Your own experience? Had only 1 false positive in my entire nod32 usage period, that is almost 8 years that was a hacked version of pay to play MMORPG client. While it has kept my PC virus free for the entire time.
The 4 AVs I said to be the worst were all triggered by the first SC2 crack.
And I've been fixing virus/OS issues for my entire neighborhood. The most common issue is "I think I have a virus or 2, cause everything is like not working and stuff". They usually have one of the 4 AVs mentioned above, I guess it's because they're the most commercial. They I go, "how did you manage to get a virus while having AV turned on?". So yea, I have my own reasons for saying they suck.
But this ain't a which AV is better discussion.
None.
What it honestly comes down to is exactly what I said earlier:
it doesn't matter how good your anti-virus program is if you're doing high-risk activities, it's like trying to cross a busy road by having a tank in front of you, instead of just looking both ways before crossing, proper precautions prevent possible problems(alliteration ftw!).
I admittedly haven't used NOD32 in several months, so it may have gotten a leg up on the other AV programs, but on my initial usage of it I had to remove it because it kept deleting various password recovery or auditing software off my thumbdrive, and you also fail to remember that it only has a 30 day trial, rather than being completely free like the ones I mentioned. In all honesty, I rarely even use AV programs anymore, if I get a virus, I clean it manually, it takes under 10 minutes for me to restore a fresh copy of my OS to my system with the partitioning setup I have. I've tried out the various AV programs in the past, and they all have their pros and cons, and in the end it rarely matters which one you're using if you choose to put yourself at risk.
Of course, saying that Avast, AVG and Avira are the worst programs is a blatant hyperbole when compared with programs like Norton or McAfee, hence my annoyance at your original post. Yes, I could have said Kaspersky, NOD32, AVG, Avast, Avira, etc. etc. etc, but if you're downloading obscure viruses, which many people are, it's not going to do you any good to use one AV program over the other.
Now, FatalException, were you able to successfully resolve the problem?
None.
Well, no, not yet. I have yet to install Combofix (as it turns out, the virus is a Google-redirect/I'm-just-going-to-make-your-browser-be-frustrating virus). I did a full scan with AVG, and it turned up nothing, but the two files that I disabled the autorun for are still there. One is predictably in my C:/WINDOWS folder, and the other is in my temp My Documents, but I can't see either of them, even if I unhide everything in the folder.
EDIT: Also, should I be worried that AVG keeps coming up with things that it says are trojans being run by Malwarebytes, or is that just AVG losing? I downloaded the free Malwarebytes off their website, so I would think it's legit. It also says that these things are stored all over my C: drive, mostly in the WINDOWS folder. I'm assuming that they're all essential to Malwarebytes running if it's the process running them, so I'm leaving them alone for now, but should I be getting rid of them?
Post has been edited 1 time(s), last time on Jul 23 2010, 3:02 am by FatalException.
None.
From portabalizing Malwarebytes' I can tell you that Malwarebytes' doesn't have any files in the Windows folder except a few registered drivers, and those will be in a subfolder, not the main one, I would allow AVG to delete them, it's not like you can't reinstall Malwarebyte's if it messes it up anyway.
Also, just download ComboFix from the link I posted, especially since there are several fake sites that give you viruses under the name of ComboFix. I believe you have a virus that's been going around lately, which spreads through banner-ads(some flash exploit), it uses random file names to throw off scanners, redirects your searches, and if you remove its auto-run then it simply puts it back. If it's the same virus that I've seen a lot of lately, then I can tell you for sure that ComboFix will delete it without a hitch, so that's your best bet at this point.
None.
Fuckballs, gentlemen. Malwarebytes deleted my ability to access the internet from my computer (I'm on my brother's laptop). It deleted some stuff in the registry, and in the filepaths, I see "Tcpip", so I'm assuming that that's what did it. Also, Notepad++ is giving me a new error, saying that it can't open lang.xml, and I see among the things Malwarebytes deleted, "HKEY_CURRENT_USER\SOFTWARE\XML". Did it also delete my ability to use .xml files? How do I fixed web?
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/22/2010 22:11:38
mbam-log-2010-07-22 (22-11-38).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 370479
Time elapsed: 2 hour(s), 34 minute(s), 58 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.61,93.188.161.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d932ce66-555c-4ae7-a9a7-cf2cf4883a4b}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.61,93.188.161.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e025ead3-fee2-4aa8-b53f-5b3ec3ec8d73}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.61,93.188.161.201 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
D:\RECYCLER\S-1-5-21-790525478-1336601894-839522115-1006\Dd2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{5AFF4814-F827-4497-891D-81EE7E914B4F}\RP223\A0096338.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Other type stuff\mekg-dtn.exe (Malware.NSPack) -> Quarantined and deleted successfully.
D:\Other type stuff\M.E.PC.crack\mekg-dtn.exe (Malware.NSPack) -> Quarantined and deleted successfully.
C:\Documents and Settings\Thomas\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Would it be more worthwhile to try to fix the registry, or just do a system restore? I have a checkpoint from half an hour ago, which, I think, is before the scan ended, and I have one from yesterday.
Post has been edited 1 time(s), last time on Jul 23 2010, 6:02 am by FatalException.
None.
Run ComboFix. At this point, I think you may be getting into the "irreversible damage" area of virus resolution, but you never know, hopefully Malwarebytes' simply disabled your NIC or turned off your network service, but you never know, I'd run ComboFix, then install and run
Advanced SystemCare to resolve any issues with your services quickly, after that I can't really direct you easily via forums.
None.
So I ran ComboFix and Advanced SystemCare, and I still don't have internet on my computer (which pretty much renders the virus I had useless, anyway). I require additional direction on getting my registry fixed back up. I have the ComboFix log, but I'm only posting it if someone asks for it, because it's rather large. At this point, I just want my network capabilities back. I don't even have LAN.
I'd also like to avoid a reformat/nuke. I like stuff that I have.
None.
Is it possible to back everything up? Reformat is going to be your last option.
TinyMap2 - Latest in map compression! ( 7/09/14 - New build! )
EUD Action Enabler - Lightweight EUD/EPD support! (ChaosLauncher/MPQDraft support!)
EUDDB -
topic - Help out by adding your EUDs! Or Submit reference files in the References tab!
MapSketch - New image->map generator!
EUDTrig -
topic - Quickly and easily convert offsets to EUDs! (extended players supported)
SC2 Map Texture Mask Importer/Exporter - Edit texture placement in an image editor!
This page has been viewed [img]http://farty1billion.dyndns.org/Clicky.php?img.gif[/img] times!
My house has a 1 TB network drive, so I could probably back everything up, but that would be such a pain. I think the virus is probably off my computer by now; I just need a way to fix the registry.
None.
Yeah, the virus is gone for sure, at this point I don't really know exactly what could be wrong, the XML registry entry that was deleted was unnecessary anyway, so that's not the problem, it's the TCP IP service that's most likely the problem now. If you have an XP disc, right now might be a good time for a Windows Repair, so you don't lose all your data, but it fixes your registry, however, if you'd prefer, you can use whatever settings I've got in my registry for that service and hope it works:
http://www.mediafire.com/?idqnlbcbas7y94dHowever, I don't think that simply replacing all your TCP/IP registry entries is going to fix the problem, but if you're gonna do a repair anyway, it's worth a shot. Dumb question, but have you tried doing a repair on the network connection in My Network Places?
None.
Whenever I lose track of a virus, I imediately prepare my machine for a format. If I were you, I'd have done that.
None.
Well, it wasn't working on the internet connection because it says that TCP/IP isn't enabled for it, even though it says it is under the properties. I hadn't tried it on the LAN connections, though, those are working now. My dad has an XP disc around here somewhere, so I'll probably go for that tomorrow when he's awake.
None.
Check Device Manager under Right Click My Computer>Properties\Hardware to make sure that your NIC is enabled, you could also try Reinstalling the driver in there.
None.
I think I may have actually seen this exact problem, since as you said in the SB, you've got LAN up, but no Internet, try opening up Internet Explorer, going to Tools, Internet Options, under the Connections tab, click the LAN Settings button and make sure it's set to Automatically Detect Settings, if this is off, it messes up several browsers.
None.
It wasn't on, but changing it didn't make any difference.
It's weird, it says I'm still sending and receiving packets to and from the internet, but when I try to ping anything outside my LAN, there's no response. Stuff inside connects just fine, though. Still waiting on that XP disc.
EDIT: My dad fixed it. Apparently Malwarebytes cleared out the data on which DNS server to use. The virus is gone, too; no more Google redirects. Thanks for everyone's help!
Post has been edited 1 time(s), last time on Jul 23 2010, 11:04 pm by FatalException.
None.
Malwarebytes is so awesome. Glad your computer's clean again.
I think I may have actually seen this exact problem, since as you said in the SB, you've got LAN up, but no Internet, try opening up Internet Explorer, going to Tools, Internet Options, under the Connections tab, click the LAN Settings button and make sure it's set to Automatically Detect Settings, if this is off, it messes up several browsers.
I remember this happening once a long time ago, what a pain in the ass that was. Good advice for the situation.
Glad you could clear up the problem, just a quick question though, what exactly did your dad do to repair the problem?
None.
Makes sense that it would nuke your DNS data, actually; the virus could've made you use a shady DNS server to redirect the Google searches.
None.
Makes sense that it would nuke your DNS data, actually; the virus could've made you use a shady DNS server to redirect the Google searches.
Yeah, it kinda excited me to hear that bit of information myself, since it means I now know why the redirects stay even after you remove that virus, as they have for me in the past.
Admittedly though, ComboFix actually resolves this problem completely with a single run, I'm surprised that Malwarebytes' botched it so badly, especially with how frequently this virus keep coming up.
None.
So, uh... I actually got a Google redirect today. There was only one, but does that mean that I still have some form of virus, or does Google just do that sometimes? I don't even know anymore. I can has paranoia.
None.
