A-Squared free anit-malware false positives?

[VegasF6]

Anyone use A-Squared? I came across it recently while attempting to repair a hopelessly infected PC for a co-worker. I decided to try a full scan on MY pc with it as well. Came up with several positives that no other scanner detected. I scanned the same files and folders with spybot S&D, eset nod32 AV, malwarebytes anti-malware and ad-aware. Only A-squared returned the positives. Anyone have experience with this program?

Just FYI the co-workers PC finally had to undergo a full wipe, destroying partitions and formatting. No online scanners could be run, no exe files could be run, even in safe mode. Even if re-naming them. My first experience with Rootkit type malware, or so I suspect. As well as at least 3 rogues. Wow it was bad.

 

[StarHalo]

If NOD32 (updated and current) passed over them, then they're not threats. Note that there are now viruses that actively search through the internet for unprotected PCs to infect, without the user doing anything - the computer need only be turned on and connected. It's *very important* nowadays to ensure your anti-virus and your operating system are fully updated.

 

[Armed_Forces]

A-Squared is my second favorite malware scanner. The reason being is that it likes to keep a service running realtime using up resources unnecessarily. That is unacceptable for an on-demand scanner!

My first/favorite choice is SUPERantispyware ...it really is super! :thumbsup:

SUPER can knock out and fix corrupted systems like no other malware scanner ever! It is often times MORE effective than your AV(antivirus) because it was especially built to deal with spyware/malware and not just viruses. The line is getting blurred but there is still a distinction. If Super can't get it a reformat/reinstall is your only other viable option. Spybot and Adaware are ancient history.


Since you asked specifically about false positives, HERE's the ultimate solution and the answer to all your questions. Try it sometime and let me know what you think.

 

[VegasF6]

Armed forces, great I will try both of those solutions in my arsenal
Always looking for a new tool.

 

[mechBgon]

If NOD32 (updated and current) passed over them, then they're not threats.

After uploading thousands of malware samples to VirusTotal.com for analysis with >30 malware scanners, including NOD32 and several other good products, I don't share that optomism. Here's analysis of one batch of samples I collected in one evening: NOD32 detected 59 of 95 samples.

NOD32, in its default configuration, detected 59 of the 95 samples. Heuristics and compressed-file scanning were already enabled by default, and enabling detection of "potentially-unsafe programs" didn't result in any additional detections. NOD32 missed all the HTML exploits, the Frogexer pics, a rootkit, some Trojans and adware/fraudware files.

The point of the article is that everyone (on any OS) should look into proactive defense-in-depth techniques, instead of betting the farm on security software alone. I'm not sure many readers comprehend that point; most people seemed to react to it as an antivirus buyer's guide instead But what can ya do.


Regarding the original topic: you could upload the questionable files to VirusTotal and Jotti for further opinions, and/or submit them to Sunbelt's online sandbox if they're executables. If they're executable files, you can also send them to me in a password-protected Zip file, and I'll run them in a VM and watch their file/Registry/network traffic.

 

[Armed_Forces]

After 16 suggesions listed on your website, I've got a few.


17. Surf virtually and prevent ANY online exploit.


18. If needing to reboot is a dealbreaker, then run your browser Sandboxed
.....(also handy for testing questionable apps/software for those that don't have VMware.)


19. Consider a Linux distro and really be a few miles ahead of the bad guys.


Ubuntu is so easy that nearly anybody can successfully install it and have no problems running it.
Download a copy and give it a try by using the live CD without making any changes to your computer.
You can't beat the fact that it is completely free!


In the end it's all about layers of security and not relying on any one magic silver bullet, there will never be such a thing.


P.S. I have given a link to VirusTotals in my previous post. Everybody should bookmark/favorite that!

 

[bretti_kivi]

also consider VirtualBox; it's free for private use and is pretty good / more stable than VMWare for me.
Ubuntu to surf with is cool - why not run Xubuntu on that old Thinkpad 600E - from a CD - it will run

Malwarebytes rocks, apparently; TBH after using a reputable scanner or two and malwarebytes, you're done.

If it's still misbehaving, reinstall. While you're there, make sure data is on a second partition and that makes the process even faster.

Bret

 

[VegasF6]

Malwarebytes rocks, apparently; TBH after using a reputable scanner or two and malwarebytes, you're done.

A little dense here, but what is TBH?

Gotta keep in mind that I am dealing with complete novices here. All they care about it get it running for them again and save there emails and pictures and MP3's most of the time.

I do create a partition and tell them to put stuff in there. I try and talk them into using Thunderbird and Moz backup, though most people won't, they just hate change and want to stick with OE cuz it is what they know. I will put on as much active protection as is reasonable for them, but I know they are going to start adding search bars and themes and comet cursors and looking at porn and getting bad advice from others and screw it up again

Usually after spending 15-20 hours on the darn thing I will use Acronis true image and give them a boot disk and teach them how to use it, so hopefully they don't need me again!

It's not like a business or anything, but you guys know how it is. People just find you. And when I wasn't charging anything it was getting ridiculous. So I have to charge something for my time. A lot less than geek squad though!

I ran superantispy last night for the first time, seems like a good program. Hard to tell as that PC wasn't infected with anything, just found some tracking cookies.

 

[mechBgon]

After 16 suggesions listed on your website, I've got a few.


17. Surf virtually and prevent ANY online exploit.


18. If needing to reboot is a dealbreaker, then run your browser Sandboxed
.....(also handy for testing questionable apps/software for those that don't have VMware.)

Those are good, I've considered adding something like that. Maybe I'll put them in Step 1 as an alternate way of caging stuff, if a non-Admin account won't work for them. I also need to put in a mention of securing one's WiFi...

19. Consider a Linux distro and really be a few miles ahead of the bad guys.


Ubuntu is so easy that nearly anybody can successfully install it and have no problems running it. Download a copy and give it a try by using the live CD without making any changes to your computer. You can't beat the fact that it is completely free!

Installing and running Ubuntu would be pretty easy, as long as it'll run the software you want to run. Securing it properly, however, is more than I'm prepared to advise people on. And its "attack surface" might not be as small as people think...

After racking up something like 300,000-400,000 infection-free machine-hours on my fleet when I was a sysadmin, as well as meeting the bad guys head-on when I'm hunting malware, I'm pretty satisfied with Windows' security when best practices are followed. But use what works best for your needs :tinfoil:

 

[bretti_kivi]

TBH = to be honest

In my opinion; if you've run a couple of scans and it's still acting up, it's not worth trying to fix it. Get the data, reinstall.

Why? because maybe the user will get the picture that it's a good idea to think before clicking if they get to share the pain.

Bret