Author Topic: eTrust PestPatrol Anti-Spyware 2005 - 1 year for free!  (Read 26155 times)

0 Members and 1 Guest are viewing this topic.

Mastertech

  • Guest
Re: eTrust PestPatrol Anti-Spyware 2005 - 1 year for free!
« Reply #15 on: October 26, 2005, 05:12:52 PM »
You can read different reviews and different programs will come out on top everytime. If what you are saying is true every single time I test them they would have found something new that wasn't a false positive.

Rootkits are just very rare. Alot of the mentions on these forums are from inaccurate sources. I've checked the posts and you have regular AV scanners finding them. Those can't be rootkits. I think the name "rootkit" is being inaccurately placed on other malware or they are false positives. The only way to detect them is with a program like RootKitRevealer or what is more effective, putting the HD in another computer as a secondary drive. Regardless the only real solution is to reformat if one is found.

I scan customer machines like this and never find anything but the usual malware. Running RootKitRevealer is not a bad idea, just make sure you know what you are doing. I don't have much faith in the other applications out there as being effective to detect the presence of RootKits.

Frank as usual you have a problem giving accurate advice. People coming here need good advice not buy five programs because I don't know the three free ones do the same thing.
« Last Edit: October 26, 2005, 05:16:49 PM by Mastertech »

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: eTrust PestPatrol Anti-Spyware 2005 - 1 year for free!
« Reply #16 on: October 26, 2005, 05:29:57 PM »
My advice is perfectly accurate, if you bother to check the record, for it is exactly the same advice you give: Ad-Aware, Spybot and MS Anti-Spyware together give good cleaning. I'm simply saying that there may be other products worth considering.

Saying that I have recommended buying five products is not true, and not helpful to a reasonable debate.

For your information, AV's detect the so-called pseudo rootkits but can't remove them. These are based on the FU rootkit, I believe.

Fortunately there are some knowledable people who come here to help us out and we have recently been provided with some solutions by a rather accurate source:

http://forum.avast.com/index.php?topic=16982.0

     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Mastertech

  • Guest
Re: eTrust PestPatrol Anti-Spyware 2005 - 1 year for free!
« Reply #17 on: October 26, 2005, 05:57:34 PM »
msdirectx.sys isn't a real rootkit, since it can be removed from the boot drive in safe mode. Real rootkits can only be removed from a bootable CD or in another system but you have no real way to know if you fully removed it. Which is why reformating is the only solution.

Malware that uses some rootkit tricks are not rootkits.

For now you need to use VundoFix in safe mode to remove msdirectx.sys (also known as Winfixer).

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: eTrust PestPatrol Anti-Spyware 2005 - 1 year for free!
« Reply #18 on: October 26, 2005, 06:14:48 PM »
I believe that's why they're called pseudo rootkits. ;)

Thanks for the link.

Check it out next time we see a rootkit virus that uses some rootkit tricks!

     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: eTrust PestPatrol Anti-Spyware 2005 - 1 year for free!
« Reply #19 on: October 27, 2005, 12:45:03 AM »
Hi FwF and Mastertech,

If I am right, and if not please tell me, the conclusion in the case of a real toolkit is, that you cannot detect it from the same system but from an non compromised system. And then the second conclusion if you have a real toolkit, you do not know to what extent your system has been compromised, and the only way open to you is reformat and make a fresh reinstall. If in this phase we are pretty helpless, there must be a way to prevent the toolkit to infect. What are the best ways for prevention? Or must we come to the conclusion that even prevention is not possible, and that would mean a more sinister situation. But a way of prevention must be possible, I presume. Comment please, consider reading this link first:
http://searchwindowssecurity.techtarget.com/tip/1,289483,sid45_gci1086476,00.html

polonus

« Last Edit: October 27, 2005, 01:10:20 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Mastertech

  • Guest
Re: eTrust PestPatrol Anti-Spyware 2005 - 1 year for free!
« Reply #20 on: October 27, 2005, 01:14:54 AM »
It is possible to detect a rootkit from the same system using a tool such as RootKitRevealer but it is not gauranteed. RootKitRevealer is a very effective program but the RootKit writers have already began to attack RootKitRevealer, which is why Mark keeps releasing newer versions to combat the problem. Just make sure you have the latest version. Otherwise you have to scan the drive from a Bootable CD or another system.

The problem is true RootKits can severly compromise core Windows System files which means cleaning it may make the system unusable.

Protection is the same as with other Malware. RootKits install through the same security holes that other Malware use, so being proactive about patching, using updated AV and a firewall will also protect against RootKits.

If you want a software solution, you need to get a program like ProcessGuard. AntiVirus companies are working on their own solution.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: eTrust PestPatrol Anti-Spyware 2005 - 1 year for free!
« Reply #21 on: October 27, 2005, 01:39:54 AM »
Well this sounds reasonable, still a very unwanted situation.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

galooma

  • Guest
Re: eTrust PestPatrol Anti-Spyware 2005 - 1 year for free!
« Reply #22 on: October 27, 2005, 02:05:15 AM »
Is it safe to assume that an IDS(of which there are several) would be bypassed under present situation?

Mastertech

  • Guest
Re: eTrust PestPatrol Anti-Spyware 2005 - 1 year for free!
« Reply #23 on: October 27, 2005, 02:31:15 AM »
ProcessGuard is the only program that can effectively block unknown rootkits. However modern AV such as Avast should catch all known RootKits before they install, if it is running and properly updated.

The systems I find infected with Malware consistently have the same problems:

1. Security Patches were not applied.
2. AV not installed, disabled, outdated or not properly updated.
3. MSJVM installed.
4. No Firewall.

What IDS are you refering to?

galooma

  • Guest
Re: eTrust PestPatrol Anti-Spyware 2005 - 1 year for free!
« Reply #24 on: October 27, 2005, 03:09:53 AM »
A squared have one bundled into their personal program which seems to work well , Kerio pf has one within its program although having used it i never saw it activate, Prev X I believe is much the same and certainly does detect and stop suspicious behaviour.

Mastertech

  • Guest
Re: eTrust PestPatrol Anti-Spyware 2005 - 1 year for free!
« Reply #25 on: October 27, 2005, 03:23:51 AM »
Their IDS would be similiar to AV.

galooma

  • Guest
Re: eTrust PestPatrol Anti-Spyware 2005 - 1 year for free!
« Reply #26 on: October 27, 2005, 05:04:22 AM »
I guess the real issue is isolation and identification rather than just being able to stop unknown code from executing.

neal62

  • Guest
Re: eTrust PestPatrol Anti-Spyware 2005 - 1 year for free!
« Reply #27 on: October 27, 2005, 06:30:18 AM »
Microsoft Anti-Spyware to remain free? According to this article that you can view HERE possibly not. Check it out.

Mastertech

  • Guest
Re: eTrust PestPatrol Anti-Spyware 2005 - 1 year for free!
« Reply #28 on: October 27, 2005, 06:53:35 AM »
Not True:

Windows AntiSpyware to Remain Free (BetaNews)

Quote
Windows enthusiast sites flew into a tizzy this week following a Windows OneCare beta chat session in which a Microsoft employee inferred that Windows AntiSpyware would be dropped at the conclusion of its beta program. There was only one problem with the news: it wasn't true.

While an enterprise version of Windows AntiSpyware will be offered to businesses for a cost and OneCare is also slated include the technology, Microsoft plans to continue making the software available at no charge for end-users.

"Users who validate their Windows install through WGA will be allowed to download the AntiSpyware beta, as well as the full standalone version of AntiSpyware when it releases to the web. This has not changed since Bill Gates announced this information at the RSA conference in February," wrote developer Steve Dodson on his Web log.

"For users who want more services including AntiVirus, computer backup, and AntiSpyware we will be offering Windows OneCare live. Windows OneCare Live is currently in beta, but when it releases to the web it will be available to users with a cost," Dodson added.

neal62

  • Guest
Re: eTrust PestPatrol Anti-Spyware 2005 - 1 year for free!
« Reply #29 on: October 27, 2005, 07:05:04 AM »
Guess we can wait and see who is right in these two articles. At this time and point I tend to believe the post I made. To each their own. Guess it should read "possibly not true".