A question about Viruses and Spyware. 3 replies

Please wait...

BlitZ, The 57th

Fack, Fack you, Fack that

50 XP

20th April 2007

0 Uploads

3,236 Posts

0 Threads

#1 9 years ago

I just wanted to ask something about viruses and spyware, maybe to get to know them a little better. :confused: Lets say in this situation, I have another computer which USED to have internet. It has spybot and AVG and then the internet connection for it was cut off for about 3 months. Both haven't been updated for that period of time, and in that computer contains downloads like tools and mods from several different sources. If either one of the files has a virus or spyware and then I manage to update SB and AVG. Is the spyware or virus able to inflitrate so deep for that long period of time that the 2 programs cannot detect it? Even with a full system scan etc.




>Omen<

Modern Warfare

50 XP

1st January 2005

0 Uploads

7,395 Posts

0 Threads

#2 9 years ago

Chances are those programs would still detect one if it's there regardless of it having been a few months. In atypical cases rootkits can bury themselves beneath the OS, whereby it's good to have an anti rootkit tool like GMER, which is free. I and many here also prefer Avast to AVG, which is also free. The main difference between AVG and Avast is Avast will detect viruses before they download onto your HDD. Even more rare than rootkits are polymorphic trojans, which change their identity when detecting typical scanning methods. None of the free spyware tools detect such trojans, but they're so rare most don't worry about it. If you're really worried about it though, Trojan Hunter is a good one that's fairly easy to use.

A word to the wise is using some common sense and preventative maintenance to avoid the risk in the first place. Visiting sites with forceful pop up ads and/or risque content, giving out your personal info on sites that are not secure or trusted, and downloading content without a good firewall and AV that detects suspicious files or activity before it's downloaded is not wise. Using a browser that has good security features and low risk definitely helps. Explorer for instance, despite the claimed security advances of version 8, STILL uses an index.dat file in the cookies folder to track URLs you frequent, which is a malware loophole. However since many use IE to at least get updates and whatnot, it's not a bad idea to use CCleaner regularly, a free tool that cleans out cookies and the index.dat file.

Common sense is just as effective as good security software though. So may people I give help to do very little after I install and teach them how to use security software. Regular scans and OS updates can go a long way to preventing potential backdoors for bugs and you really do need to practice restraint in what sites you visit.




BlitZ, The 57th

Fack, Fack you, Fack that

50 XP

20th April 2007

0 Uploads

3,236 Posts

0 Threads

#3 9 years ago

I'm looking at the GMER web-page. They showed a screenshot and it detects "system modifications" by ROOTKIT activity. So are all such activities bad as in virus-bad? Or are there normal routine activites. Just wanted to make sure, since I'm not really one to stomach that much codes, numbers and those system languages. Touching the registries make me a little dizzy sometimes. This way I can just detect and remove immediately rather than think about whether or not its good or bad.




>Omen<

Modern Warfare

50 XP

1st January 2005

0 Uploads

7,395 Posts

0 Threads

#4 9 years ago

GMER only detects rootkits, not viruses. Rootkits work and hide beneath the operating system. If when GMER is done scanning there's anything listed in red text, it needs to be removed. All such activities as they describe on the GMER site which pertain to rootkit system modification are bad yes. BTW, DO pay attention to what the GMER author says about leaving the GMER file named randomly. He does this so rootkits cannot hunt for it, detect it, and disable it.

You need to keep in mind too that often times an AV program will detect something as a virus when in fact it is not. These are called false positives. If you are not positive what the AV detects is a virus the thing to do is quarantine it. By quarantining it you can keep it from doing harm, then safely go to the page where your AV tool shows it, jot down it's file name, then Google it.

You always have the option of later removing a file from the quarantine folder if in fact it's a virus. If not and you remove it, it will likely render one of your programs inoperable. Avast has more than just quarantine or delete options when it detects something though. It will also give you an abort connection option when it detects something server side that hasn't downloaded yet, which is one of the best things about it.