• Login
    • Search
    • Categories
    • Recent
    • Tags
    • Users
    • Groups
    • Rules
    • Help

    Do more on the web, with a fast and secure browser!

    Download Opera browser with:

    • built-in ad blocker
    • battery saver
    • free VPN
    Download Opera

    Antimalware Software

    Lounge
    4
    85
    37222
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • blackbird71
      blackbird71 last edited by

      What do you think of UnThreat by "Scandium" and 360 Total Security by "QIHU"? ...
      Also, I downloaded a Microsoft Safety Scanner - from here. And even then included, the download dialogue says "No information about security bla-bla". The address (URL) in question seemed o'k - blabla.microsoft.com or something...
      And none of those had a E-signature - is it normal?

      The MS Safety Scanner is a Microsoft on-demand scanner to manually scan your system for viruses. That is, it doesn't sit there and run all the time to continually check and protect you from whatever's going on. Moreover, it expires after 10 days, so you'd have to re-download it periodically to keep current.

      Regarding Qihu/Qihoo, there are several different ethics issues that have orbited around its business practices for several years (http://seekingalpha.com/article/1575722-qihoo-360-too-expensive-and-too-many-risks). In terms of performance, initially in May 2015, PC Magazine rated their 360 Product rather highly - but downgraded that to a bit above average after several independent AV testing labs found that Qihu had supplied a tweaked version for testing, rather than the one they market to consumers - an absolute no-no in the testing realm. This is another ethical lapse that raises major questions in my own mind about trusting the product, if for no other reason than that repeated questionable ethics do not bode well for a product I need to trust my computer to.

      Unthreat is not widely reported on, I've seen no lab tests of it (AV Comparatives, etc) and I have no personal knowledge of it.

      Most user reports I've encountered indicate Avira, BitDefender and Panda are all free and have very good real-world detection and low false alarm test rates. However, you would need to explore user comments about any of these to make sure there aren't other attributes in any of these that you might find annoying or unacceptable, the nature of freeware being what it is.

      Reply Quote 0
        1 Reply Last reply
      • A Former User
        A Former User last edited by

        From here, I tried that 'Avira' - the download didn't work. Bitdefender didn't show any free version there, neither did Panda.

        Reply Quote 0
          1 Reply Last reply
        • blackbird71
          blackbird71 last edited by

          You might try the Avira home site: https://www.avira.com/en/avira-free-antivirus and see what happens. The world keeps changing, so perhaps Bitdefender and Panda have dropped their free products. Another you can try is AVG, but it doesn't work quite as effectively as Avira and it can annoy you with nag screens.

          Reply Quote 0
            1 Reply Last reply
          • A Former User
            A Former User last edited by

            O'k, Black, I found that that link there was at that MS page, too, and got an exe now.

            So now, what about that cleaning we talked in the other thread just now?
            Shall I get exactly CCleaner or will RegScanner go?
            And what about that CCleaner after all? I've come across people mentioning issues*😕* Those might probably be due to the users' lack of attention? Is this thing REALLY reliable?

            Reply Quote 0
              1 Reply Last reply
            • blackbird71
              blackbird71 last edited by

              CCleaner is safe in its own right, but it is a very powerful tool and will turn up a lot of 'apparently' unlinked/obsolete registry keys in a scan. Which means a user that simply turns CCleaner loose and removes all the results (whatever they are) of a scan runs a genuine risk of messing up their registry and system software. The key to using CCleaner is to run it first to ONLY SCAN the registry... it will eventually bring up a list with a lot of questionable registry keys that it has found. Carefully remove any checkmarks from any registry key that does not explicitly contain the name of the software that was uninstalled but didn't fully remove. (This may leave behind a few obscure keys from the uninstalled software, but it will not risk taking out something else that's important to the system or other software that somehow showed up on the list for various odd reasons... my own experience is that 95% or more of an uninstalled program's orphan keys will show on the list with the name of the uninstalled program attached to it.) Once you've UNchecked everything NOT associated by name with the uninstalled program, you simply tell CCleaner to delete the named keys still checked and it will do it almost instantly. But again, back up your registry first and before you delete the keys, double-check the final list to make sure you haven't left checked something that doesn't carry the uninstalled software's name.

              Reply Quote 0
                1 Reply Last reply
              • A Former User
                A Former User last edited by

                back up your registry first

                Again - what does this mean?
                Shall I back up the keys listed or..?

                Reply Quote 0
                  1 Reply Last reply
                • A Former User
                  A Former User last edited by

                  Well, I've got a CCleaner from Softonic (ccleaner.en.softonic.com/download) - if you don't mind: the file name is not making sense, so to check it up, its size is 6.2 MB and my MSE found 281 items in it (exe) to scan.
                  Thank you for your advice.

                  Additionally downloaded another copy of it, a "latest version" from Filehippo.
                  It was (is) 6.3 MB, and the items are 281 too, while the filename does make sense this time...

                  Reply Quote 0
                    1 Reply Last reply
                  • blackbird71
                    blackbird71 last edited by

                    Personally, as a safety measure, I'd get CCleaner Free from its source (Piriform) at https://www.piriform.com/ccleaner/download. I've found that many of the general freeware houses like Softonic, Cnet, and such perform crap-ware bundling with their freeware installers, so whenever humanly possible, I get freeware directly from the makers. That said, my CCleaner dates from 2011 and the install file is around 3Mb (ccsetup304.exe); the current version at the Piriform site is ccsetup506.exe at 6.2 Mb, so obviously the program has inflated over the last few years - probably with some added features and improved registry signature recognition for which files go with which applications, etc. In any case, my old version still works just fine for my needs.

                    Reply Quote 0
                      1 Reply Last reply
                    • A Former User
                      A Former User last edited by

                      "b" is for bits, "B" - for bytes.

                      Reply Quote 0
                        1 Reply Last reply
                      • blackbird71
                        blackbird71 last edited by

                        True enough... I should have used MB.

                        Reply Quote 0
                          1 Reply Last reply
                        • A Former User
                          A Former User last edited by

                          Well, Black, then how do I know if the registry is relevant or not?
                          They might contain a hint in their filename or may not, is it right?

                          Well, in the case of MSE, its pusher's name is "msseces.exe". Will it always be the same pattern or is it not necessary?

                          Reply Quote 0
                            1 Reply Last reply
                          • blackbird71
                            blackbird71 last edited by

                            A look at CCleaner's Data and Registry Key (especially for HKLM) columns after a scan can frequently identify the name of the product that created the problematic registry keys. A quick online search can explain some of the obscure Data filenames if the program name is not evident. Most of the time, for major-name software uninstalls that have left residue behind in the registry, the program names will be obvious in one way or another. If in doubt, leave the entry alone (unchecked) when/if cleaning. Note also that the CCleaner registry scan will only reveal registry issues of one kind or another, not normal registry entries for still-installed software (unless that software has installed something incorrectly or created registry references to subsequently update-abandoned program modules). The main categories you would be concerned about for registry cleaning after an uninstall would be Type Libraries, Applications, Application Paths, Help Files, Obsolete Software, and Run at Startup. These are the options that should be checked in CCleaner's Registry Cleaner panel.

                            Reply Quote 0
                              1 Reply Last reply
                            • A Former User
                              A Former User last edited by

                              Using a Microsoft Safety Scanner now. It seems to check my PF Java folder for ages now. Is it normal?

                              Right, I resorted to it again - the MSE "retired" again 5 days ago. I guess I'm gonna part with it soon enough...

                              Reply Quote 0
                                1 Reply Last reply
                              • A Former User
                                A Former User last edited by

                                So, I seem to be about to switch.
                                The MSE "fails" for another time now, used MSS again...

                                The question is - what do I do exactly?
                                Shall I - right away - take to uninstall the MSE or rather do some more preparations?

                                My idea is like the following:

                                1. uninstall MSE;
                                2. reboot the machine;
                                3. install the replacement...
                                  Well, shall I reboot before, or after? or both? If at all..?
                                Reply Quote 0
                                  1 Reply Last reply
                                • blackbird71
                                  blackbird71 last edited by

                                  Normally, after any uninstallation of a program that has hooks deeply into the OS and registry such as an AV, it's wise to reboot the system before installing anything else. If you're concerned about some moments of online vulnerability with no AV in place, unplug the Internet connection before the reboot and until after the new installation has completed. However, in some cases, a newly installed AV program will right away want to go out to the Internet for any updates... so reconnect the Internet connection once the installation has appeared to succeed, and then check for updates (if the program doesn't automatically do it).

                                  Reply Quote 0
                                    1 Reply Last reply
                                  • A Former User
                                    A Former User last edited by

                                    Done already this morning.
                                    Rebooted BOTH.

                                    It's UnThreat, and it appears not to be free software but it's just a free trial - 30 days.
                                    So far it's o'k, there was a minor issue upon trying to close and other deal with its window the very first time - the thing got warped and distorted... Then I rebooted the second time, seems all right.

                                    During the very first - quick - scan it found some. I have questions...

                                    1. It was a Yandex toolbar (no location, no pertinence) which supposedly tracked me - I have a full report on the item.
                                    2. 107 'tracking cookies' - all (seemed) had similar paths: ...Docs&Sets>[myaccount]-etc.. The thing suggested to delete them - I agreed: was I right?

                                    Now to the toolbar report:

                                    Threat Information
                                    Threat Name:
                                    Russian Searchbar
                                    Threat Type:
                                    Adware
                                    Threat Category:
                                    Toolbar
                                    Risk Level:
                                    Moderate
                                    Traces
                                    Registry
                                    HKEY_USERS\S-1-5-21-989594913-985533698-406565276-1005\Software\Yandex -1
                                    Additional Information
                                    Description:
                                    A Toolbar is a type of browser plug-in that adds a third-party utility bar to the web browser, usually just below or next to the browser's address bar. A Toolbar typically has a search function and provides search results for paid advertisers. It often has buttons that are links to advertisers' web pages. An advertising toolbar may track browsing and search queries in order to display contextually relevant search results and ads.
                                    Advice:
                                    This is a moderate risk and should be removed or quarantined as it may negatively impact your privacy and security or make unwanted changes to your computer's settings.

                                    I accepted "automatic", and it quarantined the thing.
                                    What do I do?

                                    Reply Quote 0
                                      1 Reply Last reply
                                    • blackbird71
                                      blackbird71 last edited by

                                      I've never used Unthreat myself, but it most likely functions similar to most AVs in key aspects. From online reviews I read, it seems to be OK, but not necessarily the brightest star in the AV sky.

                                      Regarding #1: Personally, I avoid browser toolbars like the plague. So I would have no problem deleting one. Tracking cookies are usually another good thing to dump, unless there's some commercial site whose tracking and prompting of possible purchases are something you really want (I don't).

                                      Regarding #2: The Yandex toolbar (Russian Searchbar) is considered by most malware experts to be a Potentially Unwanted Program. It isn't malicious itself, but adds nothing of value to a user's browsing. Moreover, it exists solely to generate revenue by promoting marketing techniques that too often involve questionable products, and it is therefore considered by many experts as presenting security and privacy threats especially to uninformed users. Getting it out of the browsers is the correct thing to do.

                                      Quarantining in most AV products essentially gets the targeted malware files off the active system and into an isolation folder where they cannot function, but in most cases could be restored if the user so desires. If you find the quarantining of the toolbar doesn't break something somewhere on the system, you might as well go ahead and delete the toolbar files entirely from the quarantine folder. The advantage to initially quarantining malware is if that process "breaks the system", the files can always be put back. This would be of real value in cases where the AV mis-identified a legitimate file as being malicious and thereby broke some system functionality as a result... you could simply restore the file from quarantine to its original location and functionality. (Such mis-identification indeed can happen from time to time with AVs).

                                      Reply Quote 0
                                        1 Reply Last reply
                                      • A Former User
                                        A Former User last edited by

                                        Thank you.

                                        Day 1: feels quite neat.
                                        Haven't customised any settings yet, apart from the quarantine period (a trifle) - due to some uncertainty about the issue in question and alike. I'll update you how it's going (won't forget asking questions).

                                        Reply Quote 0
                                          1 Reply Last reply
                                        • A Former User
                                          A Former User last edited by

                                          I'll update you how it's going (won't forget asking questions).

                                          No full reports today - I was just playing with that "Copy to clipboard" & Co. for the first time, etc.
                                          However, I'll cite every item.

                                          Did a full scan last night.
                                          Started early, late night yesterday - for MSE performed full scan for hours and hours and hours (sorry, my disk space is populated).
                                          Surpisingly (as I only learned late in the morning), the AV spent only couple of hours and counted items scanned manifold less than MSE. However, it found 8 threats (some of them seem very likely to have sat there o'k in the MSE days) - of medium and high risk this time.

                                          They were of two types, ordered in 6 lines.

                                          The first group was adware:
                                          the names were 1) Adware.Agent, 2) Installerex/WebPick (fs), 3) Click run software (v) and 4) Iminent (fs)
                                          -
                                          just in case somebody knows something about this stuff.
                                          They were assessed as of 2/5 risk level and quarantined.

                                          The second group was named Trojans.
                                          There were three (or four?) items, their names seemed being the same - "Trojan.Win32.Generic!BT".
                                          I'd like to extend on this now...
                                          Yes, this first one was deleted, I'd obtained it myself from some video site perhaps in case I needed it, never started though: its path (containing file name) was C:\Documents and Settings[myaccount]\{My Docs}\...)\iLividSetupV1.exe.
                                          The second (or third?) one's path was C:\WINDOWS\$NtUninstallKB2808735$\win32k.sys, and I'd like to hear your word about it.
                                          The last (or something) one's path was to my other logical disk where I'd stored some archives: D:\Software\SoftonicDownloader7179.exe. The strange thing is that I remember obtaining and using it myself to download and install my first Opera browser*😕* And I can't remember any trouble following or deriving from that/since that... The thing, if I remember it all right, sat there for years (quite literally), etc...
                                          No idea.
                                          Anybody?😕

                                          Yes, these second group items (seem all) were of a high risk level, however by default, the lines had "quarantine" suggestions, IIRC.
                                          Strange thing - maybe a glitch: IIRC, I changed ALL the flags to "Delete", but deleted did definitely appear only one, first item in that group - the others got quarantined...
                                          Well, I'll see about this supposed glitch further, if I have an occasion.

                                          That's all for now.
                                          Thanks for your reading this*:)*

                                          Reply Quote 0
                                            1 Reply Last reply
                                          • blackbird71
                                            blackbird71 last edited by

                                            The win32k.sys file is almost certainly a legitimate file, since it was part of the KB2808735 Windows security update issued in April 2013 (KB2808735). Your AV found it in the normal KB uninstaller folder for that update, and most likely mis-identified it because it's a KB-removal restoration file and thus not located in the place the normal, in-use win32k.sys file version is found (c:\windows\system32\win32k.sys). The normal win32k.sys file is a critical Windows driver file, and is noted in the MS13-036 bulletin as having been modified in the KB2808735 update - so it's normal for a copy to appear in that update's uninstall folder. However, there is malware (ZeroAcess rootkit) that has been known to copy the file's name to obscure its payload, but that fake file is usually found in some web-accessible or user-account folder. My best guess is that your AV simply found the legitimate KB restoration file copy in a non-system32 folder and flagged it. In other words, it was a false positive. You probably should restore the file and mark it to be skipped by future scans in case you ever need to remove the KB update for some reason.

                                            Softonic down-loader files have a bad reputation for bundling 3rd-party, sometimes-nasty crapware along with the desired download. My guess is that your AV flags such down-loaders almost automatically by name because of the crap they occasionally carry along with them. I'd personally dump anything Softonic-related simply on general principles 😉 .

                                            I'd be careful about simply letting the AV immediately delete any files, but especially system-name files (like win32k.sys); in fact, some AVs will only ever quarantine system-name files because of the serious consequences of mis-identifying and destroying a legitimate and critical Windows file. In the case of win32K, for example, that would be true since removing the active version of the file in the system32 folder would probably lead quickly to a blue-screen failure. The best practice is always to set the AV to simply quarantine problematic files wherever possible, so that you can restore them if the system breaks somehow after their removal. Only after manually analyzing a quarantined file name and where it was found will I go on to delete it from the quarantine folder. Your search engine is your friend for this. If in doubt, leave it quarantined rather than deleting it. Some system or apps breakages may only show up after several hours or more of usage.

                                            Reply Quote 0
                                              1 Reply Last reply
                                            • First post
                                              Last post

                                            Computer browsers

                                            • Opera for Windows
                                            • Opera for Mac
                                            • Opera for Linux
                                            • Opera beta version
                                            • Opera USB

                                            Mobile browsers

                                            • Opera for Android
                                            • Opera Mini
                                            • Opera Touch
                                            • Opera for basic phones

                                            • Add-ons
                                            • Opera account
                                            • Wallpapers
                                            • Opera Ads

                                            • Help & support
                                            • Opera blogs
                                            • Opera forums
                                            • Dev.Opera

                                            • Security
                                            • Privacy
                                            • Cookies Policy
                                            • EULA
                                            • Terms of Service

                                            • About Opera
                                            • Press info
                                            • Jobs
                                            • Investors
                                            • Become a partner
                                            • Contact us

                                            Follow Opera

                                            • Opera - Facebook
                                            • Opera - Twitter
                                            • Opera - YouTube
                                            • Opera - LinkedIn
                                            • Opera - Instagram

                                            © Opera Software 1995-