Moog-Type-S

I'd dump Kaspersky, but you can keep adaware and spybot.


BTW you should download Malwarebytes.

#1 STUNNA

Its generally not a good idea to have two AVs installed. For example running norton and AVG on the same system is gonna bring your system to a halt. I personally wouldn't run MSE and another real-time AV or spyware program.

Will Y.

Got that too-- just didn't mention.

The Norton suite seemed to suck, so I uninstalled it when the trial period expired. The Kaspersky seems much faster and uses less memory.

I've never had two anti-malware or anti-virus programs catch the same bug simultaneously, whether live or on manual scans, although alerts are pretty rare anyway.

6MTUA5

iTrader: (2)

I finally downloaded it for my desktop. Got the updates and am running the scan now.

Anachostic

Just installed and ran. This is in the System event log:

Shirley.

#1 STUNNA

Yiggity yo! The beta for MSE 2.0 is live on connect, sign up if you want to try it out.

http://go.microsoft.com/fwlink/?LinkId=197385

Gfaze

Sweet!

speedemon90

Why can't it integrate with google chrome also

RyanCHICL

iTrader: (1)

Awesome, can't wait to try it.

#1 STUNNA

FYI the Network Inspection System only works on Vista and higher since it uses Windows Filtering Platform

Just yet another reason that Vista/7 are more advanced and secure OSes than XP, please get rid of that shit!

http://arstechnica.com/microsoft/new...protection.ars
http://www.microsoft.com/whdc/device/network/wfp.mspx

#1 STUNNA

I don't see much difference in the next version. Still no previous scan history and the right click "scan with security essientials" context menu add-on is gone, maybe it's just me IDK and the program has a different background.

Actually durrrr, Last scan is at the bottom of the home page and version 1.x has had that too. Maybe they added it with one of the updates and I never noticed.

Mizouse

shit.. my favorite porn torrent website gave me a notification with MSE about malware

never had any AV software give me a warning about the site.
actually now that i think about it, ive gone there millions if not billions of times in the past and never had anything show up.

anyways im still going to goto the website.

#1 STUNNA

what browser and OS are you using?

Imma take a wild guess and say firefox!

puretna?

Mizouse

win 7.

and it happens in both IE and firefox.

and no not puretna... empornium

alex2364

I got the same warning.

#1 STUNNA

but the chance of any malware being successfully installed and f-ing up your system is much higher with Firefox than IE or Chrome. That's because IE and Chrome are sandboxed from the rest of the system meaning that anything that gets download can't access system files, etc cause they have lower than user rights. While Firefox inherits the user rights and therefore has access to system files and malware that comes through Firefox has access to much more of the system than IE or Chrome which has none.

http://en.wikipedia.org/wiki/Sandbox...uter_security))

In related news Adobe recently announced that they've teamed up with Microsoft and that the next major version of Reader will incorporate this same sandbox technology (Protected Mode as MSFT calls it) in their Reader software! This is great security news as Adobe products are becoming the most popular avenues of attack by hackers. Now the hackers will defnitely turn their sites to Firefox which still won't have this feature in version 4.

http://blogs.adobe.com/asset/2010/07...cted-mode.html

This is the one reason why I tell people not to use Firefox, and sadly it users think they're more secure cause they are using firefox.

Mizouse

speedemon90

Interesting, I never knew that about IE or chrome. Didn't know firefox was not up to par with those in security. Good thing I dont have firefox I basically only use chrome.

Does security essentials work with IE to give real time protection? I think I remember reading it did, I know it won't do it with chrome, which sucks. Ohh well I'm still gonna stick to chrome

#1 STUNNA

By chance what malware did it say it was? Can you post a screen shot? On Tuesday I dealt with a client that had MSE installed and had gotten a fake MSE pop-up saying it had found an unknown trojan and then when they clicked the "clean computer" button they actually installed malware on to their system. Sneaky. It installed some scareware called "Major Defense Kit" and the Alureon Rootkit aka TDSS which is almost impossible to remove if you don't know what you're doing.

So look into that. Easiest way to see if you're infected is to try and update MSE virus definitions, if you got TDSS it won't let you.

I submitted a couple samples of the Major Defense Kit malware to MSFT and they've already added it to their definitions.

#1 STUNNA

It already has realtime protection that's why it popped up on Miz PC. It's got somehow better protection with some sort of IE integration, not sure what that means, though I'd like to learn more.

I'll stick to Chrome as well, we'll see when IE9 rolls around if I switchback or not....

Mizouse

its Adware:JS/Pornpop.A

i dont think it was a fake MSE pop up.
would a fake MSE pop up turn the MSE task bar icon orange?

#1 STUNNA

No, that'd be a good ass pop up unless......................... the whole MSE app was fake! Woah! That's like discovering that there is no spoon!!

http://www.youtube.com/watch?v=ZaJPNrf1DPY

alex2364

#1 STUNNA

Ok that was legit. This is the fake pop-up they got



it looks completely legit, I'd probably fall for it.

http://removal-tool.com/fake-microso...entials-alert/

Only difference between the fake and the real is that fake doesn't have the link at the end of the blurb that says "what do the alert levels mean?" and there's no drop down list in the recommendation field

Mizouse

Those assholes...
I'd probably fall for it too.

#1 STUNNA

Also notice that the exploit you guys got is attempting to use Java Script (that's what the JS means), make sure your Java is up to date. In fact I'd recommend everyone go to www.ninite.com and click on adobe reader, flash (IE and non-IE), java, silverlight, malwarebytes, and your browser of choice and update all of them to the latest version. I'll do it too.

I do this ALL the time on my clients computers. I must use Ninite at least 2-3 times a day at work. It's a quick and simple way of updating important 3rd party software on a PC.

Seriously.

www.ninite.com

speedemon90

doesnt all that stuff update automatically? Sorry if that is a newb response.

Ohh and 2-3 times a day Do they pop up with different patches that quickly or something?

#1 STUNNA

No they don't update automatically. They'll notify when an update is available but you have to click through and install it and in my experience about 99% of people don't install it, they all click "remind me later". Then they never get the updated version that fixes the security hole and then they visit some site that exploits that security hole that they never patched and then I have to come fix their PC.

I do it 2-3 times a day cause I work on a lot of PCs at my IT job. Only once per PC....

Gfaze

Stunna, you ever come across Win32/Unruy.D? It's on an older XP Pro system I have. MSE finds it, sometimes removes it and if it can't it will quarantine, but then the damn thing regenerates upon reboot!

I've tried posting to several malware forums but I don't get any response for some reason.

Any ideas?

Mizouse

Do you have a spare hard drive?
Install a clean copy of windows to it & mSE.
Then plug in the infected drive and have the clean computer attempt to clean it.

#1 STUNNA

It's probably hiding in your system restore files. Turn system restore off, remove with MSE and see if it still regenerates.

Also run Ccleaner to delete your temp Internet files and run malwarebytes too

#1 STUNNA

here's a bunch of info about that trojan.

http://www.microsoft.com/security/po...:Win32/Unruy.D

which OS are you using?

Mizouse

he said win xp pro

#1 STUNNA

, I figured.

Gfaze

Ran Ccleaner and malwarebytes already, no luck. I'll try turning system restore off. Maybe I should delete all the previous restore points too? I know the system will allow all but one to be deleted.

Bearcat94

I've been running MSE since you recommended it some time ago (might have been the beginning of this thread).

It's worked well. There are two thing I find annoying though:

- If turn off real time protection (i.e. make it a scan only tool) it harasses the crap out you about your system being vulnerable. IOW - you can't say, "OK" and turn off the warning.

- When it auto updates, it's a resource hog; bogs everything down.

#1 STUNNA

You'll always get a warning when real-time protection is not running on any AV, it's part of windows. That's a windows thing not MSE, if windows detects that there's no real-time AV running from any company whether it be Norton, mcafee, AVG, Avast, Panda, etc it's going to notify you with the red shield.

When you do a clean install of windows for the first time one of the first prompts you get is a notification that no AV is running.

AZuser

Try running Combofix --> http://www.bleepingcomputer.com/comb...o-use-combofix

and

Kaspersky's Virus Removal Tool --> http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

in safe mode?

#1 STUNNA

turning off system restore deletes all restore points

malware often hides in restore points so that it can come back after being removed by AV, turning off system restore stops that.

p.s. you can turn system restore back on after confirming the malware is gone

Bearcat94

Nice.