Anti-virus and Anti-Spyware Guide For Beginners by Bella

[bella]

Anti-Virus and Anti-Spyware Guide for beginners

Written & Compiled by Bella

Despite the title, this guide is not only for beginners but for everyone who used their mce machine to surf the net freely and haven't been too careful with downloading stuff.

People who aren't plagued by any virus or spyware can still do the extended scanning regime but with a few adjustments which I will discuss at the end of this guide.

Keep in mind that prevention is always better than having to cure. I was getting to arrogant with downloading stuff and paid for it.

After, I will not go into discussions about the programs I have used and about other procedures. This worked for me and that's what I am sticking to.
I am open to suggestion and anyone who wants to contribute in a positive way is welcome to send me their input or info like new av or ap software they are using.

For the last weeks I have been struggling with a stubborn trojan and finally got rid of it by following a strict regime of deleting stuff and running anti spyware and anti virus scanners.

I found most of the info on websites and posts which vigirously are fighting spyware and virusses. I also got help from several members of this site who put me on the right track. I had to adjust regimes used by some sites because they weren't working for me or they were lacking some info. So, if you think you have seen info looking alike somewhere before, you're right but like I said it's adjusted for us, MCE users.

DISCLAIMER:

I WILL NOT TAKE ANY RESPONSIBILTY IN CASE SOMETHING GOES WRONG WITH YOUR PC'S BY USING THIS GUIDE.
BY USING THIS GUIDE YOU TAKE FULL RESPONSIBILTY YOURSELF.
IF YOU DO NOT AGREE WITH THE ABOVE DISCLAIMER STOP READING NOW AND USE YOUR OWN METHOD.

[break=Chapter 1: PREVENTION]

Chapter 1: PREVENTION:


For people who are new to pc's or do not know what kind of Anti-Spyware or Anti-virus software to use or how to protect your pc of getting infected with a virus of spyware.

The biggest threat to the security of your machine is yourself.


The best anti-spy and virus software cannot protect your pc if you are not careful with browsing or downloading. My pc's had been without any spyware/virus infection for over 15 months and I got into a false mind of security and started downloading more and more free software (legal). Once you hit the enter button to install downloaded files you expose yourself to possible infection and that's what happened to me. It took me a considerable amount of time to clean my pc's.
Software is updated all the time but the crooks are always a few steps ahead.

When browsing dangerous websites you might pick up a dangerous cookie what they call "on the flight" without realising it.

So how can we take measures to prevent this happening.

All the below software is downloadable for free. Descriptions and function of the below used software can be found in the Rescue section of this guide.


1. Use a Firewall


If you want to protect your pc from hackers:

All windows XP versions come with Windows Firewall included

Start > control panel > Windows Firewall > on

If you have a single pc use ZoneAlarm:

ZoneAlarm download link


2. Use Firefox webbrowser and block all cookies.

Mozilla Firefox download link

Despite the new Internet explorer 7, Firefox is still considered to be a safer browser than IE7.

Click on TOOLS > OPTIONS > SECURITY > COOKIES > UN CHECK "ACCEPT COOKIES" from sites.

Every time you visit a website and this website wants to place a cookie on your pc, Firefox will ask you for permission to do so. Only accept cookies from sites you know and thrust.
Sometimes you cannot avoid to accept "naughty" cookies, these are cookies that track all your browser movements but do not mean any harm to your pc. They will be detected by your anti Spyware software and the nature of the cookie will be described by the software, it's entirely up to you to leave or remove the cookie. Doubleclick is one of the cookies used by several websites and is rather harmless.
Cookies are also used to store passwords and user names to log in to websites.

Eg, cookies from Xpmediacentre site are safe.

3. Running some software or some sites still require you to use Internet Explorer 7.

Even when you have Firefox installed as your main browser you are still at risk if you do not disable or restrict IE7.

Open IE7

Click on TOOLS > INTERNET OPTIONS > SECURITY > CUSTOM LEVELS > SET SLIDER TO HIGH > than click PRIVACY > SET SLIDER TO "BLOCK ALL COOKIES"

Close IE7.

If on occasion you have to use IE7, you only have to click "restore default settings"

4. Install Spybot anti spyware:

Spybot download link:

Install Spybot

Click on the "Search for updates" button in the interface.
A list of updates will appear
Download all updates
Sometimes after downloading updates, they will appear with the message "bad checksum". Choose for another download mirror in the top bar of Spybot and download again.
Leave all settings alone unless you know what you are doing.

5. Install Ad-Aware anti Spyware

Ad-Aware SE Personal download link:

Install Ad-Aware
Press the "Look for updates" button and download the updates
Leave the settings to default

6. Install Avast 4 Home Edition anti virus software.

Avast 4 Home Edition Download link

Install Avast
Download all updates
Leave the default settings alone

7. Install CC Cleaner

CC Cleaner Download link:

Install CC Cleaner and open it.
In the right hand bottom corner you will see "check for updates now"

Click to download updates.

To start your new approach to keep your pc's clean, start with a clean slate and get rid of all the cookies that already might be stored on yout pc.
Read the warning underneath.

WARNING!

After running CC Cleaner with all options checked, all your cookies and passwords, temporary files etc... will be lost.

HOWEVER, CC Cleaner is safe for your system and did not cause any problems to my machines.

PROCEDURE:

Write down your passwords you use to log on to sites like XPmediacentre etc...

Configure CC Cleaner:

Click OPTIONS > ADVANCED > UNTICK : " ONLY DELETE FILES IN WINDOWS TEMPORARY FOLDERS OLDER THAN 48 HOURS
Click WINDOWS > TICK ALL OPTIONS
Click APPLICATIONS > TICK ALL OPTIONS
Click "RUN CLEANER"

Close down CC Cleaner.

Now run Spybot and Ad-Aware and Avast.


8. How to install software from sites you do not know?

Always download the file to a folder and do not install it directly from their website. (online anti virus scanner excluded)

Right click on start > explore > look in the folder Firefox downloaded the file, this is by default Documents and Settings/Owner/Desktop

Right click on the file you want to install and click on scan with your anti spyware, after this has finished, click on scan with your anti virus software.
If this option is not available from here, open up your virus software and scan the file from there.


9. Make an image of your Operating system


Once you are sure that your pc is virus and spyware free, make an image with software like Acronis or Ghost. Good luck.


[break=Chapter 2: Clean your PC of Spyware/Virus]

Chapter 2. Clean your pc of spyware/virus


Follow this guide step by step.

For starters, download the following FREE programs in a any folder you like (not a temporary folder) but do not install yet.:

CC Cleaner, CC Cleaner Download link:

Spybot 1.4, Spybot download link:

Lavasoft's Ad-Aware SE Personal Ad-Aware SE Personal download link:

Avast Anti virus Home Edition 4 Avast 4 Home Edition Download link

AVG Anti Spyware 7.5: optional AVG Anti Spyware Download link:

If you are running only 1 rig things are easier. If you running 3 rigs on a network via a router, things become more a bit more complicated. You will have to install all the above mentioned software on each rig and repeat all the procedures.

Running more than 1 rig on a home network:

Make sure you tackle the rigs one by one.

Make sure that only one rig at the time is connected to the network! This is very important, otherwise the virus/trojan simply keeps walking from one rig to the other.

Eg. If you have to update the ICETV guide on another rig than the one you are working on, disconnect the first rig and than connect the one to be updated, after the update disconnect this rig again.

I also ran Spyware Doctor and Xylosoft trial versions, both came up with heaps of detected spyware but would not let me delete the detected spyware without buying the full version. For this, I excluded them from using them any further.
Preparation:

First we are going to disable Windows "System Restore". It will make sense to you that the restore function has become worthless because if you use one of the restore points after you have cleaned up your rig, you will be restoring the virus or trojan as well.

Click on START > ALL PROGRAMS > ACCESSORIES > SYSTEM TOOLS > SYSTEM RESTORE > TICK "TURN OFF SYSTEM RESTORE"

1. Firefox, install and configure:

Despite all the positive info about IE7 in regards to improved safety, I steered away from it and opted to improve my rigs security by installing and running Firefox 2.0 which seems to be less vulnerable.

Download and Install Firefox

Mozilla Firefox download link

If asked "do you want to make Firefox your default browser" click yes.

Click on TOOLS > OPTIONS > SECURITY > COOKIES > UNCHECK "ACCEPT COOKIES" from sites.

2. Restrict IE7:

Do not uninstall IE7, you might need it if you run plug ins like MCE Webbrowser or to update Windows.

Open IE7

Click on TOOLS > INTERNET OPTIONS > SECURITY > CUSTOM LEVELS > SET SLIDER TO HIGH > than click PRIVACY > SET SLIDER TO "BLOCK ALL COOKIES"

Close IE7.

If on occasion you have to use IE7, you only have to click "restore default settings"

3. INSTALL and RUN CC Cleaner:

Install CC Cleaner and open it.
In the right hand bottom corner you will see "check for updates now"

Click to download updates.

CC Cleaner cleans the following

Internet Explorer
Temporary files, URL history, cookies, Autocomplete form history, index.dat.
Firefox
Temporary files, URL history, cookies, download history.
Opera
Temporary files, URL history, cookies.
Windows
Recycle Bin, Recent Documents, Temporary files and Log files.
Registry cleaner
Advanced features to remove unused and old entries, including File Extensions, ActiveX Controls, ClassIDs, ProgIDs, Uninstallers, Shared DLLs, Fonts, Help Files, Application Paths, Icons, Invalid Shortcuts and more... also comes with a comprehensive backup feature.
Third-party applications
Removes temp files and recent file lists (MRUs) from many apps including Media Player, eMule, Kazaa, Google Toolbar, Netscape, MS Office, Nero, Adobe Acrobat, WinRAR, WinAce, WinZip and many more...

WARNING!

After running CC Cleaner all your cookies and passwords etc... will be lost. HOWEVER, CC Cleaner is safe for your system and did not cause any problems to my machines.

PROCEDURE:

Configure CC Cleaner:

Click OPTIONS > ADVANCED > UNTICK : " ONLY DELETE FILES IN WINDOWS TEMPORARY FOLDERS OLDER THAN 48 HOURS
Click WINDOWS > TICK ALL OPTIONS
Click APPLICATIONS > TICK ALL OPTIONS
Click "RUN CLEANER"

Close down CC Cleaner.

IMPORTANT:

IF YOU HAVE DISK IMAGES OR FILES INSTALLED ON EXTERNAL HARD DRIVES/CD/DVD DISKS, DO NOT FORGET TO ATTACH THE EXTERNAL HDD OR DISKS NOW. THEY HAVE TO BE SCANNED AS WELL. I FOUND SEVERAL VIRUS AND SPYWARE ITEMS ON THE EXTERNAL HDD.

4. INSTALL and RUN SPYBOT


Spybot - Search & Destroy detects and removes spyware, a relatively new kind of threat not yet covered by common anti-virus applications. Spyware silently tracks your surfing behaviour to create a marketing profile for you that is transmitted without your knowledge to the compilers and sold to advertising companies. If you see new toolbars in your Internet Explorer that you haven't intentionally installed, if your browser crashes inexplicably, or if your home page has been "hijacked" (or changed without your knowledge), your computer is most probably infected with spyware. Even if you don't see the symptoms, your computer may be infected, because more and more spyware is emerging. Spybot-S&D is free, so there's no harm giving it a try to see if something has invaded your computer.
Spybot-S&D can also clean usage tracks, an interesting function if you share your computer with other users and don't want them to see what you have been working on. And for professional users, Spybot-S&D allows you to fix some registry inconsistencies and extended reports.

PROCEDURE:

Install Spybot 1.4
Run Spybot
In the main interface click "Search for updates" and than click "download updates".
After downloading updates, close Spybot.

IMPORTANT:

Disconnect from the internet by unplugging your modem or network cable.

Disable all your running anti- spyware and ant- virus software. Do not forget to turn off active shields and turn off Windows Defender.

Reboot your computer and keep on pressing F8 to go into SAFE MODE.

Scroll to "run in safe" mode and press enter

Click "Windows XP Media centre" and enter

Some weird looking stuuf will come up on the screen and it will take a bit of time to go to the next screen

After your start up screen appears and you logged on (do not log on as administrator) you will get another window saying : "Windows is running in safe mode" click "Yes" and Windows will finish the start up.

For someone who hasn't used SAFE MODE before, the screen will look a bit strange, no worries, you are doing well.

Start Spybot

Click TOOLS > RESIDENT > UNTICK "RESIDENT TEA TIMER"

Click "Spybot S&D"

Click "check for problems"

If you find any problems, tick the problem and than click "fix problems"

Reboot your computer and start up normal

5. INSTALL AND RUN LAVASOFTS AD-AWARE:

With the ability to scan your RAM, Registry, hard drives, and external storage devices for known data-mining, advertising, and tracking components, Ad-Aware SE easily can clean your system, allowing you to maintain a higher degree of privacy while you surf the Web. Ad-Aware SE Personal Edition boasts a number of improvements. Extended memory scanning now scans all modules loaded by a process. Scanning uses the all- new CSI (Code Sequence Identification) technology to identify new and unknown variants of known targets. Extended Registry scanning now scans Registry branches of multiple-user accounts and performs additional smart checks to detect dynamically created references. Scanning speed is noticeably faster, and this version offers an Extended Scanning mode for known and unknown/possible browser hijackers.
New in version 1.06: Disk-scan is approximately 30 percent faster. CSI scan is now more efficient. Added "Scan for low-risk threats" option, to scan for targets with low TAC index. Ad-Watch CSI engine performance highly improved; using less CPU and Memory as well as having a smaller footprint. GUI adapted to use the new TAC.
Procedure:

Install Ad-Aware

Connect to the internet again

Start Ad-Aware and click "check for updated now" in the interface

Download the updates and close Ad-Aware

Disconnect from the net

Reboot and run the pc in safe mode again

Start Ad-Aware

Click "scan now"

Click "Perform Full System Scan, and "Search for low risk threats"

Click "next" and the scan will start.

After the scan get rid of any spyware found.

Close Ad-Aware

Reboot in normal mode

6. RUN ONLINE SCANNER F-SECURE

This was possibly the most important but also the most frustrating step.

I tried several online scanners but it caused me some problems.

Finally after reading alot of info I settled for a new scanner called F-Secure. I considered the F-Secure Blacklight Technology which protects your computer from rootkits in real time to be of great importance.
In case F-Secure wouldn't work with Firefox you will have to open IE7 again and set both security and privacy back to default settings. Do not forget to change it back to high after the scan.

Connect to the internet

Go to the following page and follow the instructions:

F-Secure online scanner link:


7. RUN AVAST 4 HOME EDITION:

I have chosen to use this free anti virus software after reading up on a lot of testing of free anti virus software. Also some members of our site are using this program.
The virus data base included in this program but not mentioned in the info beneath gives you the opportunity to re-install the infected files like they were before the infection occured.
Also the data and webshields are of great importance.

This software is for free and will remain for free but you will have to register in 60 days to keep it working.

For info about AVAST go to the bottom of this page and also read the test of free anti virus software at the bottom of this page..


Procedure:

No need to start up in safe mode anymore.

Start up AVAST

AVAST will perform a memory scan first.

Than click "continue"

A info window will open, read this if you like or close the window and go straight to the scanner GUI

Click the small arrow in the top left hand corner of the interface > show the program menu will appear when you put the mouse pointer on it.

Open it and you will see "start scan" at the top of the list.

Select for "scan area" > local disks

Select for "scan level" > thorough

Start the scan by clicking the arrow on the round button on the left hand side of the interface.

Follow the instructions at the end of the scan.

Make sure if your machine is clean to run all the functions of AVAST. Shields and database recovery included.

If your machine is clean: congratulations!

8. OPTIONAL: RUN AVG ANTI SPYWARE

This anti spyware is for free but after the trial it will loose some of it's features.


IMPORTANT:

If no spyware or virus is found:

Open Spybot and tick teaTimer again in Resident setting.

Enable Windows Defender and the anti-virus software you prefer.

Enable system restore again

DEFRAGMENT THE OS HARD DRIVE

If you have more than one machine, make sure you disconnected the cleansed one from the network and go on to the next machine.
Keep in mind: only connect 1 machine at the same time to the network.

Keep your machines in quarantine for at least a week, disconnected from the network or one another. Again, to perform updates, only connected 1 at the time.


Finally make a disk image with Ghost or Acronis.



IF YOU ONLY WANT TO USE THE ABOVE SCANNING PROCEDURE TO CHECK UP ON YOUR RIGS OR TO DO A BIT OF AN EXTENDED SCAN, DO NOT USE CC CLEANER BECAUSE YOU WILL LOOSE ALL YOUR COOKIES AND PASSWORDS. DO NOT DISABLE YOUR ANTI VIRUS SOFTWARE EITHER.

Chapter 3: Specific Spyware infections

Infection of System volume restore files with a Trojan.

Spyware writers are getting more inventive. Some infections attach themselves to you system restore files and Windows will not let an anti-virus program delete one of those files.

Remedy:

1. Switch off your system restore. Windows will tell you that you will lose all your system restore points. Click ¨yes¨. This will delete all the system volume restore files and get rid of the virus. Those deleted files will be put in the recycle bin and still mean a threat. We will have to get rid of all the files in the
recycle bin as well. Not only that, even after emptying the recycle bin, the files will still be there. You can use the search function to look for ¨recycler¨ files.

These files can only be wiped with a special software or the following method:

Start > run > type cmd> enter > this will bring you in the DOS window.

Go to Start > Run type cmd then hit Enter

Type the following at the command prompt:

Type:

rd /s /q c:\recycler (make sure you include the spaces after rd, s, and q,

Hit Enter.

That will remove the recycler files

Attention:

If you have more than one drive and you have to remove recycle files from another drive, make sure you change to the right directory and also change the path.

E.g. Delete the recycler folder of drive D: rd /s /q / D:\recycler

Right click your Desktop > Text document.

Dragg it to it to the Recycle Bin on your desktop.

Run an online anti-virus like Kaspersky, Panda or F-Secure.

Run AVG anti-spyware in safe mode.


Extra's

After cleaning up my machines I installed 2 commercial trial versions of anti spyware.

1. PREVX: Seems to do a good job but is a bit heavy on the resources at the start up of the system. Runs in the background. Worth a try.

PREVX download link

2. CounterSpy: Also well working but it prevents my MCE 2 machine from going into hibernation. Works fine on MCE1.

CounterSpy download link

Reading material:

NEW! AOL Anti Virus free for everyone, powered by Kaspersky, one of the worlds leading anti virus software producers.

Info:http://www.theregister.co.uk/2006/08/08/aol_av/
Download from here:http://www.activevirusshield.com/ant...eav/index.adp?

INFO about AVAST 4 HOME EDITION:
The latest version of avast! antivirus kernel features outstanding detection abilities, together with high performance. You can expect 100% detection of In-the-Wild viruses (viruses already spreading between users) and excellent detection of Trojan horses.
The kernel is certified by ICSA; and frequently takes part in the tests of Virus Bulletin magazine, often yielding the VB100 award.
The avast! engine also features outstanding unpacking support. It can scan inside the following archives: ARJ, ZIP, MIME (+ all associated formats), MAPI (Outlook pst files), DBX (Outlook Express archives), RAR, TAR, GZIP, CAB, BZIP2, ZOO, ACE, ARC, LHA/LHX, TNEF (winmail.dat), CPIO, CHM, RPM, ISO, 7ZIP and SIS. It also supports a number of executable packers (such as PKLite, Diet, UPX, ASPack, PeShield, FSG, MEW etc.).
Last, but not least, it can also scan for viruses hidden in Alternate data streams on NTFS volumes.

Simple User Interface

The latest version of avast! antivirus kernel features outstanding detection abilities, together with high performance. You can expect 100% detection of In-the-Wild viruses (viruses already spreading between users) and excellent detection of Trojan horses.
The kernel is certified by ICSA; and frequently takes part in the tests of Virus Bulletin magazine, often yielding the VB100 award.
The avast! engine also features outstanding unpacking support. It can scan inside the following archives: ARJ, ZIP, MIME (+ all associated formats), MAPI (Outlook pst files), DBX (Outlook Express archives), RAR, TAR, GZIP, CAB, BZIP2, ZOO, ACE, ARC, LHA/LHX, TNEF (winmail.dat), CPIO, CHM, RPM, ISO, 7ZIP and SIS. It also supports a number of executable packers (such as PKLite, Diet, UPX, ASPack, PeShield, FSG, MEW etc.).
Last, but not least, it can also scan for viruses hidden in Alternate data streams on NTFS volumes.

The Simple User Interface is used to start on-demand scanning, work with the results and change various options. Basic resident protection settings can be modified here.
The Simple User Interface is the main application of avast! 4 Home Edition. You can start additional avast! modules from here, such as the Virus Chest, Updater or Log Viewehttp://www.sunbelt-software.com/CounterSpy.cfmr.
The appearance of the Simple User Interface is very flexible. It supports so-called skins, allowing users to change the appearance of the application interface. The main package contains three skins, with additional skins available from our web pages.
Standard resident protection

Resident protection (the real-time protection of the operating system), is one of the most important parts of an antivirus program today. avast! features a powerful resident module that is able to detect a virus before it has any chance to infect your computer.
avast! Home Edition contains resident protection of the computer file system and a resident module for e-mails and news.
File system protection ensures that no virus will be started on the computer. It offers a wide range of settings, such as the possible to specify that files will be scanned during copying, or that the scanning will include files with given set of extensions only.
E-mail/News protection consists of two independent modules; first, there is a generic scanner working on the SMTP/POP3/IMAP4/NNTP protocol level. It is capable of protecting any existing e-mail client that uses these protocols. Second, there is a special plugin for MS Outlook only; the mail scanning is completely transparent, requiring no special settings.
A new feature of version 4 is heuristic ahttp://free.grisoft.com/doc/5390/lng/us/tpl/v5#avg-anti-spyware-freenalysis of e-mail scanners. This feature can protect against new, unknown viruses and worms that are not possible to detect by the usual means. The heuristic module performs a thorough investigation of every e-mail message and watches for suspicious signs, that might announce virus presence. When the number of those signs exceeds a user-defined level, the message is considered dangerous and the user is warned.

P2P and IM Shields

Avast features a module for the protection of IM (Instant Messaging, "chat") programs, and a module for the protection of P2P (peer-to-peer) programs. The list of supported IM and P2P programs is extensive with more than 30 programs currently supported.
While chat itself would not impose any serious security risks in terms of viruses, today's IM applications are far from being just chatting tools: most of them support more or less sophisticated file sharing methods - which may quite easily lead to virus infections, if not properly monitored.
The P2P protection module doesn't need much explanation - on today's P2P networks (such as Kazaa) there are thousands of infected files, and an effective protection is a must.

Network Shield

A new resident protection module was added to avast! 4.5: the Network Shield. This module provides protection against known Internet worms/attacks. It analyses all network traffic and scans it for malicious contents. It can be viewed as a lightweight firewall (or more precisely, an IDS (Intrusion Detection System)).
The Network Shield is only available on NT-based systems (Windows NT/2000/XP/2003).

Web Shield

Web Shield is a unique feature of avast! that enables it to monitor and filter all HTTP traffic coming from the Web sites on the Internet. Since an increasing number of viruses (and other malware, such as adware, spyware and dialers) are being distributed via the World Wide Web, the need for an effective countermeasures has also increased. The Web Shield acts as a transparent HTTP proxy and is compatible with all major web browsers, including Microsoft Internet Explorer, FireFox, Mozilla and Opera.
Unlike most competitive solutions, Web Shield's impact on browsing speed is almost negligible. This is because of a unique feature called "Intelligent Stream Scan" that lets the Web Shield module scan objects on-the-fly, without the need of caching them locally. Stream scanning is performed in operating memory only (without the necessity to flush the contents to disk), providing maximum possible throughput rates.

Automatic updates

Automatic updates are another need in virus protection. Both the virus database and the program itself can be updated automatically. The updates are incremental, with only new or missing data downloaded: thus reducing the transfer heavily. The typical size of a virus database update are tens of KB; program updates are typically in the hundreds of KB range.
If your Internet connection is persistent, the updates are performed completely automatically at fixed time intervals. If you connect to the Internet only occasionally, avast! watches your connection and tries to perform the update when you are online.
Having an up-to-date virus database and antivirus program is the most certain way to protect your computer.

Virus Chest

The Virus Chest can be thought of as a folder on your disk drive, having special properties that make it a safe, isolated place suitable for storing certain files. You can work with the files in the Chest, though with some security restrictions.
The main properties of the Virus Chest are complete isolation from the rest of the operating system. No outside process, such as a virus, may access the files inside, and the fact that the files inside the Chest may not be run (executable), there is no danger in storing viruses there.

System Integration

avast! antivirus features outstanding integration into your system. A scan can be started directly from Windows Explorer, by clicking a folder or a file with your right mouse button and selecting the corresponding choice from the menu.
A special screen-saver is also provided, that, when running, performs virus scanning. avast! antivirus works together with your favorite screen-saver, so you don't have to change your personal settings to use it.
A new option with this release is the boot-time scan (Windows NT/2000/XP/2003 only). This important feature allohttp://www.sunbelt-software.com/CounterSpy.cfmws a user to instigate scanning before a virus is activated, in the case that a virus is suspected to be active on your computer already.

Integrated avast! Virus Cleaner

Since version 4.1, avast! includes the Virus Cleaner, a tool designed for a complete removal of most common infections from already-infected computers. So now is avast! capable even to reliably heal (not only detect) the most common malware.
The number of viruses/worms supported by the Virus Cleaner is constantly growing. For the most up-to-date information we suggest to visit Cleaner's own page (for emergency purposes we also offer the Virus Cleaner as a standalone product, capable of running without installed avast).

Support for 64-bit Windows

avast! Home/Professional now fully supports the 64-bit Windows platform. ALWIL Software is anticipating massive take-up of this platform, as Windows XP 64-Bit Edition will support up to 32 GB of RAM and 16 TB of virtual memory, enabling applications to run faster when working with large data sets. Applications can preload substantially more data into virtual memory, allowing rapid access by the 64-bit extensions of the processor. This reduces the time for loading data into virtual memory or seeking, reading, and writing to data storage devices, making applications run faster and more efficiently.
Regular (32-bit) antivirus applications are unable to operate correctly on the 64-bit Windows platform because they rely on 32-bit kernel-mode drivers. The new avast! uses native 64-bit drivers, delivering the same level of protection as in the 32-bit Windows environments. The installation package is the same for 32-bit and 64-bit versions - the setup program automatically detects the operating system it is running on, and installs all necessary files. More information you may found on page avast! Antivirus and Windows x64 Edition.

Internationalization

Commitment to internationalization is one of the key benefits of avast!. During the last 2 years, avast! has been translated to a number of languages and the latest version added additional language modules. Currently the list of supported languages is: English, Bulgarian, Czech, Dutch, Finnish, French, German, Hungarian, Italian, Norwegian, Korean, Polish, Portuguese, Japanese, Romanian, Russian, Serbian, Slovak, Spanish, Turkish.

Main features ANTIVIRUS KERNEL

• Almost 100% detection
• Outstanding performance
• Reasonable memory requirements
• ICSA certified

USER INTERFACE

• Memory test during the program startup
• Very intuitive Simple User Interface
• Testing whole disks or selected folders
• Working with the scan results - actions with infected files
• Virus encyclopedia
• Log Viewer
• Various appearances - skin support
• Running from Explorer context menu
• Antivirus screen-saver

UPDATES

• The system of incremental updates guarantees low traffic
• The updates can be completely automatic

RESIDENT PROTECTION

• Standard Shield protects the file system
• Generic SMTP/POP3/IMAP4 scanner
• Specific MS Outlook plugin
• Heuristic analysis in e-mail modules

REPAIRING

• Limited capability of direct repair (especially macroviruses)
• Repairing files using automatically generated Virus Recovery Database (VRDB)

PLATFORMS

• Windows 95
• Windows 98
• Windows Me
• Windows NT 4 (No Server)
• Windows 2000 (No Server)
• Windows XP (No Server)

University of Magdenburg tests free anti virus software:
s noted, each of the three free antivirus scanners - AntiVir PersonalEdition Classic, AVAST 4 Home Edition, and AVG Free Edition - have proven ability to detect in-the-wild viruses. This is a core, basic functionality of any reputable antivirus scanner and thus serves only as the basis for inclusion in the review, i.e. no points were awarded for meeting this minimum qualification. (Before considering any antivirus solution, you should check their ItW certification by consulting any of the following: VB100%, ICSALabs, or Checkmark). Zoo Detection
AVAST 4 Home Edition had the highest rate of zoo virus detection (92%), followed by AntiVir PersonalEdition Classic at 85% and AVG Free Edition at 81%. However, AVAST's higher zoo detection was offset by a correspondingly higher rate of false positives, 9 total compared to AntiVir at only 2. Conversely, AVG scored the lowest in both categories, racking up 11 false positives.

Response Times

How nimble your antivirus vendor is can make the difference between an infection and a non-event. To gauge this, we looked at the response times recorded for 26 major outbreaks during a particularly prolific virus period. Vendors who were among the first five to release antivirus updates for one of these 26 threats received points accordingly. AntiVir was one of the top 5 vendors a total of 5 times, AVAST appeared twice, and AVG only once.

Compressed/Archive Types

Many virus creators thwart signature-based scanners simply by repackaging a known virus using a different compression or archive type. This not only changes the signature, not all scanners can decompress the resulting files in order to scan them properly. According to tests performed in 2005, AntiVir is capable of scanning 30 different compressed and archive types, compared to AVAST at 28 and AVG at only 17.

Adware and Spyware

When it came to adware and spyware, none of the free scanners peformed well. The best of the worst was AVAST, which removed 33% of the active components of the adware and spyware installed to our test system. AntiVir PersonalEdition Classic removed 5% and AVG removed none. (Paid versions of these same products proved more capable thus a low score for the free products has no bearing on their paid counterparts).

Footprint

Each of the free antivirus scanners was conservative in the amount of disk space used, installing 40Mb or less on our test systems. (The smallest was AVG at only 30Mb). AVG installed four running processes, compared to three for AntiVir and six by AVAST. The footprint on the system can be particularly important for those running older operating systems (i.e. Windows 98/ME) where hard drive space and memory might be at a premium. Fortunately, any one of the three meets those needs.

Support Options

If you run into difficulty using the product or trying to remove a stubborn infector, you'll have to resort to an online knowledgebase or self-help forum. AVAST does offer phone support, but there's a per minute charge attached which could likely turn the free solution into an expensive alternative rather quickly.

The Final Scores

If we left spyware/adware removal out of the mix and focused only on the scanner's ability to detect traditional virus threats, out of a possible 125.6 points, AntiVir PersonalEdition Classic scored 94, AVAST 4 Home Edition scored 89, and AVG Free Edition scored 66. However, when we included adware/spyware removal in the judging, the results were dismal, with AVAST scoring highest at 66 points, AntiVir following at 58, and AVG with only 30.

Of course, these particular antivirus scanners don't claim to have adware and spyware removal capabilities, so it would be unfair to judge them harshly if they do not. Still, if you are looking for a standalone antivirus scanner that can also offer spyware or adware protection, you'll have to shell out a few dollars to get it.

Courtesy of Mary Lindesman
University of Magdenburg

[supafly]

great work bella i already use quite a bit of that now already, but is a great read for a beginner or for people not familiar with spyware, etc.

[GlenR]

Good one Eddy! Should be useful to many - unless, like me, you use the ultimate security option and don't surf the net on your MCE box.

[bella]

Thanks Supafly, my eyes are hurting after hours of typing and re-working.

I was suprised myself with Avast anti-virus. Not much is known about it, it's always AVG here and AVG there.

Glenr: With 3 rigs, it's impossible not to surf the net.

[Mike]

Great work Bella - thanks for another valuable contribution!

Mikr

[bella]

Guide will be regurarely updated and revamped.

Next edition will include infection prevention.

[bella]

Guide has been extended with:

Part 1 : Prevent infection

[bella]

Guide updated with free AOL anti virus.

[bella]

Updated with chapter 3:

Infection of System volume restore files by a Trojan.

Spyware writers are getting more inventive. Some infections attach themselves to you system restore files and Windows will not let an anti-virus program delete one of those files.

Remedy:

1. Switch off your system restore. Windows will tell you that you will lose all your system restore points. Click ¨yes¨. This will delete all the system volume restore files and get rid of the virus. Those deleted files will be put in the recycle bin and still mean a threat. We will have to get rid of all the files in the
recycle bin as well. Not only that, even after emptying the recycle bin, the files will still be there. You can use the search function to look for ¨recycler¨ files.

These files can only be wiped with a special software or the following method:

Start > run > type cmd> enter > this will bring you in the DOS window.

Go to Start > Run type cmd then hit Enter

Type the following at the command prompt:

Type:

rd /s /q c:\recycler (make sure you include the spaces after rd, s, and q,

Hit Enter.

That will remove the recycler files

Attention:

If you have more than one drive and you have to remove recycle files from another drive, make sure you change to the right directory and also change the path.

E.g. Delete the recycler folder of drive D: rd /s /q / D:\recycler

Right click your Desktop > Text document.

Dragg it to it to the Recycle Bin on your desktop.

Run an online anti-virus like Kaspersky, Panda or F-Secure.

Run AVG anti-spyware in safe mode.

Switch on system restore and set a new restore point.