Think twice about Kaspersky

[jasonb31]

Kaspersky has really screwed up and they still have not fixed the problem. My Cyberscrub anti-virus has not been able update for over a month and that was only after a day of me figuring out why I was getting the blue screen of death. I figured it was the update over night that killed it because it was working fine that night and was dead in the morning with anti-virus alerts. You cant call them to get answers or support anymore. This is complete ignorance at best for a security company.

http://www.kaspersky.com/support/kav7/e ... =208279591

http://support.cyberscrub.com/ics/suppo ... eptID=5437

[YeOldeStonecat]

Kaspersky is one of the top two antivirus products out there (along with Esets NOD32). Detection and removal rates are unparalleled.

To be fair....pretty much all antivirus brands have had a def or program update tank the program....I've been doing IT support for a long loooong time..worked with the more brands of antivirus products that most people can name together in a list. It happens.

[Sava700]

Avast FTW... some don't think its any good as a few others but I've not seen it miss anything other than the occasional .bat virus that may tag along in the system32 folder but it does pick it up just won't remove it..thus you slave the drive and do it manually

[YARDofSTUF]

Avast FTW... some don't think its any good as a few others but I've not seen it miss anything other than the occasional .bat virus that may tag along in the system32 folder but it does pick it up just won't remove it..thus you slave the drive and do it manually

http://www.av-comparatives.org/

Check out the results.

For the on demand test Avast struggles on know polymorphic viruses and script viruses, its a not bad choice but NOD32, Kaspersky, and Antivir all do better.

On the retrospective/proactive test Avast falls flat on its face. Antivir does well again. The only downside to Antivir is that it reports more false positives than others.

Avast is not the best free choice, you may not have had it miss anything, by why not use a more effective scanner so that you dont miss anything in the future?

Avast and AVG are falling behind, Antivir is surprisingly picking up and doing more than in the past.

[jasonb31]

Kaspersky is one of the top two antivirus products out there (along with Esets NOD32). Detection and removal rates are unparalleled.

To be fair....pretty much all antivirus brands have had a def or program update tank the program....I've been doing IT support for a long loooong time..worked with the more brands of antivirus products that most people can name together in a list. It happens.

Then why is it taking them so long to fix the problem if they are so good? Thats what I do not understand. People who are not that good at computers would still be staring at a blue screen or paying someone to fix it because they cant get on-line for support or call them. I think its a bad move on their part.

[mnosteele52]

Taking so long to fix the problem? They updated their definitions within hours to fix the problem, it was a false positive that has been corrected.

[YeOldeStonecat]

Then why is it taking them so long to fix the problem if they are so good? Thats what I do not understand. People who are not that good at computers would still be staring at a blue screen or paying someone to fix it because they cant get on-line for support or call them. I think its a bad move on their part.

I don't know when the bad definition came out...but it appears on this "cyberscrubs" website..the support section, that they had an issue back on December 17'th of last year.

http://support.cyberscrub.com/ics/suppo ... eptID=5437

Cyberscrub appears to use the KAV engine. How much longer "Cyberscrub" took to address a bad update issue...I don't know if it was immediately with Kaspersky..or some time period after. That's a risk you take when you select a 2nd tier brand that rebadges someone elses product. But Kaspersky released definition updates usually each hour..

As mentioned above...I've seen every major brand of antivirus have a definition issue..it happens. You should try supporting corporate e-mail servers when a definition update tanks one! Gone are the days of taking a week or two to fine tune and super test in all environments a definition update....these days with the outbreaks and variants of malware out there demanding multiple updates per day...AV companies are pressured to release updates at a blistering fast pace.

[jasonb31]

Cyberscrub is still fixing the problem, I did not see where it said that Kaspersky was fixed. Cyberscrub was a company that the government picked for their security so I figured that they were good and they have been for years but now I have to wonder. Can you check over my log file for anything out of the ordinary if you have the time, I'm no expert like you and I want to be safe as can be.

Log file of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:49 PM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberScrub AntiVirus\AvpM.exe
C:\Program Files\CyberScrub AntiVirus\CAVSch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\CyberScrub AntiVirus\AvpM.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = %3clocal%3e:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kaspersky Anti-Virus Lite] C:\Program Files\CyberScrub AntiVirus\AvpM.exe
O4 - HKLM\..\Run: [CyberScrub AutoUpdate] C:\Program Files\CyberScrub AntiVirus\CAVSch.exe s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcC ... gctlcm.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRun ... stscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 8256887250
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8256876171
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\Program Files\CyberScrub AntiVirus\AvpM.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6278 bytes

[YARDofSTUF]

No real issues but to clean up a little remove:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

Also have you ever used the program, Startup List?

[jasonb31]

No I have not, Thanks for checking and the advise. I just seen that they posted an all clear on Cyberscrubs site.

[CableDude]

I've been doing IT support for a long loooong time..

How long? I'm kinda curious.

[TonyT]

No real issues but to clean up a little remove:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

Also have you ever used the program, Startup List?

Yahoo Companion leftover.

[YARDofSTUF]

Yahoo Companion leftover.

I was asking about startup list because im trying to find a connection to all these explorer.EXEs people have instead of explorer.exe or EXPLORER.EXE.

[TonyT]

I was asking about startup list because im trying to find a connection to all these explorer.EXEs people have instead of explorer.exe or EXPLORER.EXE.

yea, I know. AFAIK the explorer.EXE and other variations of caps are most occurring in XP Home non admin accounts, or sometimes from rootkits that kill explorer.exe when the driver loads and then launch Explorer.EXE because the code is written Explorer.EXE.

[jasonb31]

I got a better software for start up just to make sure and all is good, Nothing was starting that was not supposed to be.

[MadDoctor]

I've been doing IT support for a long loooong time but am still having problems providing good support. I like telling the user to kiss off and then sounding a air-horn into the phone before hanging up on them.

Fixed for truth.