Various information on antivirus related products

Virus Total Uploader

en_virustotal-uploaderYou may recall me mentioning Virus Total, this is a priceless service that allow you to upload a file and have it checked by many different antivirus engines within seconds. Excellent if you are suspicious about a file, or just if you want to be sure that the file you just downloaded is clean.

Well I did not mention another neat feature from Virus Total, a “send to” addition to Windows right click options. Once this is installed you can right click on ANY file and have it uploaded to Virus Total for analysis easy and painless.

VirusTotal Uploader

MRT – the shortcut to Malicious Software Removal Tool

MRT1 So you would like to run MSRT manually (the Microsoft Malicious Software Removal Tool, the one that comes once a month from Microsoft via Windows Updates and cleans different infections from your pc), well as written in an earlier post http://www.kanmandet.dk/?p=463 you can download a version straight from Microsoft, however it turns out there is an even easier method, simply go to your “start menu”, select “Run” and enter “MRT” and hit enter..

There is even the option to launch it with parameters so you could schedule it to run at regular intervals if you would like.

.

MSRT – Microsoft Malicious Software Removal Tool

2009-01-12_0924As you may have noticed then Microsoft monthly ships you a new version of something called MSRT (Microsoft Malicious Software Removal Tool), this comes via Windows updates.

What does it do?  Well its a very basic cleanup utility for certain mal/spyware, once Microsoft deems that a mal/spyware is widespread enough it is added to their MSRT and is thus cleaned from all machines that run their Windows Updates.  It is NOT a malware/spyware scanner as such as it only cleans known and targeted mal/spyware and it offer no realtime protection, it runs – cleans and exits.

As mentioned all this happens behind the scenes about once a month, should you however want to do the scan again (you may be infected with mal/spyware 2 minutes after the MSRT are run, and then it will be an entire month before the scan is performed again) then you can download and run the MSRT scanner yourself (or rather a GUI version of it, the original run 100% behind the scenes).

Download it from here;
http://www.microsoft.com/security/malwareremove/default.mspx
or here (I am not 100% the latter is updated regularly)
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356

UPDATE January 26th 2009;
It’s even easier than this, see;
http://www.kanmandet.dk/?p=574

Antivirus 2009 – removal

So a friend of mine got infected by this Antivirus 2009 (that is irony for you, infected by an Antivirus), anyway I will be visiting him shortly to try and disinfect that darn thing.

From what I can figure out I will get the best results by using the tools from;
http://www.malwarebytes.org/

Should be safe to use acording to;
http://www.siteadvisor.com/sites/malwarebytes.org

I will update this post with the results of my efford, should you however have better tips let me know..

UPDATE JAN 7th
Malwarebytes malware scanner worked like a charm, big thumbs up.

AVG Antivirus joins the not so popular club.

AVG Antivirus has joined the not so popular club of antivirus vendors, that has released faulty definitions for their virus scanner.  In this case it caused AVG to wrongly detect a virus in a vital Windows OS file, which in worst case (if you followed AVG’s advice) could lead to a crashed Windows installation.

From the AVG forum here is a possible solution that do not require re-installation;

PC crash after AVG update 9 Nov 2008

Posted by: pa3bar (IP Logged)
Date: November 9, 2008 04:45PM

Many PC’s crashed after todays’s update of AVG. The update destines user32.dll as a virus: PSW. banker4.APSA.
Valid for Win XP SP2 and SP3 with AVG7.5 and AVG 8.
This is not a virus, but an essential part of your windows programme.

prevention:
before you start up your PC, unplug the internet cable. Boot your PC and disable in your firewall the access to internet for the AVG update manager. Reconnect the internet cable. In this way your PC stays safe from the maliceous AVG update.

solution:
if you happen to believe the AVG programme (like I did) when it shows you the virus alert, and have choosen “heal”or quarantine””your PC will no longer restart. It shows a blue screen at start up and tells you it cannot find winsvr, error c0000135. System recovery has no effect. Don’t panic (like I did) but:

-restart your PC in safe mode (press F8 during windows start up)
-open the AVG control centre by clicking the logo or via start-programs-AVG
-go to the virus vault, select user32.dll and click restore.
-empty the virus vault
-close AVG
-now unistall the whole AVG program: start-programs-AVG-uninstall
-reboot the PC and it is fine.

The omnibus experience – Hilarious

If you are at all interested in IT-Security then YOU NEED to get a load of this, Paul Craig’s omnibus experience (a podcast from Kiwicon) brought to you by Patrick Gray http://www.it-radio.com.au/, its awesome and extremely funny.

Paul Craig is a security consultant whom in his Omnibus experience explain how he created 1) A kiosk attack tool 2) Hacked a botnet (and got a lot of interesting and funny information) 3) Wrote his own WMI trojan (yes he actually utilized WMI for this one – scary – PLUS it will verbally insult you, you really MUST hear the podcast its so funny).

Makes you think, hmm WMI very usefull but maybe a bit overlooked in regard to security.

Links;
http://itradio.com.au/security/?p=98
http://ha.cked.net/projects.html

http://www.mls.id.au/

Windows update / Forefront update error codes

Have you ever had Windows Update or Forefront Antivirus fail to update, and then mock you with one of those very informative errorcodes like 0×80244015?  Well guess what, you are not a totally lost, there is actually a “cheat-sheet” http://inetexplorer.mvps.org/answers/63.html for decoding these 😀

Now why these translated error codes are not not displayed as opposed to those interesting 0×80244015 number codes… well your guess is a good as mine..

McAfee Virus Scan 8.7 Enterprise

McAfee has released a new version of their enterprise antivirus.  I would advocate that it is indeed a good idea to make sure to upgrade your antivirus regularly, not only the definitions files mind you – newer version or patches for existing versions as well.  More than once I have seen that upgrading an existing installation revealed malware or other infections.

McAfee’s Enterprise Virusscan is in my opinion on of the better products on the marked, its fast – only informs you when there is something to inform about – and its highly tweakable.  That said, then most antivirus products are quite similar today – so I guess its a lot up to personal preference.

Hmm, from what I can see it looks more like a beta, but I may be wrong..

Online Virus Scanning

Just had a friend on the line, “I think I have a virus..”..  in this day in age even if you have a decent antivirus installed, is no guarantee for an infection-free existence.

Anyhow, my suggestion to him was; try some or all of these online scanners (its free and besides the time it takes to scan it’s fairly painless), actually for the rest of us it’s a decent idea to sometimes get a second opinion (from our installed antivirus) even if we think everything is fine.

So get scanning;
http://onecare.live.com/site/en-US/center/howsafe.htm?s_cid=mscom_msrt
or http://onecare.live.com/

http://www.bitdefender.com/scan8/ie.html

http://housecall.trendmicro.com/

http://www.kaspersky.com/virusscanner

http://support.f-secure.com/enu/home/ols.shtml

http://www.eset.com/onlinescan/

http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym

http://home.mcafee.com/Downloads/FreeScanDownload.aspx
(or goto McAfee and search for McAfee Free Scan)

A collection of various utilities (page is in Danish, but links to international sites)
http://www.spywarefri.dk/onlinevark.htm

If you are about to give up, then there is one final hope – McAfee offers an online service where they will assist you in removing your infection for US$ 89,- and if the sh.. really hits the fan, then $89 may not be that bad a deal).

http://us.mcafee.com/root/landingpages/afflandpage.asp?affid=0&lpname=12982&cid=45687

Forefront Client Security Deployment

You may have heard about Microsoft’s antivirus solution (Forefront Client Security, the corporate version – there is also a home user version), well now there is an additional way of deploying it (see button link) – untested, but sounds like piece of pie 🙂

Microsoft’s Live Care (home user version);
http://onecare.live.com/standard/en-us/default.htm

Microsoft Forefront Client Security;
http://www.microsoft.com/forefront/clientsecurity/en/us/default.aspx

Corporate deployment (New method);
http://www.codeplex.com/fcscompete/Release/ProjectReleases.aspx?ReleaseId=14440

A few web-casts that may also be interesting (have not seen them myself yet);
http://whitepapers.techrepublic.com.com/abstract.aspx?docid=348503
http://whitepapers.techrepublic.com.com/abstract.aspx?docid=348463