Microsoft Security Essentials, free Antivirus
I think combofix did the job! 
Thread Starter
Sanest Florida Man
Joined: Aug 2007
Posts: 46,022
Likes: 11,790
From: Florida
For those using the new beta there is a small issue that I had on a couple of my machines. If after installing the beta the "scan with microsoft security essentials..." option is missing you can easily add it back by running from a cmd prompt with elevated privileges this command, quotes included:
regsvr32 "C:\Program Files\Microsoft Security Client\shellext.dll"
that will add it back right away
regsvr32 "C:\Program Files\Microsoft Security Client\shellext.dll"
that will add it back right away
There used to be a workaround for running 32bit apps in x64 environments. I still use it on windows 2003 x64 actually but it appears to have been removed from win7 
The following code I have in a shortcut opens explorer in 32bit mode on win2k3 x64. I use it to execute some 32bit VB scripts.
%windir%\syswow64\explorer.exe /separate
The following code I have in a shortcut opens explorer in 32bit mode on win2k3 x64. I use it to execute some 32bit VB scripts.
%windir%\syswow64\explorer.exe /separate
Thread Starter
Sanest Florida Man
Joined: Aug 2007
Posts: 46,022
Likes: 11,790
From: Florida
I came across this today
A nice fake MSE message. The person didn't even have MSE installed or any AV for that matter. It says that iexplore.exe is an infected file and the process name of of the fake AV was hotfix.exe, LOL! now that'd probably fool a n00b tech guy but I laughed when I saw that.
So I opened Process explorer and suspended the process then ran ninite.com installed MSE and it caught the fake MSE and removed it.
I did notice that MSE doesn't scan temp files when it does a quick scan, only full scans. So when i ran malwarebytes and it began scanning the temp files MSE picked up two more infected fake MSE files in the temp folder that it didn't get during the quick scan. but malwarebytes didn't catch those 2 files so that's why I like to run the combo of these two programs, they usually compliment each other.
A nice fake MSE message. The person didn't even have MSE installed or any AV for that matter. It says that iexplore.exe is an infected file
and the process name of of the fake AV was hotfix.exe, LOL! now that'd probably fool a n00b tech guy but I laughed when I saw that.So I opened Process explorer and suspended the process then ran ninite.com installed MSE and it caught the fake MSE and removed it.
I did notice that MSE doesn't scan temp files when it does a quick scan, only full scans. So when i ran malwarebytes and it began scanning the temp files MSE picked up two more infected fake MSE files in the temp folder that it didn't get during the quick scan. but malwarebytes didn't catch those 2 files so that's why I like to run the combo of these two programs, they usually compliment each other.
Last edited by #1 STUNNA; Oct 5, 2010 at 11:59 AM.
Awesome, that does look pretty legit. I recently got another computer and MSE was my first install.
Stunna, I recently read online that the BETA has less signatures than the 1.x. Is there any truth to that? I was on a malware forum BTW.
Stunna, I recently read online that the BETA has less signatures than the 1.x. Is there any truth to that? I was on a malware forum BTW.
Thread Starter
Sanest Florida Man
Joined: Aug 2007
Posts: 46,022
Likes: 11,790
From: Florida
I don't think so, I'm pretty sure they use the same signatures between MSE, Forefront and Windows Defender.
The current latest version is 1.91.1166.0 which is what I have in the beta version and what's currently posted on this site.
https://www.microsoft.com/security/p...tions/ADL.aspx
Oh yeah that might be a good link for you guys to know about. you can download the latest definitions manually from that site and see the changelog for each definition including new threats it detects and updates to reflect changes in already known threats.
The current latest version is 1.91.1166.0 which is what I have in the beta version and what's currently posted on this site.
https://www.microsoft.com/security/p...tions/ADL.aspx
Oh yeah that might be a good link for you guys to know about. you can download the latest definitions manually from that site and see the changelog for each definition including new threats it detects and updates to reflect changes in already known threats.
Last edited by #1 STUNNA; Oct 5, 2010 at 06:52 PM.
Thread Starter
Sanest Florida Man
Joined: Aug 2007
Posts: 46,022
Likes: 11,790
From: Florida
Also I heard it from a good source that the HP Envy Series laptops are shipping with MSE installed!! I wonder if MS is giving them a discount to include it.
For example the PCs I've seen don't come with an Office 2010 Home & Student Trial version like what happened with Office 2007 and 2003, they now come with Office 2010 Starter Edition. Which is Word and Excel only, doesn't have all the features of the pay version and is ad-supported. Anyways Office Starter along with Windows Live essentials, if they're included with Windows on a PC then MSFT sells Windows to the OEM at a discounted price. The more MSFT software they include the more of a discount they get.
I wonder if MSE is now included in this. I think this plan is a pretty good idea, Windows Live Essentials is great software, as is MSE and Office Starter is probably enough for everyday home users and they've always assumed that Windows came with a free copy of Office even though it never did, well now it does!
For example the PCs I've seen don't come with an Office 2010 Home & Student Trial version like what happened with Office 2007 and 2003, they now come with Office 2010 Starter Edition. Which is Word and Excel only, doesn't have all the features of the pay version and is ad-supported. Anyways Office Starter along with Windows Live essentials, if they're included with Windows on a PC then MSFT sells Windows to the OEM at a discounted price. The more MSFT software they include the more of a discount they get.
I wonder if MSE is now included in this. I think this plan is a pretty good idea, Windows Live Essentials is great software, as is MSE and Office Starter is probably enough for everyday home users and they've always assumed that Windows came with a free copy of Office even though it never did, well now it does!
Thread Starter
Sanest Florida Man
Joined: Aug 2007
Posts: 46,022
Likes: 11,790
From: Florida
MSE 2.0 is now available. However MS removed the IE integration feature due to poor performance. But it still has the network inspection service.
You can download it here or wait for it to update itself.
http://www.microsoft.com/downloads/e...DisplayLang=en
You can download it here or wait for it to update itself.
http://www.microsoft.com/downloads/e...DisplayLang=en
Thread Starter
Sanest Florida Man
Joined: Aug 2007
Posts: 46,022
Likes: 11,790
From: Florida
Windows Firewall integration– Microsoft Security Essentials allows you to turn on or off the Windows Firewall during setup.
New protection engine – The updated antimalware engine offers enhanced detection and cleanup capabilities with better performance.
Network inspection system – Provides enabled functionality to help protect against network-based exploits
New protection engine – The updated antimalware engine offers enhanced detection and cleanup capabilities with better performance.
Network inspection system – Provides enabled functionality to help protect against network-based exploits
Yes it works with XP
Thread Starter
Sanest Florida Man
Joined: Aug 2007
Posts: 46,022
Likes: 11,790
From: Florida
For clarification the IE integration was only a feature in the first betas of MSE 2 it was never in version 1.0 so you're not losing a feature if you upgrade from version 1
Thread Starter
Sanest Florida Man
Joined: Aug 2007
Posts: 46,022
Likes: 11,790
From: Florida
Actually, if you were running the beta of MSE 2.0 then you don't have to restart after upgrading. he might be on the beta.....
Thread Starter
Sanest Florida Man
Joined: Aug 2007
Posts: 46,022
Likes: 11,790
From: Florida
So here's what's different between the versions besides the cooler look
You can limit CPU usage during a scan
You can now choose to only monitor incoming or only monitor outgoing files. It also has behavior monitoring (aka heuristics scanning) and network inspection service.
You can remove quarantined files automatically after a set period of time
You can now opt-out of spynet for you privacy nuts
You can limit CPU usage during a scan
You can now choose to only monitor incoming or only monitor outgoing files. It also has behavior monitoring (aka heuristics scanning) and network inspection service.
You can remove quarantined files automatically after a set period of time
You can now opt-out of spynet for you privacy nuts
Last edited by #1 STUNNA; Dec 17, 2010 at 10:13 AM.
1919
Joined: Mar 2005
Posts: 21,467
Likes: 162
I like the limit CPU feature...one thing I can't stand about most AVs.
I'm going to look at some old P.O.S. soon that will probably need that thing on 10% when I install it...right now they have some McAfee paid version on there hogging everything, and I think it's got like 512 RAM
I <3 the side money from easy jobs
I'm going to look at some old P.O.S. soon that will probably need that thing on 10% when I install it...right now they have some McAfee paid version on there hogging everything, and I think it's got like 512 RAM
I <3 the side money from easy jobs
Thread Starter
Sanest Florida Man
Joined: Aug 2007
Posts: 46,022
Likes: 11,790
From: Florida
MSE Public beta is now live. The improvements are as follows
Automatically cleaning severe malware is a nice improvement. But you guys better hide your keygen programs. You can exclude files and folders from being scanned to prevent that.
It's back to the 1.0 UI, just like it looks in Windows 8.
You can get it here
https://connect.microsoft.com/site981
This Beta version of Microsoft Security Essentials includes the following new features and enhancements to better help protect your PC from threats:
Enhanced protection through automatic malware remediation: The Beta program will clean highly impacting malware infections automatically, with no required user interaction.
Enhanced performance: The Beta includes many performance improvements to make sure your PC performance isn’t compromised.
Simplified UI – Simplified UI makes Microsoft Security Essentials Beta easier to use.
New and improved protection engine: The updated engine offers enhanced detection with cleanup capabilities and better performance.
Enhanced protection through automatic malware remediation: The Beta program will clean highly impacting malware infections automatically, with no required user interaction.
Enhanced performance: The Beta includes many performance improvements to make sure your PC performance isn’t compromised.
Simplified UI – Simplified UI makes Microsoft Security Essentials Beta easier to use.
New and improved protection engine: The updated engine offers enhanced detection with cleanup capabilities and better performance.
It's back to the 1.0 UI, just like it looks in Windows 8.
You can get it here
https://connect.microsoft.com/site981
uʍop ǝpısdn ǝdʎʇ uɐɔ ı
Joined: Apr 2010
Posts: 1,363
Likes: 47
I'm currently running the Win 7 firewall on my new laptop that i use for school work. Do you guys think MSE + Win firewall is good enough to handle a malicious PDF? Ive been debating installing CIS, win firewall is set to public at school.
Thread Starter
Sanest Florida Man
Joined: Aug 2007
Posts: 46,022
Likes: 11,790
From: Florida
To prevent PDF attacks you need to be running Adobe reader X, then.....
That should prevent all known reader exploits.
now for a little advice on how to configure Adobe Reader. Reader like most adobe software is riddled with security holes and they've been getting their ass handed to them as of late on the security front. There are some a couple settings you can change that will help this though.
If you open reader and go to preferences (ctrl + k) and
1. click on "Javascript" and turn off javascript.
2. Then go to "Trust Manager" and turn off "Allow opening of non-pdf file attachments with external applications"
3. choose updates and select the top radio button that says automatically install updates
Now if you're wondering if you should've had a holy shit WTF moment while reading the last two the answer is yes. By default reader allows javascript aka the java exploits I mentioned above to be run via PDF! As are external applications, so you open a PDF and it runs a malicous exe! WTF! Why does reader need to run java or external applications!?!?
I turned these off a few months ago and I'm glad that I did. Recently I was browsing a shady site
and I moused over or accidentally clicked on a flash banner and bam! Reader opens up real fast with a blank PDF and this PDF wants to run Javascript! Luckily I had turned Java off for PDFs and so Reader was waiting for me to approve this PDF to run Java which I of course declined. Then the same thing happened a few days later. I wonder if I had java turned on would that blank empty PDF have even opened or would it have just done it's exploit in the background.
As for downsides, I've yet to see a legit PDF prompt me to run Javascript or open an external application. So please do yourself the favor and turn those settings off.
If you open reader and go to preferences (ctrl + k) and
1. click on "Javascript" and turn off javascript.
2. Then go to "Trust Manager" and turn off "Allow opening of non-pdf file attachments with external applications"
3. choose updates and select the top radio button that says automatically install updates
Now if you're wondering if you should've had a holy shit WTF moment while reading the last two the answer is yes. By default reader allows javascript aka the java exploits I mentioned above to be run via PDF! As are external applications, so you open a PDF and it runs a malicous exe! WTF! Why does reader need to run java or external applications!?!?
I turned these off a few months ago and I'm glad that I did. Recently I was browsing a shady site
and I moused over or accidentally clicked on a flash banner and bam! Reader opens up real fast with a blank PDF and this PDF wants to run Javascript! Luckily I had turned Java off for PDFs and so Reader was waiting for me to approve this PDF to run Java which I of course declined. Then the same thing happened a few days later. I wonder if I had java turned on would that blank empty PDF have even opened or would it have just done it's exploit in the background.As for downsides, I've yet to see a legit PDF prompt me to run Javascript or open an external application. So please do yourself the favor and turn those settings off.
uʍop ǝpısdn ǝdʎʇ uɐɔ ı
Joined: Apr 2010
Posts: 1,363
Likes: 47
bam - done. Thanks for the advice! 
wow, who knew adobe had those settings enabled!
They seem unnecessary for 99% of users.
Im also trying to use googles quick view if its a pdf not from a reputable source as well - let them deal with it / using office live built into skydrive / google docs for excel and word documents i dont trust.
wow, who knew adobe had those settings enabled!
They seem unnecessary for 99% of users.
Im also trying to use googles quick view if its a pdf not from a reputable source as well - let them deal with it / using office live built into skydrive / google docs for excel and word documents i dont trust.
Thread Starter
Sanest Florida Man
Joined: Aug 2007
Posts: 46,022
Likes: 11,790
From: Florida
bam - done. Thanks for the advice!
wow, who knew adobe had those settings enabled!
They seem unnecessary for 99% of users.
Im also trying to use googles quick view if its a pdf not from a reputable source as well - let them deal with it / using office live built into skydrive / google docs for excel and word documents i dont trust.
wow, who knew adobe had those settings enabled!
They seem unnecessary for 99% of users.
Im also trying to use googles quick view if its a pdf not from a reputable source as well - let them deal with it / using office live built into skydrive / google docs for excel and word documents i dont trust.
http://office.microsoft.com/en-us/ex...010355931.aspx