antivirusprotection

Aliases:
Trojan-Downloader.JS.Weis.b (Kaspersky Lab) is also known as: TrojanDownloader.JS.Weis.b (Kaspersky Lab), VBS/Psyme (McAfee),   Downloader.Trojan (Symantec),   JS/Psyme (Grisoft),   Exploit.ADODB.Stream.Gen (SOFTWIN),   VBS/TrojanDownloader.Psyme.NAF (Eset)

Description added    May 10 2007
Behavior                    TrojanDownloader
Technical details:
This is a Trojan downloader program. It is written in JavaScript. It can be found on web pages.
Payload:
The Trojan uses Microsoft.XMLHTTP to download a file from an address which is given as a parameter. This file will be saved using ADODB.Stream to C:\Program Files\Internet Explorer\
The file will then be launched for execution by a function which will vary in accordance with the version of Windows. Removal instructions:
-Delete the page with the malicious code, if it was launched from a local resource.
-Update your antivirus databases and perform a full scan of the computer.

Technical details:
This is the second macro-virus that also has pretensions to be The Number One in the “Macro.Visio” family. This virus is more complex than Macro.Visio.Radiant - it uses encryption and special tricks to hide its body in infected files.
The virus infects Visio documents, and stencils and templates upon opening an infected document. It enumerates all opened documents, stencils and templates and infects them by coping the virus body into them. To mark already infected documents, the virus writes “Visio2k.Unstable” into their description and does not infect documents with such a mark.
To hide itself, the virus closes all opened widows in the VBA editor, disables Visual Basic Editor’s menus and “Standard” toolbar. In case a user tries to edit the macros inside infected documents, he/she will see just the empty editor’s main window without any menus, toolbars and child windows.
The virus has a payload that triggers on the 31st, and it displays the message:
Visio2000.Unstable
Unstable, it’s hard to be the one who’s strong
Who’s always got a shoulder to cry on
Who’s got a shoulder for me?
The virus contains three procedures in module “ThisDocument” - “Document_DocumentOpened()”, “Unstable()” and “ci()”. Inside infected documents second procedure is unreadable because of encryption. The virus decrypts this procedure only just before its call.

Sydney-based PC Tools, purveyors of the popular Spyware Doctor antispyware utility, today announced their acquisition of Novatix Corporation.
Novatix’s flagship product is Cyberhawk, a real-time behavior-based anti-malware program. According to PC Tools, “Cyberhawk’s patent-pending ActiveDefense technology offers unsurpassed protection against both known and unknown viruses, worms, trojans, rootkits, buffer overflows and other forms of malware and provides effective protection against zero-day attacks.”
Mike Kronenberg, chief executive of Novatix, will become chief technical officer of North American operations for PC Tools.
Spyware Doctor has long been a PC Magazine Editor’s Choice for spyware protection, though the latest revision, Version 5.0 – a total rewrite with antivirus protection added – had some new-version problems. In testing, Cyberhawk Pro 2.0 was very effective at preventing malware from installing on a clean system. It doesn’t remove found threats, just bottles them up so they can’t do any harm. It’s a good match for Spyware Doctor, which thoroughly cleans up the malware infestations it finds.
According to PC Tools chief executive Simon Claussen, “This new technology will help strengthen our zero-day coverage and improve our ability to detect emerging threats”.
Kronenberg agreed. “We see this acquisition as a great fit for Novatix,” he said. “PC Tools is a leader in the anti-spyware and anti-virus space. Our combined efforts will ensure that consumers get the best protection possible. PC Tools’ broad reach in the consumer marketplace ensures our highly effective technology will have an even greater impact.”
When asked when customers would reap the benefits of this acquisition, Michael Greene, PC Tools’ vice president of product strategy, said immediately. “Consumers will start to recognize benefits right away.” Greene said. “The information that comes in from the Cyberhawk community protection feature will feed into our ongoing analysis of new threats, and our Threat Expert technology will help speed up processing”.
Cyberhawk Pro and the free Cyberhawk Basic will be backed by the PC Tools name and fully supported by PC Tools, Greene added.
Greene also declined to give a timetable on when both products would be integrated. “We don’t have a hard date for integrating the technology into Spyware Doctor, but it is part of the long-term plan. Not only will we have signatures for the stuff we know about, we’ll have behavioral technology for threats we haven’t seen.”

Spyware Doctor is a dedicated tool that can do precisely this. It begins scanning your PC’s contents as soon as you complete the installation and provides precise details of each of the items it determines are potential threats. SD scanned our 120GB test machine in less than 10 minutes and identified 34 problems.
Unlike some spyware and antivirus programs that simply warn you of the number of nasties lurking on or attempting to access your system, Spyware Doctor actually tells you what the threats are, one by one.
In addition, it explains the level of threat they pose and, on the right of the pane listing them, explains why cookies from known dodgy websites put you at risk. Threats are separated into low, medium, elevated and high levels, categorised by type such as advertising and tracking cookies.
It outlines why these are a risk and provides a history of how they’ve been known to exploit vulnerabilities. This way you know which threats you should immunise your system against.
The main Spyware Doctor window offers to scan or immunise your computer, and to switch on or off the OnGuard Protection utility. By clicking on the Tools menu you can select which particular types of threat you want the program to alert you to and to protect you against. These include keystroke loggers, adware, phishing tools and Trojans, plus items that make changes to your PC’s Registry.
A Smart Update setting ensures you stay up-to-date with alerts. You can schedule the program to run automatically. A handy tool will undo changes you’ve asked Spyware Doctor to make, such as removing items you then find you need.
Verdict:
Spyware Doctor impressed us greatly with its detailed reporting tools and the ability to specify exactly what you want it to be on guard for and what doesn’t concern you. It’s well priced and it’s refreshing to find a program that takes the time to explain each risk, helping you make an informed decision about whether to erase it.

Setup:
Spy Sweeper 5.3 is available for retail purchase or download, with or without antivirus enabled. We question why Webroot would make antivirus an option–shouldn’t it be standard? In light of this, we recommend buying the antispyware version only at $29. Current Spy Sweeper customers’ apps will be automatically upgraded to version 5.3 (with an option to enable antivirus for $10 more). We suggest all Spy Sweeper users wait and purchase the antivirus component in a future release. Note: the trial copy of Spy Sweeper will not remove any spyware it identifies unless you purchase the full product; we think this is wrong, and a crude way to force sales.
We experienced no difficulties installing Spy Sweeper 5.3 with Antivirus. After installation, we were asked to reboot our system.
Should you decide to uninstall Spy Sweeper, Webroot includes an uninstall icon on the All Programs list. After rebooting, we found no trace of Spy Sweeper in the Program Files directory or the system registry.
Interface:
The Spy Sweeper 5.3 with Antivirus interface remains unchanged from that of Spy Sweeper 5, with the exception of a tiny upper-right corner panel informing you whether antivirus protection has been enabled. Webroot’s integration of Sophos is invisible; for example, there’s no separate configuration page for antivirus scans, which initially started us wondering just how much antivirus protection exists within Spy Sweeper.

To tweak antispyware scans for individual files or folders, simply use the various Spy Sweeper configuration screens; however, we could find no separate configuration options for the antivirus part of the product, such as protective settings to block incoming viruses from e-mail or IM, a setting found in many traditional antivirus products.
Spy Sweeper’s interface is crisp and intuitive, the result of many hours of user-interface testing. For example, we like that during a scan, the color-coded tabs on the scan page mark your progress: Sweeping, Quarantine, and Summary.

Performance:
Webrot Spy Sweeper 5.3 is very slow at a scanning, requiring more than one hour to scan our Acer Travelmate 8200 laptop; other antispyware products completed their respective scans in around 20 minutes. That said, Spy Sweeper’s remains one of the better antispyware apps we tested. In exclusive testing by CNET Labs, Spy Sweeper’s active shields identified and blocked seven out of eight spyware samples we attempted to install, missing only one generic Trojan, Compare-prices.zip. For scanning and removing existing spyware samples, Spy Sweeper’s caught six out of eight. As for the removal itself, in a majority of the cases Spy Sweeper left some spyware residue behind, removing only three of the eight samples, creating the possibility that some of the sample spyware could reinstall itself. This last criteria sunk Spy Sweeper’s overall performance score. Webroot says Spy Sweeper removes only as much of the potential spyware as necessary to disable it, but we found competing antispyware apps removed all traces of some of the same samples that Webroot chose to leave behind, so that argument didn’t wash.

Spyware is a crafty and insidious threat, so you need good tools to combat it. Some anti-spyware programs can stop most attacks, but none stop enough.
You woudn’t use an antivirus app that failed to block or remove every virus it might reasonably encounter, yet anti-spyware apps that stop only about a third of the threats are often deemed acceptable, and ones that capture three out of four are praised as excellent. (We admit that we’ve been so desperate for some protection that we’ve been guilty of the latter ourselves at times.) It’s almost enough to make us throw up our hands in defeat—almost, but not quite. Unfortunately, even this subpar protection is better than none—and better than what you’ll find included with most security suites.
We evaluated nine antispyware apps that were updated fairly recently. Their results, on the whole, were an improvement over past versions—an encouraging sign. We tested the products on their ability to block spyware and keyloggers from installing on a clean system, as well as their success at removing the malware on an already-infected system. To avoid conflicts, you should use only one antispyware tool to block incoming attacks, but we strongly recommend that you use two or more to scan your system regularly, in the hope that each will cover the gaps in the other’s protection. And, of course, you’ll still need to keep your wits about you to lessen your chances of getting screwed by spyware.
 

The new Panda Internet Security 2007 offers the most complete protection so you can use the Internet with absolute peace of mind. It prevents data theft (login details, credit card numbers, etc.) and protects you from other Internet threats, such as viruses, spyware, hackers and online fraud. And now, for each Panda Internet Security 2007 product purchase, you will obtain protection for up to 3 PCВ’s!

Also includes:
- Panda Antivirus
- Panda AntiSpyware
- Panda Firewall
- Panda Identity Protect
- Panda AntiSpam
- Panda Parental Control
 
Key features:
Panda Identity Protect: Secures your personal data.  Personal data theft (account and credit card numbers, login details, etc.) is becoming a major threat to your security. With Panda Internet Security 2007, no one can access your data without your permission. Continue Reading »

Full-featured security suite offers top-tier protection, but it’s a space hog.

Symantec’s Norton Internet Security 2006 is a mature product that performs nicely–so nicely that we named it the Best Buy among ten security suites we looked at. On the downside, it can provide too many alerts and take up excess room on your desktop.

The suite offers a lot of features. It comes with antivirus, antispyware, and firewall protection, as well as parental controls, antispam capabilities, privacy functions, and IM protection. The package was easy to install and to configure for our network.

Since the default settings leave a lot of warnings and alerts turned on, the suite communicates with you frequently for the first few days you use it. One talkative feature is the Norton Protection Center, which installs a second taskbar icon in addition to the Norton Internet Security taskbar icon. It lets you know how well protected you are in five basic areas of PC maintenance: Security Basics, Email & Messaging, Web Browsing, Data Recovery, and Performance. In a thinly veiled marketing attempt, however, the Data Recovery category will read ‘No Coverage’ until you buy and use Symantec separate $50 Norton SystemWorks package. (Another irksome issue: Symantecs 24-hour telephone tech support costs $30 per incident.) Continue Reading »