Trojans, Rootkit and Security

prescott28 · 18 Jan 2008 at 10:25

last night I found a couple of different trojans on my machine as well as what my Rootkit checking tool though was a rootkit. I am using AVG (Free version) and it did manage to clean up the files with AVG. However, as a precaution I haver formatted and re-installed my boot drive (and got rid of a lot of rubbish too) and I seem to be fine now.

The question is, ought I to invest in a paid-for anti-virus program and if so which one. Obviously if there is a better free one that would be better but I need security rather more than anything else.

My machine is operating via an ADSL router running NATS but I doubt that has any affect on trojans etc.

Any suggestions would be most welcome. I read the sticky on this topic but it is a bit old and things change rapidly in this area.

Teki187 · 18 Jan 2008 at 10:29

Nod32, best antivirus for £25.

MarcLister · 18 Jan 2008 at 12:04

If you want a paid for AV then I can't not recommend NOD32 as Teki187 says.

Give it a trial and if you like it get a year's licence. If you REALLY like it get a three year licence like I did. :cool:

You could also try the new Eset Smart Security which is the new antivirus/firewall super combo from the makers of NOD32.

Haven't tried this myself btw. I use the Comodo free firewall, SpywareBlaster, Spybot and a bit of common sense.

Avast for free if you are OK with that.

ALienBC · 18 Jan 2008 at 12:22

It's a tough question to answer. I've got by for years without any problem, running nothing more than a firewall and common sense. Until last week, when a normally-friendly website got hacked and redirected me somewhere nasty, whereupon zone alarm complained about a couple of progs trying to access the net, and promptly died. Yanking the network cable out started an extremely tedious process of rootkit/trojan/various virii removal, during which I realised

a) the AV market is extremely fragmented
b) everyone swears by some product, and at all other products
c) there is no consistency in what's reported by any AV software

Over the course of the last week I've tried AV and anti-malware solutions from:

Trend Micro
Zone Labs
Grisoft
Kapersky
Microsoft
Lavasoft
The Spybot folk

including installed and online scanners. I've also used more specialist removal tools than I can remember following advice from the nice folk on hijack this type forums. Every single scanner picked up a different combination of baddies. You'd have thought, that a complete deep scan from something like Kapersky, combined with follow-up scans by Microsoft anti-wotsit and Housecall, would be a pretty good bet. Then Zone Alarm detects yet another trojan.

My guess is, at least some of these are false positives. In the end I just formatted and reinstalled XP, as the only really surefire way of removing all traces of whatever may or may not have been there. And am now in the same situation as you... do I invest in something (that still won't pick up everything, and will basically get in the way and annoy me for the rest of time) or do I rely on something free, like AVG, that's probably not quite as good (and will still annoy me). Or do I just carry on without and hope another few years goes by before I get something nasty. It's a right mess, so it is.

Btw the only one I wouldn't recommend is Zone Alarm. I used to love the standalone firewall. Their stuff is getting very bloated tho, and the AV suite is pretty intrusive. A lot of people who buy stuff swear by Kapersky, which I think is prolly ok... PC Pro liked it in December, anyway. They have a free trial too.

abc

/edit - why doesn't the forum like me typing *** - w, o, t?

prescott28 · 18 Jan 2008 at 12:32

Thanks for the replies guys! I suspect this is a much more difficult question that I thought.

ALienBC, I think you rae right about people liking the software they own, but there seem to me to be more problems here. For example, I have been using AVG Free and Windows Firewall and have been quite safe for ages when in pop a load of Trojans and a rootkit or two. Now if have tried any of the AV programs last week they would have all got the same result - nothing detected. If I try one for the next month there might not be anything to be caught and if there is not, how do I know the software was any good?

I had wondered about Kapersky but there don't seem to be the tests to see how well it performs against the completion. I used to run Avast free version and had no trouble but was that luck or good software? I think a paid for solution is likely to be better in the long run so I'll go and have a look at Kapersky and Nod32 and investigate them. I'll report back when I have tried them.

Anyone else got any suggestions on this one?

ALienBC · 18 Jan 2008 at 12:45

The PC Pro review (group test, might be helpful for ya. They're not always right but often are..)

http://www.pcpro.co.uk/labs/145065/kaspersky-internet-security-7.html

abc

JayMax · 18 Jan 2008 at 14:00

1 Year Kaspersky Antivirus 7 or Kaspersky Internet Security 7 can be found for £11.46 inc Vat which is almost as good as free

prescott28 · 18 Jan 2008 at 14:58

Oh well, I'm going for the free trial of Kapersky and see how it goes. That leaves a few weeks to decide whether to buy it and where from too.