Norton Internet Security 2009 Review
Hi Everyone! I uploaded the 8 part Norton Internet Security Review to YouTube. You can watch any of my reviews by going to YouTube.com/mrizos.
NIS2009 performed pretty well! It removes a lot of serious malware, however it leaves behind a little adware (vundo) and a few trojan downloaders (the exe’s). Here is the HiJackThis log after a FULL scan and removal. Items bolded are malware files or malware based registry entries that NIS2009 did not detect:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:40 AM, on 9/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\VMware\VMware Tools\VMwareTray.exe
C:\Program Files\VMware\VMware Tools\VMwareUser.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\VMware\VMware Tools\VMwareService.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\update\update.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: (no name) - {01BA2111-5518-D0C8-A667-01E739079356} - C:\WINDOWS\system32\tnxqilzf.dll (vundo)
O2 - BHO: (no name) - {182C7ED7-E56D-4509-9D9B-AC49318D9895} - C:\WINDOWS\System32\urqqrsr.dll (file missing)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - (no file)
O2 - BHO: 717305 helper - {963916CD-6311-485D-93DC-3BD1B9E2D2CB} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe”
O4 - HKLM\..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe
O4 - HKLM\..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe
O4 - HKLM\..\Run: [wofgrqls] C:\WINDOWS\system32\wofgrqls.exe
O4 - HKLM\..\Run: [apadibub] regsvr32 /u “C:\Documents and Settings\All Users\Application Data\apadibub.dll”
O4 - HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKLM\..\Policies\Explorer\Run: [rTwrdHqj21] C:\WINDOWS\wpopejyl.exe
O4 - HKLM\..\Policies\Explorer\Run: [J286hthVnp] C:\WINDOWS\wpopejyl.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {2F0E7094-51A2-ECEB-8CF6-EF32B5ECD15E} - http://virusremover2008.com/VRM_Free.exe
O16 - DPF: {7D5DD829-6C90-42C5-B54C-2AFA82F988BA} (CLoader Object) - http://www.av-xp2008.com/tools/virusremover.dll
O16 - DPF: {C931FDF3-0319-0CAE-6DFD-8D061EABF08D} - http://virusremover2008.com/VRM_Free.exe
O21 - SSODL: zip - {177ab526-6b94-4cc2-b303-c1b6a4070316} - C:\WINDOWS\Installer\{177ab526-6b94-4cc2-b303-c1b6a4070316}\zip.dll (file missing)
O21 - SSODL: CheckMon - {b62df42a-0f78-46d6-81d0-3f0ae0d8dc6b} - C:\WINDOWS\Installer\{b62df42a-0f78-46d6-81d0-3f0ae0d8dc6b}\CheckMon.dll (file missing)
O22 - SharedTaskScheduler: frowardness - {b0fdc513-46b9-46fc-8e70-d575ee546dae} - (no file)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: VMware Descheduled Time Accounting Service (vmdesched) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\vmdesched.exe
O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService.exe
–
End of file - 4441 bytes
Over all, that’s not too bad. The malware left behind could easily be removed with a combination of mbam and sas (or it could be removed manually).
I have to really hand it to Symantec, their products are getting better and better these days!!! …com’on you’ve got to admit it…
Norton Antivirus 2009 wins the latest poll!
The Norton AntiVirus 2009 review will be uploaded on Saturday/Sunday.
My Favorite Online Virus Scanners
Here are a list virus scanners that actually scan and clean malware. These scanners require Internet Explorer. If you have an online malware scanner that you like please leave a comment with the URL:
http://housecall.trendmicro.com/
http://www.bitdefender.com/scan8/ie.html
http://www.pandasecurity.com/homeusers/solutions/activescan/
Vipre: The Day After Video
I just took a look at my PC with Vipre protecting it, here is what I found.
Sunbelt Working With Me
FYI - Sunbelt support has contacted me today and they are very committed to Vipre. Apprantly my videos gave them a few things to “work on” and they are doing that.
Posting Vipre “The Day After” video tonight.
Let’s see how that PC is performing a day later after Vipre was used to clean it.
Sunbelt’s Vipre - My Closing Opinion - Part 1
Vipre performed really well at detecting and removing malware, but only in safemode (remember, strictly speaking on removal abilities here). Basically there were too many infections and not enough RAM (512MB).
When using Vipre in normal bootmode it was unable to remove about 80% of the active threats and once
those threats were marked for deletion upon reboot they still were not deleted.
Like most other Anti-Malware solutions Vipre leaves some adware intact and active (BHO’s)
Would I personally use Vipre? Yes, but I would have to install SAS and MBAM as well (to help aid in the adware detection and removal).
Is it a 5 star program???…I’m still deciding on that. Only being able to remove threats in safemode is sort of a bummer.
What Music Do I Listen To When Reviewing AV Solutions???
Ministry….”Jesus Built My HotRod”…Keeps A Dude awake…………………….
good lord…im popular!
I have soooo many comments and questions to answer!!! please be patient…i’ll answer all questions ASAP!
Sunbetlt’s Vipre Reviewed!
Hi Everyone! I reviewed Sunbelt’s Vipre today.
youtube.com/mrizos