I'd dump Kaspersky, but you can keep adaware and spybot.


BTW you should download Malwarebytes.

 

Its generally not a good idea to have two AVs installed. For example running norton and AVG on the same system is gonna bring your system to a halt. I personally wouldn't run MSE and another real-time AV or spyware program.

 

Got that too-- just didn't mention.

The Norton suite seemed to suck, so I uninstalled it when the trial period expired. The Kaspersky seems much faster and uses less memory.

I've never had two anti-malware or anti-virus programs catch the same bug simultaneously, whether live or on manual scans, although alerts are pretty rare anyway.

 

I finally downloaded it for my desktop. Got the updates and am running the scan now.

 

Just installed and ran. This is in the System event log:

Shirley.

 

Yiggity yo! The beta for MSE 2.0 is live on connect, sign up if you want to try it out.

http://go.microsoft.com/fwlink/?LinkId=197385

 

Sweet!

 

Why can't it integrate with google chrome also

 

Awesome, can't wait to try it.

 

FYI the Network Inspection System only works on Vista and higher since it uses Windows Filtering Platform

Just yet another reason that Vista/7 are more advanced and secure OSes than XP, please get rid of that shit!

http://arstechnica.com/microsoft/new...protection.ars
http://www.microsoft.com/whdc/device/network/wfp.mspx

 

I don't see much difference in the next version. Still no previous scan history and the right click "scan with security essientials" context menu add-on is gone, maybe it's just me IDK and the program has a different background.

Actually durrrr, Last scan is at the bottom of the home page and version 1.x has had that too. Maybe they added it with one of the updates and I never noticed.

 

shit.. my favorite porn torrent website gave me a notification with MSE about malware

never had any AV software give me a warning about the site.
actually now that i think about it, ive gone there millions if not billions of times in the past and never had anything show up.

anyways im still going to goto the website.

 

what browser and OS are you using?

Imma take a wild guess and say firefox!

puretna?

 

win 7.

and it happens in both IE and firefox.

and no not puretna... empornium

 

I got the same warning.

 

but the chance of any malware being successfully installed and f-ing up your system is much higher with Firefox than IE or Chrome. That's because IE and Chrome are sandboxed from the rest of the system meaning that anything that gets download can't access system files, etc cause they have lower than user rights. While Firefox inherits the user rights and therefore has access to system files and malware that comes through Firefox has access to much more of the system than IE or Chrome which has none.

http://en.wikipedia.org/wiki/Sandbox...uter_security))

In related news Adobe recently announced that they've teamed up with Microsoft and that the next major version of Reader will incorporate this same sandbox technology (Protected Mode as MSFT calls it) in their Reader software! This is great security news as Adobe products are becoming the most popular avenues of attack by hackers. Now the hackers will defnitely turn their sites to Firefox which still won't have this feature in version 4.

http://blogs.adobe.com/asset/2010/07...cted-mode.html

This is the one reason why I tell people not to use Firefox, and sadly it users think they're more secure cause they are using firefox.

 

 

Interesting, I never knew that about IE or chrome. Didn't know firefox was not up to par with those in security. Good thing I dont have firefox I basically only use chrome.

Does security essentials work with IE to give real time protection? I think I remember reading it did, I know it won't do it with chrome, which sucks. Ohh well I'm still gonna stick to chrome

 

By chance what malware did it say it was? Can you post a screen shot? On Tuesday I dealt with a client that had MSE installed and had gotten a fake MSE pop-up saying it had found an unknown trojan and then when they clicked the "clean computer" button they actually installed malware on to their system. Sneaky. It installed some scareware called "Major Defense Kit" and the Alureon Rootkit aka TDSS which is almost impossible to remove if you don't know what you're doing.

So look into that. Easiest way to see if you're infected is to try and update MSE virus definitions, if you got TDSS it won't let you.

I submitted a couple samples of the Major Defense Kit malware to MSFT and they've already added it to their definitions.

 

It already has realtime protection that's why it popped up on Miz PC. It's got somehow better protection with some sort of IE integration, not sure what that means, though I'd like to learn more.

I'll stick to Chrome as well, we'll see when IE9 rolls around if I switchback or not....

 

its Adware:JS/Pornpop.A

i dont think it was a fake MSE pop up.
would a fake MSE pop up turn the MSE task bar icon orange?

 

No, that'd be a good ass pop up unless......................... the whole MSE app was fake! Woah! That's like discovering that there is no spoon!!

http://www.youtube.com/watch?v=ZaJPNrf1DPY

 

 

Ok that was legit. This is the fake pop-up they got



it looks completely legit, I'd probably fall for it.

http://removal-tool.com/fake-microso...entials-alert/

Only difference between the fake and the real is that fake doesn't have the link at the end of the blurb that says "what do the alert levels mean?" and there's no drop down list in the recommendation field

 

Those assholes...
I'd probably fall for it too.

 

Also notice that the exploit you guys got is attempting to use Java Script (that's what the JS means), make sure your Java is up to date. In fact I'd recommend everyone go to www.ninite.com and click on adobe reader, flash (IE and non-IE), java, silverlight, malwarebytes, and your browser of choice and update all of them to the latest version. I'll do it too.

I do this ALL the time on my clients computers. I must use Ninite at least 2-3 times a day at work. It's a quick and simple way of updating important 3rd party software on a PC.

Seriously.

www.ninite.com

 

doesnt all that stuff update automatically? Sorry if that is a newb response.

Ohh and 2-3 times a day Do they pop up with different patches that quickly or something?

 

No they don't update automatically. They'll notify when an update is available but you have to click through and install it and in my experience about 99% of people don't install it, they all click "remind me later". Then they never get the updated version that fixes the security hole and then they visit some site that exploits that security hole that they never patched and then I have to come fix their PC.

I do it 2-3 times a day cause I work on a lot of PCs at my IT job. Only once per PC....

 

Stunna, you ever come across Win32/Unruy.D? It's on an older XP Pro system I have. MSE finds it, sometimes removes it and if it can't it will quarantine, but then the damn thing regenerates upon reboot!

I've tried posting to several malware forums but I don't get any response for some reason.

Any ideas?

 

Do you have a spare hard drive?
Install a clean copy of windows to it & mSE.
Then plug in the infected drive and have the clean computer attempt to clean it.

 

It's probably hiding in your system restore files. Turn system restore off, remove with MSE and see if it still regenerates.

Also run Ccleaner to delete your temp Internet files and run malwarebytes too

 

here's a bunch of info about that trojan.

http://www.microsoft.com/security/po...:Win32/Unruy.D

which OS are you using?

 

he said win xp pro

 

, I figured.

 

Ran Ccleaner and malwarebytes already, no luck. I'll try turning system restore off. Maybe I should delete all the previous restore points too? I know the system will allow all but one to be deleted.

 

I've been running MSE since you recommended it some time ago (might have been the beginning of this thread).

It's worked well. There are two thing I find annoying though:

- If turn off real time protection (i.e. make it a scan only tool) it harasses the crap out you about your system being vulnerable. IOW - you can't say, "OK" and turn off the warning.

- When it auto updates, it's a resource hog; bogs everything down.

 

You'll always get a warning when real-time protection is not running on any AV, it's part of windows. That's a windows thing not MSE, if windows detects that there's no real-time AV running from any company whether it be Norton, mcafee, AVG, Avast, Panda, etc it's going to notify you with the red shield.

When you do a clean install of windows for the first time one of the first prompts you get is a notification that no AV is running.

 

Try running Combofix --> http://www.bleepingcomputer.com/comb...o-use-combofix

and

Kaspersky's Virus Removal Tool --> http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

in safe mode?

 

turning off system restore deletes all restore points

malware often hides in restore points so that it can come back after being removed by AV, turning off system restore stops that.

p.s. you can turn system restore back on after confirming the malware is gone

 

Nice.