What's your favorite Tool for Malware Scanners??

[Rich-M]

Combofix is not for the faint of heart and actually is for specific infections but the nice thing about it is it also repair Windows in many cases where the infections have crippled Windows. When Vundo infections were more common I used it a lot more.

 

Let me explain why I would rather repair the pc rather than reinstall Windows as my reasoning is a bit different from many.I work on location. I cannot carry everything into the home and the client seldom has the software they need. I have no clue what they do with it.

If I reinstall Windows I have always returned to the shop for that which adds another day wasted to return it so I would rather spend more time there cleaning the pc rather than waste a day bringing it back and then returning with it. I can see more people this way.

[Rich-M]

Good question Dougie. I have had a couple PC's where it seemed it was time to save the data and restore to factory. SAS is under new management and is trying a come back. I'm new to Hitman Pro. I only used it twice.

 

Of course they could mean some else is wrong.

IMHO these days you need layered security. I run MBAM Premium with my Anti-Virus . I have heard some good things about Ad-Adware to run with your Anti-Virus. Ad-Adware is under new management also. I started this thread because I think you should have some good trusted on line scanners in your arsenal . My choices are MBAM, ESET on Line Scanner, Adwcleaner and MBAM Anti- Root and JTR.

My opinion is some of the free programs like Avast and Avira running with MABM or Ad-Adware and common sense with keep you protected.

If you don't click it, there's a good chance you won't get the ticket!;)

Hi @DSTM I probably would give Combo fix a shot if; I thought is was a losing cause to continue cleanning , before reformatting.;)

I'm also considering Pete's suggestion about adding Windows Repair(All In One) to my arsenal. Looks like a great tool for fighting malware.

http://www.tweaking.com/content/page/windows_repair_all_in_one.html

I installed Adaware Antivirus on a few systems where I had issues with Mse or Avast gave me registration issues but I don't know if it was good or bad though generally I have never seen a product that was really good, ever make a come back from death of software so I don't have much hope for that or Sas. Sas supposedly came back to life a few years ago but that was the version that hosed two of my systems so I doubt I will be trying that anytime soon.

 

For rootkits I use Gmer and Rogue Killer of course is good for rootkits as well. No way I am using beta software on a client system, I was trained better than that and Mbam Anti Exploit is beta software. One thing you should know as well if you install Mbam Beta Exploit on client setup, they will call you in a few months when the test is over and they are being bombarded with nag messages to uninstall it and no matter what you tell them, they most likely will uninstall Mbam and not the Anti Rootkit product so you will wind up going back anyway. I won't use it.

[allheart55 Cindy E]

Malwarebytes Anti-Exploit is no longer in beta, Rich. https://www.malwarebytes.org/antiexploit/

 

As you know, it is much easier for me to wipe and load client computers since most (almost all) of them are done here.

I rarely have to go to a clients home, they usually come to me. I don't have to worry as I have everything here.

[DSTM]

A number of these programs once run require a clean up afterwards.That's why in some cases I am hesitant to use them without supervision.

I repair my friends computers and when they are badly infected I don't waste time and wipe and load.

AT least this way they are not ringing up next day saying this or that is still not working properly.:)

[Rich-M]

I see you are right Cindy no more Beta! The free version is really meaningless as the paid version handles the difficult issues like Ms Office, Pdf readers and custom settings. Emsisoft includes the same browser protection and also for Java and Readers. I am not sure about Office but I think that too.I am checking that out. I fail to believe they want $24.95 a year for that coverage also.

[allheart55 Cindy E]

I fail to believe they want $24.95 a year for that coverage also.

 

Do they really?

[Rich-M]

The paid version but when you look at what the free one does, its almost meaningless and as I said what the free one does I know Emsisoft does also. I have asked them for an answer to the rest which knowing how quickly they respond, I will have real soon.

[GimboV]

MBAM is dead in my book. It doesn't work anymore, only about a 70 percent hit rate unless you like finding tracking cookies. Enough said

[Frogboy]

I know ridicule to me but i love and use Norton over here in Aussie land. :bunny:

[donetao]

I know ridicule to me but i love and use Norton over here in Aussie land. :bunny:

Hi Mate! If it works for you, Go for it!!

[Rich-M]

One of my favorite discussions is Norton Av. One night on Linkedin Biz Forum I belong to we did a survey of those who ever used a Norton AV and I did use it years ago...."has anyone ever seen Norton Av remove anything" was the question. 137 responses all said the same thing and that was no one we knew has ever seen a Norton Av product remove anything.

[Rich-M]

MBAM is dead in my book. It doesn't work anymore, only about a 70 percent hit rate unless you like finding tracking cookies. Enough said

One of my favorite "Shark Tank" responses from Kevin O'Leary "you are dead to me"! I love it Gimbo!

This should be a wake-up call folks, we are watching the demise of this once great product!

[starbuck]

Wow, a lot to read and go through here.

Here's a start, before i go back and read the rest.

 

Adwcleaner is flagging Search Everything as Malware. Any one here have that problem. Who should I notify about this FP??

This was reported to Xplode on 8th Feb.

I would expect the FP to be removed on the next update.

 

I probably would give Combo fix a shot if; I thought is was a losing cause to continue cleanning

I can understand that.

 

is it also repair Windows in many cases where the infections have crippled Windows.

That's true.

It can also replace some infected system files.

The thing with Combofix is that most problems people encounter are because they haven't followed the instructions properly.

We tell people to download to the Desktop...... what do they do, stick it in the download folder or a made up security folder they have created.

We say to make sure all security software is disabled..... what do they do, leave their AV running.

Some will even try using their system whilst a scan is running ( they just can't bare to sit there and not use it )

The instructions we give are for a reason.... but people don't always read was is printed.

 

I am staying away from Hitman Pro as it used to have an awful reputation. I think at one point in time, it was even considered a rogue program, years ago

Rich wasn't quite right when he said:

Hitman Pro was never considered Malware

Versions 1 - 2 did used to install 3rd party programs and was considered to be 'rogue'.

But these versions were written by Mark Loman ..... these earlier versions have nothing to do with the latest versions of 3.

 

I'm new to Hitman Pro. I only used it twice.

That's twice more than me then!

Have never really felt the need nor the inclination to use it.

It can be a bit aggressive and have read about loss of usb ports, internet etc after running it.

Quite a few of the guys do use it, but I wouldn't on someone elses system.

At the end of the day, they don't even use their own definitions so this makes it harder to find out why something may have gone wrong and what caused it.

Their support doesn't seem to be the quickest thing around either.... so if you have problems you may have to wait for a response.

I use tools that i know I can get a quick response from the vendors and on the odd occasion have even had the vendor take over a thread for a short time to rectify an unusual problem.

 

But that's just me.

Which brings us to...........

Hi Mate! If it works for you, Go for it!!

Well said. :)

I would never use Avast or AVG.... but some people swear by them.

I stopped using McAfee about 10 years ago .... but my brother still uses it today ( no matter how hard i try to get him to ditch it )

Some programs work better on some systems than others ... it's what suits you that counts.

 

Remember the title of this thread is..

What's your favorite Tool for Malware Scanners??

 

So just because one program suggested isn't one that you would use..... doesn't mean that it doesn't have it uses.

[donetao]

Thanks Pete for your time and the good info. I could send you a PM, but sense I'm the author of this thread, I think I should do this publicly.

[allheart55 Cindy E]

Well stated, Pete. You are definitely the go to guy when it comes to all things relating to malware and security.

[Rich-M]

OK here is the answer from Emsisoft as to the differences in how MBAE and Emsisoft work so once again now in order to have this coverage at Mbam you are up to $50 a year vs $40 as you need both there:

 

"For those of you who are unfamiliar with exploits, we put together the video below. Basically, these threats abuse vulnerabilities in everyday software applications such as browsers, office documents and PDFs and use these to download malware. Malwarebytes Anti-Exploit wraps these applications in three layers of defense, monitoring them for suspicious activity and stopping it at source.

 

I bolded the interesting line in the quote above. What MBAE does, is that it blocks vulnerability exploitation in software (the pro version monitors more applications than the free version). So, it interferes and interrupts exploitation before any download attempt is made. That is effective, but also means that, whatever malware is dropped differently (for example using a malicious email attachment) will be ignored, because that is not what MBAE monitors.

 

Our behavior blocker will not always detect the vulnerability exploitation, instead it will alert the user whenever actual malware or malicious activity is detected (to stick with the quote above, it will warn you whenever a malicious file is downloaded/dropped/executed as result of the exploitation).

 

This means that MBAE will block a bit earlier, but Emsisoft products will not allow the creation/execution of the actual malicious files and actions (payload of the exploit kit) on the computer and the results will be in both cases a clean machine. On top of that, contrary to MBAE, Emsisoft products monitor for this kind of activity, no matter if it originates from an exploited Java version, a malicious email attachment or a drive-by download."

 

I hope this clarifies things, if you have further questions, please let me know."

From Emsisoft Blog

[Rich-M]

Great Job Pete, that was a great comeback to a long thread. What are your feelings today about Mbam as I know I am one of a growing number who never bothers with it any more. And if you don'r use Hitman Pro for Ransomware, what do you recommend when encountering it as I don't know of anything else that can boot though the newer versions.

[starbuck]

Hi Rich.

 

Nice info on the differences in how MBAE and Emsisoft work. :)

 

What are your feelings today about Mbam as I know I am one of a growing number who never bothers with it any more.

Like i've said before, it's a good general cleaning program especially if nothing has been run on the system.

Sometimes i see it remove quite a lot.

 

And if you don'r use Hitman Pro for Ransomware, what do you recommend when encountering it as I don't know of anything else that can boot though the newer versions

What do you mean when you say ....

I don't know of anything else that can boot though the newer versions

Most ransomware will allow the system to boot...... if it doesn't, you can't pay.

Or do you mean to remove the start files etc that the ransomware adds, so that the system can boot normally.

[Rich-M]

Pete the ransomware I have seen allows no bootup, not even to Safe Mode so without HItman Pro, which allows you to boot into it in Windows using the kickstart I see no way to proceed except reinstall Windows.

http://www.surfright.nl/en/kickstart

[DSTM]

From what I have researched, Rich they allow you a given time to access your computer and pay up.

After the deadline you are in trouble.

[starbuck]

the ransomware I have seen allows no bootup, not even to Safe Mode so without HItman Pro, which allows you to boot into it in Windows using the kickstart I see no way to proceed except reinstall Windows.

Ok, so we're talking Mbr ransomware?

I personally haven't had to deal with this type, but there is a way to get the system to boot normally.

Not straight forward, but possible.

 

This is the shortened version................. ( you'll love this) :)

If the system won't boot into the recovery environment, you need to create a Recovery CD.

If one isn't to hand then one can be made from any system running the same operating system.

You also need to download FRST to a Usb stick.

Once the disc is created, the system can be booted to the recovery environment and 'Command Prompt' accessed.

There is a way for FRST to be run in this mode using the 'Command Prompt'.

When finished the reports will be added to the Usb stick.

From the reports a fix can be made that will remove any malware etc ( as we normally do )

The fix can then be run in the RE.

At the end of the fix we can add a Command to list the bcdedit contents.

From the bcdedit contents we can remove any altered identifiers with another fix.

The system should then be able to boot normally.

 

Like i say... i've never had to deal with this type of ransomware but the way to do it is known to us.

 

I admit that using the kickstart is probably a lot easier and quicker for you if you are out on the job and money is the governing factor.

But I'm just showing that it is possible without using the kickstart.

[Rich-M]

From what I have researched, Rich they allow you a given time to access your computer and pay up.

After the deadline you are in trouble.

Not with the Kickstart Dougie and BTW I have used it again after the 30 days on another pc I had done once before. Not quite sure how that is meant to work.

[Rich-M]

OK thanks for that I am glad to know there is another way Pete, that is actually encouraging and yes Kickstart is way quicker...but who knows if it will always work either.

[DSTM]

Not with the Kickstart Dougie and BTW I have used it again after the 30 days on another pc I had done once before. Not quite sure how that is meant to work.

 

I never mentioned Kickstart, Rich.

[Rich-M]

I know I should have explained better Dougie. Booting to the Kickstart then mallows you to boot into Windows bypassing the MBR if that is the problem and then run Hitman Pro whether you have used it before or not so one could actually do that just to use it even when the MBR is not the problem. That is all I was saying.