the largest hurdle you have to overcome if you want to switch to Linux. Laptop components in particular are not well supported.

Basically, if you are a developer or a researcher, then Linux can be a great OS because it's so open. Unfortunately, though, that comes at the cost of usability. Go ahead and tell me with a straight face that someone who doesn't have a CS/ECE degree would have the slightest idea what they were doing in that type of environment.
 

trumpet-205

Embrace the darkness within
Member
Joined
Jan 14, 2009
Messages
4,363
Trophies
0
Website
Visit site
XP
693
Country
United States
Recommending Linux to avoid Malware isn't a sound solution. There is just a lot of things you can do on Windows but not Linux. Dual boot is a hassle.

Don't get me wrong I'm running Windows 7 as my host OS. Using VirtualBox I'm running Linux as my guest OS, and I use Linux for the sole purpose of web browsing.
 

Ericthegreat

Not New Member
Member
Joined
Nov 8, 2008
Messages
3,454
Trophies
2
Location
Vana'diel
XP
4,253
Country
United States
#1 prevention rules is:

Do not go to random porn sites on your windows partition, stick to the big sites and you should be okay, use a linux partition for anything else ;)
 

PityOnU

Well-Known Member
Member
Joined
Jul 5, 2012
Messages
1,182
Trophies
1
XP
1,614
Country
United States
#1 prevention rules is:

Do not go to random porn sites on your windows partition, stick to the big sites and you should be okay, use a linux partition for anything else ;)
Yeah, stay away from bad sites like The New York Times!
http://mashable.com/2009/09/15/new-york-times-malware/
</moresarcasm>

It's actually kind of funny... the majority of attacks and malware come from the ads, not the sites themselves. Ad blockers probably decrease your attack surface more than anything else.

I use IE10 with Fanboy and Easylist tracking protection enabled on Windows 8 with UAV turned off and an administrator account. That's pretty much the least secure situation you can put yourself in, and I have yet to have any issues with viruses or malware (~year now).

I just miss the days when AV didn't come bundled as part of the OS.
 

Satangel

BEAST
Member
Joined
Nov 27, 2006
Messages
10,307
Trophies
1
Age
31
Location
Bruges, Belgium
XP
1,525
Country
Belgium
Any AV out there that doesn't come packed with a Firewall, or has to be on at all times?
So annoying, I already have Windows Firewall as my firewall, I DO NOT need another Firewall. NO, I don't want my system full of services all the time, just NO.
I need an AV scanner that I can choose when to boot it, and I let it update&scan it then. Just like I have SUPER and Malware, Windows Defender, those programs run when I choose them too, not all the time.

Tested both Avast and Avira, and I specifically say they shouldn't install the Firewall-part, yet they are always on and annoying me.
 

Tom Bombadildo

Dick, With Balls
Member
Joined
Jul 11, 2009
Messages
14,573
Trophies
2
Age
29
Location
I forgot
Website
POCKET.LIKEITS
XP
19,185
Country
United States
IIRC, the Free Edition of AVG doesn't install a firewall because it's for the paid version only. You can set schedules of when you want it to scan your PC, add exceptions, set the priority of the scan etc etc. I've been using it for a few years now and I haven't had a problem with it.


EDIT: Though it does run in the background 24/7, but you should be able to stop it running at startup/exit it when you're through scanning...:unsure:. I usually don't bother, since it takes up little system resources when it's not running.

EDIT2: And when I mean not running I mean not scanning...lol
 

Satangel

BEAST
Member
Joined
Nov 27, 2006
Messages
10,307
Trophies
1
Age
31
Location
Bruges, Belgium
XP
1,525
Country
Belgium
IIRC, the Free Edition of AVG doesn't install a firewall because it's for the paid version only. You can set schedules of when you want it to scan your PC, add exceptions, set the priority of the scan etc etc. I've been using it for a few years now and I haven't had a problem with it.


EDIT: Though it does run in the background 24/7, but you should be able to stop it running at startup/exit it when you're through scanning...:unsure:. I usually don't bother, since it takes up little system resources when it's not running.

EDIT2: And when I mean not running I mean not scanning...lol
The reason I ditched AVG was because it bothered me too much with updating and showing ads sometimes. Also sometimes blocking applications that I didn't want blocked at all. Maybe that was the firewall though

I'll give it a try again, thanks :)
 

Joom

 ❤❤❤
Member
Joined
Jan 8, 2016
Messages
6,067
Trophies
1
Location
US
Website
mogbox.net
XP
6,075
Country
United States
I know this thread is old, but users should really be taught about crypters and the nature of encrypted malware. AVs are really useless against targeted/niche infections since the attacker will use circumvention techniques to bypass scanning. Even if your system scan comes up clean, you could still be infected. If you suspect that you are, use CCleaner to check your startup entries and see if there's anything suspicious running from %appdata%. Malware gets dropped here a lot in order to bypass the UAC prompt and gain administrative privileges without user interaction. I also recommend having Sandboxie installed and run any sort of suspicious software in it first to see if the binary makes any sort of drops. Also, use Malwr instead of sites like VirusTotal in order to get an accurate and detailed scan of a binary. Remember, false positives exist due to what's called heuristics (file behavioral patterns) which can cause a lot of unnecessary problems, so use that site to be sure. Sites like VT also won't detect an encrypted malware binary, but Malwr will give you information on exactly what the file does down to files that are accesed and network activity. If you'd like a locally ran system like that, look into Cuckoo Sandbox (requires a virtual machine).
 
  • Like
Reactions: Luglige

Luglige

hiatus
Member
Joined
Jan 24, 2016
Messages
1,414
Trophies
1
Location
under your bed
XP
883
Country
Antarctica
I know this thread is old, but users should really be taught about crypters and the nature of encrypted malware. AVs are really useless against targeted/niche infections since the attacker will use circumvention techniques to bypass scanning. Even if your system scan comes up clean, you could still be infected. If you suspect that you are, use CCleaner to check your startup entries and see if there's anything suspicious running from %appdata%. Malware gets dropped here a lot in order to bypass the UAC prompt and gain administrative privileges without user interaction. I also recommend having Sandboxie installed and run any sort of suspicious software in it first to see if the binary makes any sort of drops. Also, use Malwr instead of sites like VirusTotal in order to get an accurate and detailed scan of a binary. Remember, false positives exist due to what's called heuristics (file behavioral patterns) which can cause a lot of unnecessary problems, so use that site to be sure. Sites like VT also won't detect an encrypted malware binary, but Malwr will give you information on exactly what the file does down to files that are accesed and network activity. If you'd like a locally ran system like that, look into Cuckoo Sandbox (requires a virtual machine).
I feel like this guide needs to be updated.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • Veho @ Veho:
    I only wish it was actually playable.
  • Veho @ Veho:
    There's a guy on the Tube of You that makes playable mechanical arcade games out of Lego. This could work on the same principle.
  • Veho @ Veho:
    Just a couple of guys taking their manatee out for some fresh air, why you have to molest them?
  • Veho @ Veho:
    Stupid Chinese shop switched their shipping company and this one is slooooooow.
  • LeoTCK @ LeoTCK:
    STOP BUYING CHINESE CRAP THEN
  • LeoTCK @ LeoTCK:
    SUPPORT LOCAL PRODUCTS, MAKE REVOLUTION
  • LeoTCK @ LeoTCK:
    THEY KEEP REMOVING LOCAL SHIt AND REPLACING WItH INFERIOR CHINESE CRAP
  • LeoTCK @ LeoTCK:
    THATS WHY MY PARTNER CANT GET A GOOTWEAR HIS SIZE ANYMORE
  • LeoTCK @ LeoTCK:
    HE HAS BIG FOOT AND BIG DUCK
  • LeoTCK @ LeoTCK:
    d*ck i mean*
  • LeoTCK @ LeoTCK:
    lol
  • Veho @ Veho:
    Mkay.
  • Veho @ Veho:
    I just ordered another package from China just to spite you.
  • SylverReZ @ SylverReZ:
    Communism lol
  • SylverReZ @ SylverReZ:
    OUR products
  • The Real Jdbye @ The Real Jdbye:
    @LeoTCK actually good quality products are dying out because they can't compete with dropshipped chinese crap
    +2
  • BakerMan @ BakerMan:
    @LeoTCK is your partner the sascrotch or smth?
  • Xdqwerty @ Xdqwerty:
    Good morning
  • Xdqwerty @ Xdqwerty:
    Out of nowhere I got several scars on my forearm and part of my arm and it really itches.
  • AdRoz78 @ AdRoz78:
    Hey, I bought a modchip today and it says "New 2040plus" in the top left corner. Is this a legit chip or was I scammed?
  • Veho @ Veho:
    @AdRoz78 start a thread and post a photo of the chip.
    +1
    Veho @ Veho: @AdRoz78 start a thread and post a photo of the chip. +1