Author Topic: I've got Avast; should I get Malwarebtes too?  (Read 29867 times)

0 Members and 1 Guest are viewing this topic.

thekochs

  • Guest
Re: I've got Avast; should I get Malwarebtes too?
« Reply #45 on: February 13, 2014, 03:29:25 AM »

Thx....anyone try the BETA with Avast2014 ?.......I see they have rootkit, etc.....so wondering if any gotchas.

Been running the beta with Avast since it came out, absolutely no problems at all.

The MBam  Beta v.2 test #2 is extremely stable, MBam has always been the Second of Choice for Avast side by side. :)

Great to hear.....I had previously posted on MBAM site and they said: https://forums.malwarebytes.org/index.php?showtopic=142176
Question.....Avast's anti-rootkit is part of scheduled or boot-time scan, correct ?  It sounds like the Avast and MBAM 2.x active shields play nice and the scheduled scans if run at different times would be OK ?.....in other words, no where for rootkit scans from each to run into each other ?  Sorry if this is dumb question.......just trying to get my head around it.
« Last Edit: February 13, 2014, 03:34:35 AM by thekochs »

Offline schmidthouse

  • VIRUS FREE A Long Time
  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7170
  • When you think you know, Think Again
Re: I've got Avast; should I get Malwarebtes too?
« Reply #46 on: February 13, 2014, 03:34:22 AM »
That's correct. :)

Offline Tangy

  • Full Member
  • ***
  • Posts: 149
Re: I've got Avast; should I get Malwarebtes too?
« Reply #47 on: February 13, 2014, 05:08:56 AM »
@ TheKochs : I tried to install again everything went nice and smooth I followed all the correct procedures but when I try to test it CryptoPrevent that is once again I get the following message.

Prevention not applied or unsuccessful. Be sure to reboot the PC after applying protection before testing.

Uninstalled it again !  :(
I will ask about it at the Foolishit site shortly.

Dumb question.......I assume you rebooted  ?...it requires to implement the policy changes.
Let me know the thread you post.....would like to follow along there.....
....perhaps it is a post here.....not sure: http://foolishtech.com/viewtopic.php?f=5&t=851&start=60

I thought the site is a tad confusing . Anyway here you go !

http://foolishtech.com/viewtopic.php?f=5&t=1248
OS:Win xpsp3 pro, CPU:2.8 GHz, Ram:4 Gb HD:500 Gb,Avastfree18.8.22356,OSArmor,Basilisk+NewMoon(Roytam1),ublockorigin,Adguard, SystemExplorer, MCShield, MBAM on demand, FW:PC Tools Plus ,WinPat,Decentraleyes,privacy badger,minerblock.
OS : Windows 7 pro 64bits Avast free Malwarebytes antiexploit

thekochs

  • Guest
Re: I've got Avast; should I get Malwarebtes too?
« Reply #48 on: February 13, 2014, 05:31:03 PM »
@ TheKochs : I tried to install again everything went nice and smooth I followed all the correct procedures but when I try to test it CryptoPrevent that is once again I get the following message.

Prevention not applied or unsuccessful. Be sure to reboot the PC after applying protection before testing.

Uninstalled it again !  :(
I will ask about it at the Foolishit site shortly.

Dumb question.......I assume you rebooted  ?...it requires to implement the policy changes.
Let me know the thread you post.....would like to follow along there.....
....perhaps it is a post here.....not sure: http://foolishtech.com/viewtopic.php?f=5&t=851&start=60

I thought the site is a tad confusing . Anyway here you go !

http://foolishtech.com/viewtopic.php?f=5&t=1248

Yeah, me too.

FYI....I noticed from your signature/info on other thread you have Windows Defender enabled ?
You really need to disable it since you have Avast.....go into it under Optiions/Admin and uncheck option to use this program.
It can cause issues with Avast and it is worthless in terms of A/V anyway.
You also mention you think it could be the problem with Crytoprevent so worth trying/disabling on that count too.
« Last Edit: February 13, 2014, 05:33:37 PM by thekochs »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: I've got Avast; should I get Malwarebtes too?
« Reply #49 on: February 13, 2014, 05:38:19 PM »
Quote
Question.....Avast's anti-rootkit is part of scheduled or boot-time scan, correct ?
avast does a rootkit scan 8min after boot....


Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11239
  • No support PM's thanks
Re: I've got Avast; should I get Malwarebtes too?
« Reply #50 on: February 13, 2014, 05:40:19 PM »
FYI....I noticed from your signature/info on other thread you have Windows Defender enabled ?
You really need to disable it since you have Avast.....go into it under Optiions/Admin and uncheck option to use this program.
It can cause issues with Avast and it is worthless in terms of A/V anyway.
Defender on XP is only spyware so it wont conflict with avast but Defender has an absolutely terrible detection rate and is a waste of resources imo, I'm pretty sure that Defender can be uninstalled in XP.

Offline Tangy

  • Full Member
  • ***
  • Posts: 149
Re: I've got Avast; should I get Malwarebtes too?
« Reply #51 on: February 14, 2014, 01:01:26 AM »
 @ TheKochs , @ Graigb : I have been using WD for three years now never had any conflicts. I am aware that is kind of " useless " this is why sometimes I turn it off then after a while I turn it back on just pissing about really. Don't ask me why I do that to be honest I do not have a good answer.  ;D I'll try installing crypto again with WD disabled and I'll report back

Cheers

PS. That site seems to be like a ghost town.
OS:Win xpsp3 pro, CPU:2.8 GHz, Ram:4 Gb HD:500 Gb,Avastfree18.8.22356,OSArmor,Basilisk+NewMoon(Roytam1),ublockorigin,Adguard, SystemExplorer, MCShield, MBAM on demand, FW:PC Tools Plus ,WinPat,Decentraleyes,privacy badger,minerblock.
OS : Windows 7 pro 64bits Avast free Malwarebytes antiexploit

Offline Tangy

  • Full Member
  • ***
  • Posts: 149
Re: I've got Avast; should I get Malwarebtes too?
« Reply #52 on: February 14, 2014, 01:22:03 AM »
disabled WD. Installed CryptoPrevent still get the same message.

Prevention not applied or unsuccessful. Be sure to reboot the PC after applying protection before testing.

Anyway let's wait and see what they've got to say on this other thread.

OS:Win xpsp3 pro, CPU:2.8 GHz, Ram:4 Gb HD:500 Gb,Avastfree18.8.22356,OSArmor,Basilisk+NewMoon(Roytam1),ublockorigin,Adguard, SystemExplorer, MCShield, MBAM on demand, FW:PC Tools Plus ,WinPat,Decentraleyes,privacy badger,minerblock.
OS : Windows 7 pro 64bits Avast free Malwarebytes antiexploit

Randissimo

  • Guest
Re: I've got Avast; should I get Malwarebtes too?
« Reply #53 on: February 15, 2014, 10:12:12 PM »
Prevention not applied or unsuccessful. Be sure to reboot the PC after applying protection before testing.
What Windows version are you exactly using? As far as I know, "group policy editor" is only a feature for Windows Pro, Ultimate, Enterprise or Server
versions, so I don't know whether using an application which creates rules in gpedit will work with "Home" versions, since I'm only using "Pro" versions.
If you're using Windows 7 Home you might try to get gpedit first: http://www.w7forums.com/threads/install-gpedit-on-win-7-home-editions.10839/.

however SAS never found anything that Malwarebytes did not find, exept tracking cookies that MBAM does not target...so i just dropped it
The same here + you can just run the cleaner you trust to regularly clean the c:\users\your_username\cookies and the c:\users\your_username\appdata\roaming\microsoft\windows\cookies\ folder, though it was thanks to SAS that I figured it out, so I didn't have to run it again anymore.
Though after using mvps HOSTS file and automatically removing LSOs with BetterPrivacy (except for the Flashplayer settings that I want to keep), I practically haven't encountered tracking cookies at all.

@ topic:
In theory, Windows MSE/Windows Defender in 8/8.1 with the Windows FW+Router FW should suffice if you're using "brain 2.0". Avast or any other third party AV programm might add a little bit more "active protection" and/or "detection", but it does not replace "brain 2.0".
On the other side, there are cases where neither "brain 2.0" nor Avast or any other AV program helps. For example, drive-by downloads, which often happen by exploiting programs coming from infected ads.
For that reason, I'm always checking whether Flash, browser or any other security relevant program is up to date and I consequently block any ad on the net as well as third party JS with NoScript (I only turn on the scripts I really have to for the site to work properly after I checked any unknown website at http://urlvoid.com/ and/or https://www.virustotal.com/. BTW: VT has a nice utility to directly upload files <20MB from your computer and check it with over 40 AVs or <64MB if you're using the website ).

There are more things for active and for passive protection.

Active protection is for example your AV. Another would be HIPS from third party firewalls. It's up to you how many active protection you really want, since they might slow your Computer and/or create more problems for example with Blue Screens or with having to click more messages away, especially during new installations which aren't in the HIPS rules yet.

Passive protection is more like a check to see whether everything's still O.K. and here lies the answer to the question:
Malwarebytes is a great tool to check for potential unwanted programs (PUPs, especially Adware/toolbars bundled with installers) and newer trojans. While it is not mandatory, especially if you're having a good active protection, I would recommend using Malwarebytes as a "second opinion" to your main AV-scan.
Additionally, you could scan your computer with programs such as Farbar Recovery Scan Tool, though you might not be able to find traces of malware if there is shown, but you can check every unknown entry with Google and VT like I do or just ask for help, though you need to be aware that you're sharing potentially private information which might show in those logs, for example which programs are installed.
Also, you might try out SARDU to create a multiboot USB/CD with many bootable scanners to scan once in a while, which are more effective than any started within Windows where potential rootkits could still be hiding from your AV. You might need to pay attention for Adware bundled in this installer and turn Avast protection off while creating the USB stick to format it correctly.

While we're on the topic of adware: Adwcleaner and Junkware Removal Tool (JRT) do a great job in removing browser hijackers, adware, toolbars and any other "junk programs".

And last but not least: It doesn't matter which and how many "security programs" you're using, since you won't get 100% protection anyways. For that reason, I would also recommend to regularly backup your important files and/or use image recovery software in a worst case scenario, for example with Macrium Reflect or with Paragon Backup & Recovery, so that you can get back to a properly working state without wasting hours of time to re-install and set-up all programs, updates and settings again.

 
   

 
« Last Edit: February 15, 2014, 10:18:30 PM by Randissimo »

thekochs

  • Guest
Re: I've got Avast; should I get Malwarebtes too?
« Reply #54 on: February 15, 2014, 11:23:00 PM »
Prevention not applied or unsuccessful. Be sure to reboot the PC after applying protection before testing.
What Windows version are you exactly using? As far as I know, "group policy editor" is only a feature for Windows Pro, Ultimate, Enterprise or Server
versions, so I don't know whether using an application which creates rules in gpedit will work with "Home" versions, since I'm only using "Pro" versions.   

I am using W7 64-bit Home Premium on all my PCs and CryptoPrevent works fine.
However, Tangy is on Win XP SP3 Pro by his post on FooloshTech.com: http://foolishtech.com/viewtopic.php?f=5&t=1248
.....but the site shows "CryptoPrevent is a tiny utility to lock down any Windows OS (XP, Vista, 7, 8, and 8.1)"
« Last Edit: February 15, 2014, 11:25:39 PM by thekochs »

Randissimo

  • Guest
Re: I've got Avast; should I get Malwarebtes too?
« Reply #55 on: February 16, 2014, 01:00:43 AM »
I am using W7 64-bit Home Premium on all my PCs and CryptoPrevent works fine.
However, Tangy is on Win XP SP3 Pro by his post on FooloshTech.com: http://foolishtech.com/viewtopic.php?f=5&t=1248
.....but the site shows "CryptoPrevent is a tiny utility to lock down any Windows OS (XP, Vista, 7, 8, and 8.1)"
I've thought it had to do something with the group policy editor feature. Nevermind, then.

thekochs

  • Guest
Re: I've got Avast; should I get Malwarebtes too?
« Reply #56 on: February 16, 2014, 02:04:34 AM »
I am using W7 64-bit Home Premium on all my PCs and CryptoPrevent works fine.
However, Tangy is on Win XP SP3 Pro by his post on FooloshTech.com: http://foolishtech.com/viewtopic.php?f=5&t=1248
.....but the site shows "CryptoPrevent is a tiny utility to lock down any Windows OS (XP, Vista, 7, 8, and 8.1)"
I've thought it had to do something with the group policy editor feature. Nevermind, then.

It does: http://www.foolishit.com/vb6-projects/cryptoprevent/

Prevention Methodology
CryptoPrevent artificially implants group policy objects into the registry in order to block certain executables in certain locations from running. The number of rules created by CryptoPrevent is somewhere between 150 and 200+ rules depending on the OS and options selected, not including whitelisting!  Note that because the group policy objects are artificially created, they will not display in the Group Policy Editor on a Professional version of Windows — but rest assured they are still there!  Executables now protected against (starting with v2.6) are *.exe *.com *.scr and *.pif, and these executables are blocked in the paths below where * is a wildcard:

%appdata% / %localappdata% / Recycle Bin - These locations are used by Cryptolocker and other malware as launch points.
◦%appdata% and any first-level subdirectories in %appdata%  (e.g. %appdata%\directory1, %appdata%\directory2, etc.)
◦%localappdata% (and on Windows XP, any first-level subdirectories in there.)  NOTE beginning with v2.2, any time %localappdata% is referred to on this page, it also refers to %userprofile%\Local Settings\Application data on Windows XP, where %localappdata% is not an actual environment variable.
◦The All Users application data and local settings\application data paths on XP.
◦The Recycle Bin on all drives, and multiple nested subfolders.

%userprofile% / %programdata% / Startup Folder
◦the %userprofile% and %programdata% paths (no nested subfolders.)
◦the Startup folder located in the Start menu > All Programs > Startup

Fake File Extension Executables:  (ex. document.docx.exe)
◦*.x.y where: ◦x = pdf, doc, docx, xls, xlsx, ppt, pptx, txt, rtf, zip, rar, 7z, jpeg, jpg, png, gif, avi, mp3, wma, wmv, wav, divx, mp4
◦y = exe, com, scr, and pif.

◦with v4.1, now includes RLO (Right to Left Override) exploit protection.

Temp Extracted Executables in Archive Files:
◦%temp%\rar* directories
◦%temp%\7z* directories
◦%temp%\wz* directories
◦%temp%\*.zip directories

The final four locations above are temporary extract locations for executables when run from directly inside of a compressed archive (e.g. you open download.zip in Windows Explorer, WinRAR, WinZip, or 7zip, and execute an .EXE from directly inside the download, it is actually extracted to a temporary location and run from there – so this guards against that as well; however this option may interfere with certain program installations (e.g. Firefox) and for this reason this option is NOT recommended for most people.)

NOTE the variable %temp% is no longer used, and instead the actual temp file path is expanded after %userprofile%.  There is an apparent bug in Microsoft’s software prevention policies that does not allow for the %temp% environment variable to be used in the rules (as it does allow %appdata% or %userprofile%)… so protection for %temp% folders is now applied by expanding the full path to the user’s temp folder (after %userprofile%) in each rule set.   In prior versions, CryptoPrevent attempted to use the %temp% environment variable to protect all user accounts, but it was later discovered that methodology wasn’t working on all systems.  If you applied protection with prior versions and want temp extracted exes blocked, you may want to reapply protection with v2.2 to ensure it will work for you.

Protection does not need to be applied while logged into each user account, it may be applied only once from ANY user account and it will protect all user accounts on the system.
« Last Edit: February 16, 2014, 02:06:16 AM by thekochs »

Randissimo

  • Guest
Re: I've got Avast; should I get Malwarebtes too?
« Reply #57 on: February 16, 2014, 12:38:28 PM »
I should have read the first paragraph more precisely, thanks for the copy paste.

Offline Tangy

  • Full Member
  • ***
  • Posts: 149
Re: I've got Avast; should I get Malwarebtes too?
« Reply #58 on: February 16, 2014, 10:56:23 PM »
 Well, I was referred to this topic here:

http://www.foolishtech.com/viewtopic.php?f=5&t=868

I skimmed through it but to be honest I can't really be arsed to look into all the things suggested. Anyway my win copy is not in English.  I guess I can't do without Cryptoprevent even though I quite like the concept.

Cheers

 ;)
OS:Win xpsp3 pro, CPU:2.8 GHz, Ram:4 Gb HD:500 Gb,Avastfree18.8.22356,OSArmor,Basilisk+NewMoon(Roytam1),ublockorigin,Adguard, SystemExplorer, MCShield, MBAM on demand, FW:PC Tools Plus ,WinPat,Decentraleyes,privacy badger,minerblock.
OS : Windows 7 pro 64bits Avast free Malwarebytes antiexploit

thekochs

  • Guest
Re: I've got Avast; should I get Malwarebtes too?
« Reply #59 on: February 16, 2014, 11:10:16 PM »
Well, I was referred to this topic here:

http://www.foolishtech.com/viewtopic.php?f=5&t=868

I skimmed through it but to be honest I can't really be arsed to look into all the things suggested. Anyway my win copy is not in English.  I guess I can't do without Cryptoprevent even though I quite like the concept.

I would post on the FoolishTech thread with your details and perhaps they will provide a patch to V4.3.