Should I install EWIDO? Comments appreciated. 1

[stduc]

I already run Lavasoft's Ad-Aware and Safter Networking's Spybot. I use McAfee antivirus & I rely on my routers firewall. My PC is up to date with microsoft updates. The O/S is XP Pro running on an Athlon 2000 with 1Gb of RAM.

I installed the 14 day trial of EWIDO but it seemed to slow my machine down. So for now, I have uninstalled it.

The question is, do I really need to use EWIDO or am I safe enough without it?

 

[electronicsfreak]

Well my opinion I would trust it over mcafee and norton. But that is my opinion as its what i use on mine. So its merely opinion on which to do.

 

[sggaunt]

When it times out, just run it as a scanner, it shouldn't affect your system performance.
But it will find things the others don't (in my experiance)
Other than that you are doing all the right things (Wish I had a hardware firewall), but the more tools you have the better.

[red]GNBM 4th Feb[/red] More on and other neat UK stuff at forum1091
Steve: Delphi a feersum engin indeed.

 

[pechenegs]

I would reinstall it and turn off its security guard and then it would not be using too many resources and just use it as a on demand scanner!

You already have MSAS so you can use that for real time protection!

You should also consider these tools!



here's some free tools to keep you from getting infected in the future.


to stop reinfection get these two tools, spywareguard and spywareblaster
from

http://www.javacoolsoftware.com/downloads.html

get the hosts file from here.

http://www.mvps.org/winhelp2002/hosts.htm

put it into :


Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC
Win 98\ME = C:\WINDOWS



ie-spyad.Puts over 5000 sites in your restricted zone so you'll be protected

when you visit innocent-looking sites that aren't actually innocent at all.

https://netfiles.uiuc.edu/ehowes/www/resource.htm

http://www.winpatrol.com/winpatrol.html

Use spybot's immunize button and use spywareblaster' enable
protection once you update it. you can put spybot's hosts file into
your own and lock it.



I would also suggest switching to Mozilla's firefox browser, it's safer, has
a built in pop up blocker, blocks cookies and adds. Mozilla Thunderbird is also a good
e-mail client.

http://www.mozilla.org/

Another good and free browser is Opera!

http://www.opera.com/

Read here to see how to tighten your security:

http://forums.techguy.org/t208517.html

A good overall guide for firewalls, anti-virus, and anti-trojans as well as
regular spyware cleaners.

http://www.firewallguide.com/anti-trojan.htm

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

 

[BadBigBen]

1.) You can always run it without the BackGround Scanner, just invoke it by Double Clicking on it... IMHO, it is one of the BEST AntiMalware progies out there, a few months back it saved me from having to reinstall WinXP...

2.) DO NOT rely only on your HARDWARE FIREWALL, back it up with a Software one, my suggestion... reason, a friend of mine did the same (though I was to blame partially for that aswell) , as he has a Hardware Firewall in his ROUTER and relied solely on it... now on the weekend I have to Reinstall WinXP on his Laptop, due to a real bad bugger that got past his HARDWARE FIREWALL...


3.) Follow Pechenegs suggestions!!! They are more than sound...


Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."

 

[sggaunt]

Dont rely on software firewalls either. Bad stuff can 'Tunnel through',
I have read that the best form of Firewall is a dedicated Hardware device connected via a VPN.
Not the same as a software firewall runiing on a router.

Niether of these contain the artical I remember but have letters that alude to the same thing.
Look in the Helpdesk file from issue 222 & 223 downloads that can be found here




[red]GNBM 4th Feb[/red] More on and other neat UK stuff at forum1091
Steve: Delphi a feersum engin indeed.

 

[confusedlady]

This is probably a silly question, but you are talking about the paid version, correct? Isn't the only free version of ewido a limited-time trial? That's the only reason I hadn't installed it.

 

[sggaunt]

You get the full set of features until the end of the trial periiod then it switches off background scanning and online updates, but the manual scanner still works and will still find as much stuff as during the trial period.


[red]GNBM 4th Feb[/red] More on and other neat UK stuff at forum1091
Steve: Delphi a feersum engin indeed.

 

[confusedlady]

After that, how do you update it?

 

[pechenegs]

Manually!

start/programmes click ewido security suite to start it up,and once ewido fires up simply click update!

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

 

[confusedlady]

Oh, OK! I didn't realize only the automatic sggaunt was only referring to the automatic updates!

Thanks-I can live with doing it manually-lol

 

[stduc]

Many thanks for all the advice. I installed the hosts file & its doing a grand job. Ad-aware hasn't found anything to do since! I'm still considering EWIDO - I suspect I'll give it another go as soon as I find time. I'll post back when and if I do.

I also added some of the sites listed in the hosts file to my router block list. This has produced some interesting results. My router now blocks newssearch01.thdo.bbc.co.uk every time I visit the bbc news website. I don't see any difference to the site however! I can't see anything in my block list that could match that string either. So I'm confused. Please, but confused.

[blue]pechenegs[/blue]
You already have MSAS so you can use that for real time protection!

I don't follow what you are saying here? Can you expand on this statement?

I also found a post on the netgear site that claims that some virus's are now targetting routers and cause them to open so many ports they crash! See

http://kbserver.netgear.com/kb_web_files/n101208.asp

for details.

 

[sggaunt]

Dont rely on any one scanner, you need one running real time to check what is comming in. Microsoft Anti Spyware will do this. and at least 2 other 'manual' scanners
Plus a real a time virus scanner, and a firewall.

The adverts on websites may have links that are in your blocked list. You may notice blank rectangles on some web pages.



[red]GNBM 4th Feb[/red] More on and other neat UK stuff at forum1091
Steve: Delphi a feersum engin indeed.

 

[stduc]

[blue]sggaunt[/blue]
Dont rely on any one scanner

I don't. I have McAfee configured to scan incoming + do a scan of the hard drive on a regular basis. In addition I 'hand scan' with McAfee all attachments before opening. I run Ad-Aware & Spybot regularly. I double check once a week with hijackthis. I think I'm paranoid enough.

[blue]sggaunt[/blue]
The adverts on websites may have links that are in your blocked list. You may notice blank rectangles on some web pages

I know, except I get either a white rectangle(s) on the page with a "404" error message, or a "Blocked by Netgear Firewall" message. Depending on whether the block originated from the hosts file or the firewall. However I get none of this with the bbc news site. So I am naturally curious as to what is going on. Are the beeb spying on us or???????

 

[confusedlady]

After seeing this post, I installed Ewido last week. I routinely scan with Ad-Aware, Spybot, and Microsoft Anti Spyware (realtime prot, and tea timer enabled), and use Sygate's firewall. Last night, Ewido caught some warez p2p bundle of adware. I'm at work, and didn't write exact name down......I did research it and it wasn't a dangerous one or anything (annoying stuff), but there IS a benefit to giving it another try, stduc.

Just an opinion...

 

[pechenegs]

If you want to stop viruses, trojans and worms from installing the best tools are HIPS ( Heuristic Intrusion Prevention Systems) but these are not for beginners and are very noisy = pop ups.

The main ones are

PrevX- has a free beta
Processguard - has a free version
Online Armor
ANtihook is free and very good and noisy!

There are many threads on these tools at the link below!

http://www.wilderssecurity.com/index.php?s=7dbcb6936a4c8a8ea10e216c098db28d

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

 

[stduc]

Thanks again for all the helpful comments guys & gals.

I am back on the EWIDO 14 day trial & I think I will buy it on day 12 (Can't do it on day 13 can I LOL)

Here's what I think happened the first time.

I got hit by Spy Sherrif. McAFee crippled it but couldn't remove javal32.exe. Nor could I do it by hand in safe mode. A bit of googling found me EWIDO - which I installed and it removed it + some other stuff it found.

I then lost internet. Naturally I was blaming EWIDO - but I think spy sherrif somehow caused my DG834 router to fall over. It took several re-boots of the router + a full power cycle to get internet back. Also my machine ran slow.

Uninstalling EWIDO speeded things up and I left it for a week or two to see if I lost internet again. All was OK so four days ago I re-installed EWIDO. It found nothing and seems to be running OK now without slowing the PC down, apart from at boot up.

So I suspect that as EWIDO found spy sherrif on the first install it may not have installed properly. Hence the performance hit. But I can't prove this of course.

I keep tuning the block list on my netgear router. I still can't figure why it blocks some sites. For instance I have to disable blocking to use amazon!

 

[pechenegs]

If you had spysheriff you should downlaod and run smiterem and this will clean off whatever leftovers are still on your computer!




* Click here to download smitRem.zip.


for W2k & XP

http://noahdfear.geekstogo.com/click counter/click.php?id=1

* Save the file to your desktop.
* Unzip smitRem.zip to extract the two files it contains.
* Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.



* Click here for info on how to boot to safe mode if you don't already know how.

http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam

* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"



* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.



Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

 

[stduc]

As [blue]pechenegs[/blue] suggested I got the hosts file from here.

http://www.mvps.org/winhelp2002/hosts.htm

Having applied this file to mine and several friend’s PCs with much success I tried to use it on my Dad’s PC. It did not work. On all the others I tested the efficacy by going to

http://www.activshopper.com,

(it’s one blocked by this host file) and got “the page cannot be displayed”. Which is the desirable result. However on my Dad’s PC the page came up.

The only reasons I can think it didn’t work on my Dad’s PC are that his is the only machine on dial-up. One thing I omitted to do was to flush the DNS cache using ‘ipconfig/flushdns’. It was rather late, I didn’t have much time and it slipped my mind. I will try this as soon as I get a chance or even email my Dad with instructions. Although I didn’t have to do this on any of the other PCs.

Can anyone suggest anything else I should check for to get this working?

 

[pechenegs]

Try editing the hosts file and put this entry in yourself manually and see if it blocks it?

127.0.0.1

http://www.activshopper.com

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars