Monday, January 19, 2009

Why Sophos Antivirus is not going to be on my PC.

Recently, I received Sophos Anti Virus from work. I just had a chance to test it; using it on a severely infected PC. The 1st problem I came across was when I allowed Sophos to uninstall 3rd party anti-virus, anti-spyware & anti-malware software. I honestly just wanted to see what Sophos Anti-virus would do on it's own.

After doing a scan with Sophos (which quarantined 6 files), I realized that it wasn't going to do much against spyware or malware. After the reboot Sophos kept throwing up messages telling me that such and such file was part of a spyware program and it wasn't able to do anything to Spyware Guard 2009.



I decided it was time to install my trusty sidekicks so I tried to install malwarebytes. Sophos didn't like that and for some reason (I think because I had allowed Sophos permission to uninstall 3rd party software). I then tried Spybot search & destroy and was not allowed to install it either. At that point I ripped out Sophos>

After ripping Sophos out I was then allowed to install 3rd party software. So, I installed malwarebytes, spybot search & destroy and Sophos (again). I wanted to give Sophos a chance so I then went ahead, as I usually do with these kind of infections, and did my patented 3 software scan with malwarebytes, spybot search & destroy and Sophos (usually I use AVG instead of Sophos).

My patented 3 software scans, in which Sophos quarantined 10 files (spybot & malwarebytes also found their share of bugs too), went as usual. Then, I waited. Usually in this same scenario, with AVG, I don't have to do much more to clean up the infected system. AVG, spybot & malwarebytes run well in tandem and spybot's "tea timer" real time feature usually catches new bugs attempting to re-infect the PC.

Within a couple of days, the same user called me back. The PC was still infected or re-infected. At that point I decided to uninstall Sophos for good. I felt that I had given it a chance on that PC. I installed AVG in the place of Sophos and AVG found several problems that Sophos did not.






Crazy enough, the 2nd scan with malwarebytes had more items (131) than the 1st scan. So, in theory while Sophos was in charge the computer had been reinfected with malware.

Friday, January 16, 2009

How to kill Spyware Guard 2008

Wow! This is a tough one to destroy. A little harder than Anti-virus 2008 because it highjacks the dns and is able to throw up some crazy sites including the message from Google telling the user that...

Google has detected unregistered Antivirus 2009 copy on your computer. Google recommends you to activate Antivirus 2009 to protect your PC from malicious intrusions from the internet.


When you click on the Google search bar you will most likely get the patented Spyware Guard "Best antiviral protection ever" window to pop up....



To get rid of Spyware Guard 2008 (or 2009) follow these steps...

  1. Add opendns #'s to your local area connection... http://www.opendns.com/
  2. Overwrite the host file at C:\WINDOWS\system32\drivers\etc\hosts with the host file from here... http://www.mvps.org/winhelp2002/hosts.htm Here's a direct link... http://www.mvps.org/winhelp2002/hosts.zip
  3. Install and run malwarebytes from... http://www.malwarebytes.org/ here's a direct link to malwarebytes at download.com
  4. Install and run Spybot search and destroy from... http://www.safer-networking.org here's a direct link to Spybot S&D at http://projects.securitywonks.net/
  5. Install and run AVG free antivirus from http://free.avg.com/download?prd=afe here's a direct link to AVG free antivirus at download.com
  6. Reboot and let all your antivius, antispyware & antimalware do their boot scans
  7. Congratulations! You should be clean! (if not please leave a comment and I'll help you).


You many notice that in my screen shots that I'm actually using Sophos anti-virus. I recently received this software through my work. I have not formed an opinion about it yet. It's a pain to install because it takes a long time to download updates and also if you check uninstall 3rd party software; you can't install the much needed malwarebytes and spybot search & destroy.

Saturday, January 3, 2009

Bypass OpenDNS & access blocked sites

Recently the I.T. staff at my College started using openDNS to block DIGG and many other sites and features (like chat software, myspace, facebook, twitter & a lot more). UltraSurf was the easiest way to access the blocked sites and services.

I downloaded the software from ultrareach.com, unzipped it, clicked on the exe and then clicked on "home". Internet Explorer popped up and I was able to go to all the sites that were blocked by our I.T. dept.

Now, I'm just wondering if it's completely safe. I searched google for others talking bad about UltraSurf but I didn't see anything that made me think it is unsafe to use. If anyone knows or thinks otherwise, please post a comment.

We used to access blocked sites with a vpn client running on an outside computer. My old roommate lived nearby and so we hijacked one of his family PCs so that we could surf through a VPN. I prefer to use realvnc.com's free vpn client. It's easy to use and best of all, it's free! If it doesn't work try a free logmein.com account. Gotomypc.com also has a great product but you'll end up paying for that.

There are some old tricks that used to work on some sites but I don't think they do anymore. This method did not work on our end on our most recent attempt. Maybe it will on yours...

If you know myspace's ip address you can type that in and it may work. If not, try this. Search on google.com.mx (mexico's google) and choose to translate myspace "Traducir esta página". Once the page has loaded into spanish you can reverse it back into English by swapping spanish (es) and english (en). This is how it will work...

http://translate.google.com.mx/translate?hl=en&sl=es&u=http://www.myspace.com/&sa=X&oi=translate&resnum=1&ct=result&prev=/search%3Fq%3Dmyspace%26hl%3Des%26sa%3DG