mjwebb007
My wife has had a recent flurry of virus/spyware activity at work. Unfortunately because of her job she has to look at a lot of gaming websites (especially in other parts of the world) that are not necessarily bad but who knows. Her fairly small company has a guy who is contracted to do their IT work. Her computer already has Norton 2006 on it. I downloaded and installed CCleaner, SpyBot, Ad-Aware 2007 and A-Squared Free. The IT guy wasn't enthusiastic about CCleaner but said not to call him if it caused problems. He directed her to download and install AVG Anti-Virus Free to "backup" Norton. I'm not sure why I think this but isn't double stacking anti-virus software a bad thing? Otherwise why wouldn't every magazine and website tell you to download multiple anti-virus programs like they do with spyware removal/protection software? I personally feel the guy has embellished his credentials and is less of a true IT guy and more of a misdirected enthusiast but that is for another posting. Please advise...
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
DosFreak
Well you can have multiple AV software installed as long as they both do not do real-time scans.
For the paranoid using two different AV software to scan your system would theoretically be more thorough but in practice not really. In the real-world most rootkits/new viruses wouldn't be detected anyway.
CCLeaner is a great piece of software. No need to be afraid of it but it won't do anything to get rid of spyware/viruses.
The first thing to do with that computer if at all possible would be to restore a clean image. If an image isn't available then it'll have to be wiped and reinstalled.
If none of those are possible then I recommend uninstalling Norton and buying Kaspersky or NOD32 antivirus. (You cannot use the free AV software in a business environment....at least not permanently).
Once the AV software is installed and the AV defintions are updated then the computer should be rebooted into safe mode (with no network support) and a full scan should be done.
Ideally you'd use a BartPE/WinPE cd to boot off of and scan the computer but most people do not have those. (You can download the Ultimate Windows Boot CD and create your own very easily though).
What it all comes down to though is that once a computer is compromised there is no way to 100% guarantee that the system is fully clean unless you wipe it and reinstall. It doesn't matter if every AV/Spyware cleanining program in the world confirms that the computer is clean.....they only know as much as what is in their current definitions. Usually you can get away with not bothering with a wipe if the spyware/virus activity was minimal or if it just happened, if it was more than minimal or if it's been infected for a long time it's best to wipe it.
For the paranoid using two different AV software to scan your system would theoretically be more thorough but in practice not really. In the real-world most rootkits/new viruses wouldn't be detected anyway.
CCLeaner is a great piece of software. No need to be afraid of it but it won't do anything to get rid of spyware/viruses.
The first thing to do with that computer if at all possible would be to restore a clean image. If an image isn't available then it'll have to be wiped and reinstalled.
If none of those are possible then I recommend uninstalling Norton and buying Kaspersky or NOD32 antivirus. (You cannot use the free AV software in a business environment....at least not permanently).
Once the AV software is installed and the AV defintions are updated then the computer should be rebooted into safe mode (with no network support) and a full scan should be done.
Ideally you'd use a BartPE/WinPE cd to boot off of and scan the computer but most people do not have those. (You can download the Ultimate Windows Boot CD and create your own very easily though).
What it all comes down to though is that once a computer is compromised there is no way to 100% guarantee that the system is fully clean unless you wipe it and reinstall. It doesn't matter if every AV/Spyware cleanining program in the world confirms that the computer is clean.....they only know as much as what is in their current definitions. Usually you can get away with not bothering with a wipe if the spyware/virus activity was minimal or if it just happened, if it was more than minimal or if it's been infected for a long time it's best to wipe it.
mjwebb007
OP
I appreciate the info. I know about CCleaner. I use it all the time. I think it just goes back to the fact that she did something without his recommendation. I use it just to make sure the registry stays relatively clean and organized and to purge cookies. I don't actually think her computer in particular has been infected and fortunately everything we are doing is preemptive.
I suggested that the all do a complete uninstall of Norton and AVG and buy a volume license for something better (Kaspersky and NOD32 were two of my suggestions).
They know there is no way to defend completely against all virus/spyware but as my wife said "It doesn't mean we should just give up and not try". I am so proud of her.
And the attack was minimal in that it has only affected 3 of the computers in the office. The IT guy was supposed to update everyone's computers with the latest definitions and do scans but his suggestion was to do it themselves and everyone add the aformentioned software and scan themselves. Not sure what they are paying him for.
Are Norton AV 2006 and AVG 8.0 Free both real-time scanners? I am pretty sure that Norton is but I don't know about AVG.
I suggested that the all do a complete uninstall of Norton and AVG and buy a volume license for something better (Kaspersky and NOD32 were two of my suggestions).
They know there is no way to defend completely against all virus/spyware but as my wife said "It doesn't mean we should just give up and not try". I am so proud of her.
And the attack was minimal in that it has only affected 3 of the computers in the office. The IT guy was supposed to update everyone's computers with the latest definitions and do scans but his suggestion was to do it themselves and everyone add the aformentioned software and scan themselves. Not sure what they are paying him for.
Are Norton AV 2006 and AVG 8.0 Free both real-time scanners? I am pretty sure that Norton is but I don't know about AVG.
natasha90
First filter driver in a driver stack common to multiple anti-virus programs, wherein the driver stack is designed to pass requests through both the first filter driver and a second filter driver associated with the driver stack before the requests reach corresponding target drivers, a file-open request to open a target file, said file-open request originating from an application, and said first filter driver associated with a first anti-virus program;
sending an instruction from the first filter driver to a said first anti-virus program to scan the file;receiving a first request at the first filter driver to open the target file, said first request sent from the first anti-virus program;retrieving a handle of a function driver to enable direct communication between the first filter driver and the function driver in a driver stack, said retrieving of the handle performed by the first anti-virus program; Web vulnerability scanning
sending an instruction from the first filter driver to a said first anti-virus program to scan the file;receiving a first request at the first filter driver to open the target file, said first request sent from the first anti-virus program;retrieving a handle of a function driver to enable direct communication between the first filter driver and the function driver in a driver stack, said retrieving of the handle performed by the first anti-virus program; Web vulnerability scanning
