This is a sponsored post written by me on behalf of Malwarebytes. All opinions are 100% mine.
While I am writing this, a sick, but beautiful, custom-built ASUS desktop is running behind me. It belongs to a client and is normally used by his teenage daughter. It is running a full Malwarebytes scan.
In the past, she has had infections on her computers twice that I know of. The first time was on an older HP, which was running Norton Virus Protection. At that time I normally carried a USB stick with RKill and the free version of Malwarebytes on it. I had found that Malwarebytes, by itself, did a good job of picking up things that other popular applications missed, but the addition of RKill to stop harmful processes before running a scan seemed to be more effective. So I plugged in the stick, ran the two apps, and cleaned her computer. The next time she had a problem, it was with the new ASUS, and this time she had McAfee installed. Again, I was able to find things with Malwarebytes that had got by McAfee.
I am not saying anything bad about either Norton or McAfee. None of the popular anti-malware programs will catch everything. These two examples just happened to be the programs she had installed or that came with her computers.
So when her father called me with indications that something was wrong again, I stopped by to check out her security. After cleaning the last infection, I had installed Microsoft Security Essentials in place of McAfee, which was about to expire anyway, and the free version of Malwarebytes. Lately, I have been recommending this combination for several clients and it seems to work well for them. MSE gives realtime background protection and a manual scan from Malwarebytes every now and then keeps the game honest. Since I am rather cheap, I have no experience with the paid version of Malwarebytes, but I suspect the realtime aspects and other features make it an effective primary security agent.
By the way, if you download a copy of Malwarebytes (or anything else!), always check the URL to see where it is coming from. If you do not do this simple check, you could end up with a surprise. Enabling the Web of Trust (WOT) in your browser is also a good thing. Careless clicking has got me the Babylon toolbar twice — you might think I would have learned after the first time!
The latest version of Malwarebytes comes with Chameleon, which does away with the necessity of running RKill first. Chameleon has the ability to attempt to run and kill harmful processes using a variety of aliases to fool malware that could be looking to stop things from getting in their way. Assuming that Chameleon runs okay, it will attempt to update Malwarebytes and then run a quick scan. This is okay, but for serious work, I interrupt the quick scan and select the full scan option. Remember that Chameleon only stops harmful processes temporarily. It must be followed immediately by a real scan.
This is what I did at the clients’ house, but since I did not have time to wait for the scan to complete, the father said he would watch it and, if it found anything harmful, he would delete them. The next day I called and asked how it went. He said that Malwarebytes found “several things” and he deleted them. I asked if he had noted the names of any. He did not. I asked if any were Trojans. He did not know, but the computer was working well now. I told him to call if anything else went wrong.
Two days later he called. The ASUS was intermittently rebooting and Firefox was stopping operation at random times. That is not much to go on, so I told him it would be best if I simply brought the bad boy home and looked at it more carefully. Then I asked when they first started seeing problems, since several months ago it had been working correctly. He said that it had been acting funny for maybe a month.
When I got the ASUS home, the first thing I did (with it in isolation) was to attempt to restore the system to a time earlier than a month ago. The system only had four restore points and they only reached back three weeks. Hmm…
So that is why the scan is proceeding behind me. I wanted to watch the process myself. Another surprise was a popup window warning me that Microsoft Security Essentials service was stopped. The computer was at risk. Hmm…
So what will I do if the Malwarebytes scan returns with no malicious software found? I will likely remove the hard drive and install it as an external drive on a test computer so that I can run other anti-malware scans on it. The last resort will be to scrub the hard drive and re-install Windows. I prefer not to do that, but sometimes a clean start is best. Let us pray Malwarebytes works its magic again. This blog must be posted shortly, so I will not be able to report the results today. The scan has taken over an hour so far. It is a pretty computer. I hope it will be okay.
In a future post, I will be more specific about the failure rates of various popular anti-malware applications — free and paid. Several sites specialize in testing and reporting results. There is a distribution of scores for various tests, but there’s some clustering at the top performance by the usual suspects. Unfortunately, the analysis of malware protection is not as trivial as saying program X found more of the test infections than program Y. When evaluating anything, we just naturally prefer a single parameter, but life, and fighting malware, is more complicated. Suffice it to say that I have seen nothing yet to dissuade me from the combination of MSE backed up with the free version of Malwarebytes. An exception might be to use the paid version as the primary protection.
The folks from Malwarebytes will be covering the famous DEF CON (hacker convention) from July 26 – 29th, 2012 at the Rio Hotel in Las Vegas on Twitter as well as their security blog, Malwarebytes Unpacked. There, you’ll also find a new three-part series, Phishing 101, that may teach you a few things about this rampant problem and how to avoid becoming an unwitting victim of some scammer’s plots and schemes.