Security optimize

10 more ways to detect computer malware

TechRepublic members have spoken. Here are 10 anti-malware programs they find indispensible.

TechRepublic members have spoken. Here are 10 anti-malware programs they find indispensable.


After writing 10 ways to detect computer malware, I received messages from members wondering why I didn't include various other anti-malware programs. I was hoping that would happen, simply because of the many applications I am not aware of. Once I did some due diligence, I compiled the following list of additional programs.

Note: This article is also available as a download that includes a PDF and a PowerPoint version of these recommendations.

1: Avira AntiVir

When they learned that my antivirus program is Avast!, several members mentioned I should give Avira AntiVir a try. According to trusted reviews, AntiVir scores well on malware-locating tests. It also rates high on prompt delivery of new signature files. Both are important, with the proliferation of zero-day malware, making AntiVir a good choice.

2: Emsi a-squared

Emsi a-squared is another member favorite. I now understand why. The anti-malware scanner was reviewed favorably in respected third-party surveys. All of the reports mentioned a-squared's user interface and fast scan times as valuable features. Note: The free version of a-squared is only a scanner, so additional real-time protection is needed.

3: Microsoft Security Essentials

Security Essentials needs to be mentioned, even though it hasn't been released yet. I couldn't test it because I missed the beta cutoff. But a CIO friend of mine is running tests and likes it. Her only issue is the slow scan rate.

She also commented, "It's about time Microsoft offered an antivirus application." Her opinion makes sense. Having a built-in AV simplifies things and should eliminate problems like Windows Firewall did. There are plenty of rumors as to when Security Essentials will be released, all pointing to sometime in the fourth quarter of 2009. Update: Microsoft Security Essentials is now available for download.

4: Microsoft Event Viewer

While I'm on Microsoft, I want to mention Microsoft's built-in Event Viewer. It should be the first place to look if something appears to be wrong. If an error shows up, double-click it and look at event properties to see what happened. If that's not enough of an answer, check Randy Franklin Smith's Ultimate Windows Security Web site for more detailed explanations.

5: X-RayPC

X-RayPC is a diagnostic tool similar to HijackThis. X-RayPC's developers admit they like HijackThis and incorporated many of the same features. To enhance X-RayPC, they added a triage service. The service checks scan results against SpywareGuide, an online database. X-RayPC then reports back whether the file is known, unknown, or suspicious. This allows the user to make an informed decision before removing questionable files.


Note: I debated whether to include both SystemLookup and VirusTotal, because of their similarity. But SystemLookup represents the opinions of independent experts and VirusTotal represents the views of anti-malware companies. That difference convinced me each has its place.


6: SystemLookup.com

If you want more information about a certain process or file, SystemLookup.com is the place to go. Type the filename or CLSID into the search box, and an answer should appear. As of today, the site's database contains more than 85,000 items, all verified by an independent community of anti-malware experts.

7: VirusTotal

VirusTotal is the go-to Web site if you have any apprehension about a file/program already on the computer or if you wants to load unknown software on it. In either case, it's simple to find more information.

Upload the file to the VirusTotal Web site. After a few seconds, a detailed report will display. If one or more of the 32 anti-malware companies has an issue with the file, their comments will show up in red.

8: Third-party firewalls

I mentioned earlier that Windows Firewall was a welcome addition. Still, it's limited in its functionality. That's why I consider third-party software firewalls necessary, especially if the computer travels.

Most firewall applications offer additional services. They act as program guards, determining what software exists on a computer, learning what the software is doing, and preventing malware from altering application code.

There are many free firewall applications. I hope members will mention their favorites and why. I currently use Online Armor.

9: Wireshark

When other options aren't working, using a network protocol analyzer like Wireshark may be the only way to recognize the existence of malware. Wireshark lets you determine if any unexplained data traffic is being received or sent by the computer.

The best way to use Wireshark is to run a baseline scan, trapping all traffic to and from the computer. Later on, if something appears suspicious, run another scan, comparing the results.

10: Bleeping Computer's Combofix

Combofix is an efficient scanner capable of removing files designated as malware. It also allows you to create situation reports that can be used when seeking additional help. Combofix is one of those programs where you have to be careful about removing files. I recommend using it to create a baseline report when the computer is operating properly. That way, anything out of the ordinary will be obvious.

Combofix comes highly recommended by several TechRepublic members.

Final thoughts

As before, if I have missed your favorite anti-malware application, please let me know. For additional information, check out the first article in this series, The 10 faces of computer malware.


Check out 10 Things... the newsletter

Get the key facts on a wide range of technologies, techniques, strategies, and skills with the help of the concise need-to-know lists featured in TechRepublic's 10 Things newsletter, delivered every Friday. Automatically sign up today.

About

Information is my field...Writing is my passion...Coupling the two is my mission.

170 comments
Bar_Dev
Bar_Dev

I use kaspersky for initial scanning & malwarebytes anti malware for the leftovers.

mukababi
mukababi

I did not read all the posts so maybe Komodo Lab's Newt was already listed as a tool for baselining. You can run Newt for free on up to 25 Nodes. I am with a SMB that has over 25 nodes but less than 25 machines (not counting test boxes) and so by creating a custom scan of only production PCs and servers (

rood_b
rood_b

I didn't have time to read every post, but noticed a couple of complaints about Combofix getting blocked. The nastier malware will block Combofix, MBAM and most other tools. The solution I found for combofix is just to rename the file to either combofix123 or combofixabc. The best tool in my toolkit has always been the PE disk I use that has remote regedit on it. Also, if the date of infection can be determined, I go to the windows and windows\system32 folders and delete any suspicious looking files in those folders with the date of infection (I have the acronis true image plugin on the PE disk so I back the disk up to a USB hard Drive first).

JoniFili
JoniFili

Often after the removal of malware internet/LAN/Wi-Fi connection problems remains. I found WinsockxpFix (a free app) to do the repair just fine, with minimal input. Hope it helps, JF

ps.techrep
ps.techrep

It's easier to prevent malware than to later detect and clean it up. Check out eEye's Blink Personal (free) Edition, which includes an application firewall, AV engine that is hueristics based, and a vulnerability scanner. Also check out Belarc Advisor, which does an analysis of the security state of your PC.

thebronc
thebronc

malwarebytes.org - excellent - free and fix's the infections

seanferd
seanferd

I'll definitely have to check out SystemLookup.com. Thanks. :)

eyesak
eyesak

Avira Antivir - saved me from a couple of nasties. Malewarebytes and Superantispyware good also. Combofix - fixed it several times when the above would not. Good Discussion.

petur
petur

Try out Malwarebytes Anti-malware. www.malwarebytes.org I?ve used it a lot and like it. Free version is fully functional but without realtime protection

uberjew
uberjew

Combofix is great at removing spyware. It's been part of my spyware removal process for a while along w/CCleaner, Malwarebytes Antimalware, and HiJackThis.

Steelers6
Steelers6

Just tried Emsi a-squared and it froze at the recycle bin. I couln't get it to do anything. It found a dozen cookies but that was about it. It said it was at 100% finished but stuck in scan mode. I had to find the cookies myself and delete them and uninstalled Emsi a-squared Straight away! I'm using Vista 64 OS. Be warned it took 3 hours and got stuck. I'll try some of the other suggestion. Thanks to all.

kabluiii
kabluiii

Read the license terms. In short: It may conduct validation tests of your operating system from time to time. If the operating system is found to be invalid, some of the functionality of the operating system may be disabled. We all know the problems that may exist with Windows validation. And it's not nice to have an antivirus program disable part of your operating system because of some validation bug. Microsoft didn't really need to do that.

Doc/Logic
Doc/Logic

Install OSX on your PC from Apple!

Michael Kassner
Michael Kassner

I mentioned those in previous articles, but it certainly does not hurt to give them due justice in this one as well. Thanks.

Michael Kassner
Michael Kassner

I didn't know of that application. Appreciate you mentioning it.

Michael Kassner
Michael Kassner

I am close to having another 10 ways article. Thank you.

rhodsruner1
rhodsruner1

I've used malwarebytes to clean numerous computers which had variations of antivirus 2009.

Steelers6
Steelers6

Since A Squared flaked on me I'm looking for a better solution? Also, did you buy AVIR or use the free one, they don't have a trial offer for me to test it. Just free or pay to buy. I was thinking about SuperAnitimalware anyone recommend it? Thanks Again

mudpuppy1
mudpuppy1

It's become tiresome. We are all aware of the situation with Linux, OS X and Windows regarding viruses and malware. We don't need some elitist snob pointing it out.

Michael Kassner
Michael Kassner

OS X has enough vulnerabilities that it may become the low-hanging fruit real soon.

l_creech
l_creech

None of the networks I administer allow Macs to connect unless they have current AntiVirus/AntiMalware on them that complies with NAC rules. This is due to many pieces of malware now piggybacking in on the Intel based Macs. So while the Mac OS itself may and/or may not be as vulnerable currently, it is still a strong candidate for a quality AV/AM product to protect your (and your friends) Windows environments. This isn't a huge problem yet, but given a little more time it could become one. I have many friends running Mac OS that don't even bother to send me e-mail anymore because I block them based on their refusal to run AV/AM, didn't block any of them until I started getting forwards from them with viruses attached. I run AV/AM from multiple vendors on multiple platforms, including on my varius Linux boxes. No I don't run multiple active AV products on any single platform, but I do perform network scans randomly from the various platforms/products.

TNT
TNT

I have not tried Secunia but I've run Avira (the free version) for a couple years now on a few different machines (two XP laptops, one Vista 32-bit laptop, a Vista 64-bit desktop) and it's been great. I went with them because they are one of the few vendors at the time that offered a 64-bit version.

Doc/Logic
Doc/Logic

claim? Do you know me? Do you know where I grew up or went to school? Do you know what type of clothes I wear or who I call friend or neighbor? Please, tell me.

Doc/Logic
Doc/Logic

the only problems I have had were nVIR, a problem with a macro associated with Microsoft Excel, and a bunch of problems that went away when I stopped using Microsoft Explorer. "May become", please, there are over 287 THOUSAND viruses for computers, and virtually all of them affect only Microsoft products. This leaves virus and malware writers with a long way to go to "catch up". I'm not worried.

l_creech
l_creech

Being a Sprint customer, I actually looked at the Pre breifly. Nice phone for a first gen WebOS product. Multi-tasking on it is cute, shows layered apps. Can't talk on the phone while using a data stream though. That's an issue with CDMA networks partly, and the Qualcomm CDMA/EVDO implementation used in many phones. EVDO Rev. A products can if configured correctly, though most aren't from the dealer. iPhone uses AT&T's HSPDA network for data so that it can talk and use data streams simultaneously. I'm not an AT&T customer anymore because I can't afford to drop calls from customers, but if I was I still wouldn't have an iPhone mostly because I prefer Windows Mobile or Blackberry. Hadn't thought about the idea of banking via my phone browser, might try that out to see how I like it. Mostly I bank by phone anyhow, strictly an audio thing with no printout that way, and no keylogging possibility. I have used my banks online features, but it took until this year to get them to allow special characters and longer than 8 digit passwords. They did implement 2 factor seurity a couple of years ago, but I don't have much faith in pictures as a security system.

Michael Kassner
Michael Kassner

The fact that the iPhone allows only one process at a time makes it inherently secure. I am thinking about using it for banking. I bet they are going to change that though as the Pre can have multiple apps open.

l_creech
l_creech

Though I'm sure it is only a matter of time with the popularity of the iPhone, iPod, iTouch, etc... We all know Microsoft is targeted based on it's popularity or lack thereof, and its market share. There simply is no point in creating malware that isn't going to spread fast and far for the people creating it. I grant that it is a bit tougher to infect a Mac OS product or a *nix product, but it is still possible; and likely to become more commonplace with the growing popularity.

Michael Kassner
Michael Kassner

Any situations where a Windows VM or dual boot has infected the Apple OS? Is that even possible?

santeewelding
santeewelding

Is an acquaintanceship you may not wish to make upon due reflection. -Your older brother.

Doc/Logic
Doc/Logic

I get flamed all the time, but then people rethink and repost. I have experienced this thousands of times over 20 years. I supported a mixed environment for years so I really don't care what OS people use. For my personal system I use a Mac and have for many years, but my server array were all PC's running a variety of OS's. I use the Mac because I don't want to spend any time "tweaking" or "defending" the system, no one pays me for that. If they want to use some other system and pay me to support that I'm OK with that. I will say that I have been told I am too blunt about this as well as other things and I have to agree that I can be blunt. Sorry.

Michael Kassner
Michael Kassner

I am from Green Bay, miss the city very much. I used to work at the games back in the 60s. What happened at the first border battle?

Glastron
Glastron

From your post you are an self absorbed bore.

mudpuppy1
mudpuppy1

wasn't directed entirely at you. I just get so tired of the "my OS is better than your OS" thing. I see it constantly here. And it is usually stated with what appears to be a condescending attitude on the part of the Mac/Linux crowd. I didn't get that from your first post, but it did come through on the subsequent ones (at least that's how I saw it). It's difficult to gauge emotion in these forums. You just happened to be there when I felt like venting.I call it as I see it. For the record, I do use Linux on occasion (a variety of distros).

Doc/Logic
Doc/Logic

I don't live in the mid-west. That part is, well, inaccurate. Sorry, but I never fill out that type of question with correct info. Keeps away the psychos and stalkers. Perhaps I experiences to many problems on usenet, but by the time the WEB came along I was so cynical I had long since stopped using accurate personal data for registration forms. I will swear by what I wrote in the note to you. Every word is true. As for someone hiring me to perform IT work, I never completed my degree, have no certifications, and have been out of the biz for so long that everyone would consider my skill-set obsolete without bothering to talk to me. The really funny thing is that I consider my best skill to be that I ask questions until I fully comprehend the problem. I don't know when such things became obsolete, but if you pay attention it appears to have gone out of style. Heck, I heard someone, an adult woman in Detroit, state to a TV reporter that she "had no idea" where the funds came from in reference to a "stimulus package" for which she was in line to receive. Mein Gott in Himmel!

Michael Kassner
Michael Kassner

Let's chat about this and see if we can resolve it. I sense that you have much to offer, so I would love to advantage that.

Michael Kassner
Michael Kassner

I had a hunch you were academic-bred. I as well. Chicago, Michigan? What university? We need Mac types here, PM me.

Doc/Logic
Doc/Logic

Apparently we reached the nesting threshold on the other thread, so... whose Macs? At any rate, the Macs to which I refer are mine. I the past I did work for someone else. It was a mixed pc/mac environment. Perhaps one day I will again have the pleasure. Never know. To be a bit more informative, I worked at a university for over 10 years in a capacity best described as information management, then worked for IBM for a few years, but I left that position about 10 years ago (just over). I can say that I do not miss the days before ethernet was ubiquitous, it is much easier to move files across a network than in the past. I also hate all of the jpeg files that suck bandwidth. I also don't spell very well. As per the other issue, no problem. Perhaps I misunderstood you to be in agreement with the "elitist snob" label.

Michael Kassner
Michael Kassner

I don't even understand your question. I didn't say anything like that. This article is having good and providing a lot of good information. I don't want to lose that. If you would like you can PM me and we can discuss it further.

Doc/Logic
Doc/Logic

would lead you to classify me in such a fashion?

TNT
TNT

If I have asserted a fallacy then prove it. I still see no refutation of my premise, argument, or logic in anything you have yet written.

Michael Kassner
Michael Kassner

Yours or do you work for someone that runs Macs exclusive?

Doc/Logic
Doc/Logic

about my Mac PC's. There are so few problems it leaves me with what effectively no problems when compared to the enormous security problem presented by the Microsoft OS de'jure. I still remember how horrified I was after reading the specs and manuels for NT 3.5. Recognizing that the obvious design flaws apparent at that time are the root of the problems with the currant versions does not bring confidence to mind.

Doc/Logic
Doc/Logic

your logic, but I already recognize you appear incapable of knowing the difference. fallacy |ˈfaləsē| noun ( pl. -cies) a mistaken belief, esp. one based on unsound argument : the notion that the camera never lies is a fallacy. ? Logic a failure in reasoning that renders an argument invalid.

Michael Kassner
Michael Kassner

I would be foolish to argue something that is understood. I was just pointing out that in the world of IT security, one learns to never say never.

TNT
TNT

...because I doubt I could work under such an insufferable dolt. The logic of my argument stands, btw, unless you can refute it. Which you haven't. There is anti-virus for the Mac; granted it sits there waiting like the Maytag repair man, but it exists for a reason. I employ many types of tools, from behavior-based anti-virus to port scanners and more, to assure both my Mac and Windows networks stay clean. Anything less would be irresponsible.

Doc/Logic
Doc/Logic

I would provide a link, but why waste time proving what everyone knows to be the case? If you don't already know this, you need the practice so look it up your self.

Doc/Logic
Doc/Logic

things. The point of the article to which we are referring was how to detect malware. I'm not worried. By the way, I used to administer eleventy gazillion Mac labs and, given the apparent fallacious logic in what you attempt to pass off as argument, would not have hired anyone with as poor a skill set as you appear to have.

TNT
TNT

I administer 4 Mac labs and work mostly from a MacBook Pro every day. Do you ever look at what is in the update .dmg files before you install them on your Mac? A lot of the updates are to plug security holes. OS X is vulnerable it simply hasn't been exploited. Only the foolish think they are not at risk.