Hav0c

Really just hope that MBAM don't go down the same path as Spybot-S&D, bloated and sluggish with all this additional add-ons.

I use MAC filtering by only adding the MACs manually the other thing is using a long complex passkey. Yes Mta and Andavari it's shocking to see how people do not change the default login username/password, wifi SSID and passkey Doest this count as "Layered security" ?

Sitting and wonder if anyone even use Hardware security ex Hardware firewalls. I know a router can be seen as Hardware protection but what else ?

Some recommended tools we users use that may help you scan your PC can be found here

Got some mixed feelings about AVG Anti-Rootkit, I have noticed the CPU usage is a bit high but understandable for this sort of tool and a lot less memory usage then I thought. I have a virtual PC dedicated to the running of viruses, malware and rootkits and the testing of AVs and Anti-Malware software. So I know for a fact that it has some weird stuff running on it and this is the best part AVG Anti-Rootkit detects NOTHING . Not even when I run both tests 10min apart. But Malwarebytes Anti-Rootkit, RootkitRevealer and Autoruns does indicate there are entries. Makes me wonder about AVG in general :unsure: .

All Rootkit are commonly installed under the same locations, RootkitRevealer even thou out of date still does a very good job in looking at the most obvious locations Rootkit are installed and is still fast. My bad in posting a "new" post and not update the one above .

So your application makes a "snapshot" of the file or of your system ? Isn't your network a bit on the busy side if every file is send to the ClamAV server and then back ?

I have disable unneeded services and AutoPlay capabilities.

A thing that I didn't mention was, Deep Freeze can be set up with a "save zone" where users can save data that will not be affected by the reboot. Ask the Admins if they didn't set up a "save zone" or can set one up for future use.

Hello and welcome to the forums. The place where I studied used Deep Freeze. It's a very, very solid piece of software ! My understanding of how it works is it locks all files pre installing of Deep Freeze. Once the system starts and you work on it ALL modifications done to the PC will be undone after you restart the system. In other words the system will resort back to the state when Deep Freeze was installed. All the files saved prior to installing Deep Frees to the system will be erased for good and you will not be able to get them back as Deep Freeze secure erase the files. I personally think that Deep Freeze was developed in the mid set of always having a stable testing system to work on no matter how hard you try to modify it.

In your opinion DennisD, Is AVG Anti-Rootkit anything like their AV, heavy on resources and bloated ? Going to try out the Anti Rootkit tools you mentioned and SpywareBlaster. Edit: Added 5 more tools i use in original topic.

Granted that it's slow in scanning and regarding but there is a improvement on how the application scans your system.

So we have a thread about what AV and what Firewall you use now it's time for what Anti-Malware / Anti-Spyware do you use ? Currently I am using Malwarebytes (v2.0.1.1004) and Spybot - Search & Destroy (v2.3). The new look for Malwarebytes isn't that impressive to me, with the new "ad window" the Malwarebytes secure Backup on the Dashboard just doesn't do it at all. All thou they did make a massive improvement on how the application scans your system that is a plus to in my book. Response time after sending them files are very good as well. Accessing tasks are pretty good as well. Spybot - S&D what can I say, the please donate everywhere is an eyesore, the multiple clicks to get a task done compared to the version 1.6.2 really, really do not like it. Version 1.6.2 with the correct setup you can just click scan and you could be sure that your entire system will be scanned. Now with the new version I am not that sure. All is so hidden in a way from the user. Really have to probe to get a setting. Then not even to mention all the misses on a system, it is Socking. Probably send then to date over 12 files that Malwarebytes, my AV and even VirusTotal detection and still after a month nothing from Spybot. Version 1.6.2 did a pritty good job in finding the bad things, wonder where they missed the boat. I totally forgot about some stand alone tools I use as well: RootkitRevealer (RootkitRevealer is an advanced rootkit detection utility.) Autoruns (Autoruns shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them) HijackThis (wonder why they stopped this application ) GMER CWShredder

Seems to be a bit of confusion with the Malwarebytes Anti-Malware. Combine entry [Malwarebytes Anti-Malware More*] LangSecRef=3024 Detect=HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe Default=False FileKey1=%CommonAppData%\Malwarebytes\Malwarebytes Anti-Malware\Logs|*.* FileKey2=%CommonAppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs|*.* FileKey3=%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs|*.* FileKey4=%CommonAppData%\Malwarebytes\Malwarebytes' Anti-Malware|mbam-setup.exe for version 2 and pre. There is nothing missing in FileKey1 as it is for version 2, FileKey2 is for pre version 2. The Detect used works for version 1.75 on my system. cant see why Detect1=HKCU\Software\Malwarebytes' Anti-Malware was added ??

I'm using v1.75.0.1300 this is my keys HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe Did testes a while back and found that Wow6432Node wasn't needed in most cases.

I am aware of this and Winapp2.ini (the member) did indicate this a while back as well that he will not include them within the Winapp2.ini file. It's more of a cherry pick anyway the lang entries. That is why all my lng entries have warnings.

Question ? Combine [Malwarebytes Anti-Malware 2.0*] LangSecRef=3024 Detect=HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe Default=False FileKey1=%CommonAppData%\Malwarebytes\Malwarebytes Anti-Malware\Logs|*.* [MalwareBytes Anti Malware More*] LangSecRef=3024 Detect=HKCU\Software\Malwarebytes' Anti-Malware Default=False FileKey1=%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs|*.* FileKey2=%CommonAppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs|*.* FileKey3=%CommonAppData%\Malwarebytes\Malwarebytes' Anti-Malware|mbam-setup.exe Into [Malwarebytes Anti-Malware More*] LangSecRef=3024 Detect=HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe Default=False FileKey1=%CommonAppData%\Malwarebytes\Malwarebytes Anti-Malware\Logs|*.* FileKey2=%CommonAppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs|*.* FileKey3=%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs|*.* FileKey4=%CommonAppData%\Malwarebytes\Malwarebytes' Anti-Malware|mbam-setup.exe FileKey1 is for version 2.0 and FileKey 2 - 4 for pre version 2.0 New [Malwarebytes Anti-Malware (Lng)*] Section=Language Files Detect=HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe Default=False Warning=This will delete all language files excluding English. FileKey1=%ProgramFiles%\Malwarebytes Anti-Malware\Languages|*.qm FileKey2=%ProgramFiles%\Malwarebytes' Anti-Malware\Languages|*.lng ExcludeKey1=FILE|%ProgramFiles%\Malwarebytes Anti-Malware\Languages|lang_en.qm ExcludeKey2=FILE|%ProgramFiles%\Malwarebytes' Anti-Malware\Languages|english.lng [Speccy (Lng)*] Section=Language Files Detect=HKLM\SOFTWARE\Piriform\Speccy Default=False Warning=This will delete all language files excluding the Default language. FileKey1=%ProgramFiles%\Speccy\Lang|*.*|REMOVESELF [Spybot - Search & Destroy 2 (lng)*] Section=Language Files Detect=HKCU\Software\Safer Networking Limited\Spybot - Search & Destroy 2 Default=False Warning=This will delete all language files excluding the Default language. FileKey1=%ProgramFiles%\Spybot - Search & Destroy 2\locale|*.*|REMOVESELF

If so, then why can there be a user xxxxx.yyyyy@gmail.com and xxxxxyyyyy@gmail.com active at the same time ? wouldn't that course a user already exist error ? (Getting a bit off topic here )

@Derek891 You did have something to offer namely EarthLink . This is just more of a "awareness" post to counter phishing, maybe EarthLink also needs users to help them counter phishing by sending in the links, I don't know. But one thing is for sure and that is AV companies appropriate it if their users send them phishing links or HTML attachments. Banks fraud department also appropriate it when customers sends them the links. @Winapp2 The spam bots that the guys uses just random the mail address. Some of them are very good at it also. I got a gmail address in format xxxxx(dot)yyyyyy and get mail for xxxxxyyyyyy and it's 99% phishing mails. So I just send it off to my AV.

I am getting a lot of phishing emails, send them off to my AV (Eset) and they add it to their signature list all the time. They gave me a link to help battle the fight against phishing. So join in it's really fun !! Link Send your phishing emails to your AV as well, together we can win ! *sound like a politician running for re election now*

Looks like this topic has come up a couple of times in the past as well. Spoken to ESET again and they said they will not change the "threat" level of the Google toolbar. This comeing from a fellow ESET user: all ESET users must either use the Slim or the Portable. Unless they want to look at the warning once again download the normal version ! Cant we link all ESET posts to this one so doing that we don't have to re-stat all this over and over ?

Every one will be in a database somewhere at some point in time this is a fact, If you have a I.D, passport, drivers license, or even if you want to adopt a dog at the SPCA you will be assimilated in a database. The FBI can just target the Department of motor vehicles, DOD, prisons then hospitals and get most of your information. So that will give them a nice heads start . Scary, yes ! Inevitable, yes !

Hey all, A nice little update as always ... So I am sitting here looking at some of the entries, especially the once with Detect=HKLM\SOFTWARE\Microsoft\Windows This entries are very, very vague (in my opinion) and causes a lot of false hits on my system. Cant we make this sort of entries more target specific and not "to whom running Windows" ?

New [JetBrains dotPeek v1.1*] LangSecRef=3024 Detect=HKLM\SOFTWARE\JetBrains\dotPeek Default=False FileKey1=%LocalAppData%\JetBrains\dotPeek\v1.1\Caches|*.*|REMOVESELF This entry needs to be updated by the user seeing they can save this software anywhere they want. [OllyDbg v1.10*] Section=3024 DetectFile=CUSTOM PATH\OllyDbg 1.10\OLLYDBG.EXE Defauly=Fasle Filekey1=CUSTOM PATH\OllyDbg 1.10|*.udd;*.bak;*.exe ExcludeKey1=FILE|CUSTOM PATH\OllyDbg 1.10\OLLYDBG.EXE EDIT: Added version within names