| Payload |
When launched, the Trojan displays the message shown below:
The user is asked to enter the address of the LineAge2 gaming server, and his/ her user name and password. When the "Start" button is pressed, the Trojan sends the details entered in the "IP-Server", "Account" and "Password" fields via email to the address shown below:
The Trojan then ceases running.
| Removal instructions |
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
]]>
| Payload |
Once the Trojan is launched, it uses a vulnerability in the ActiveX component which has the unique system registry identifier shown below:
The vulnerability (CVE-2007-4105) is present in the "DloadDS()" library "BaiduBar.dll". The Trojan attempts to load a file via this vulnerability. The file is located on the remote server shown below:
The file will be saved to the current user's Windows temporary directory and launched for execution.
At the time of writing, the link was not active.
| Removal instructions |
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
]]>
| Aliases |
This Trojan downloads another program via the Internet and launches it on the victim machine without the user's knowledge or consent. It is a Windows PE EXE file. It is 79360 bytes in size. It is written in C++.
In order to ensure that the Trojan is launched automatically each time the system is restarted, the Trojan registers its executable file in the system registry:
| Payload |
Once launched, the Trojan creates the following system registry key:
It then sends the following request:
On contact with the URL shown above a parameter is added which transmits the latest version of the Trojan program. If there is no new version of the Trojan program available, the server sends the following answer: "<OK>". If there is a more recent version available, the server sends a link to the file containing the new version. The Trojan downloads an updated version of itself and saves it to the temporary directory under the following name:
The file is then launched for execution.
| Removal instructions |
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
| Payload |
The Trojan contacts the following web site:
There is a list of files for download located on this link.
This list is saved to the directory as shown below:
The links in the file are encrypted.
The Trojan then downloads files from the links and saves them as shown below:
<rnd> stands for a random string of numbers and lower case Latin letters Example: m2zpp.exe, 43m66m.exe.
Once the files have been downloaded, they are launched for execution, and then delete themselves. If the downloaded files are dll files, they will register themselves in the system and be launched for execution next time the system is started.
Once it has delivered its payload, the original Trojan deletes its body.
| Removal instructions |
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
The Trojan copies its executable file to the Windows system directory:
In order to ensure that the Trojan is launched automatically each time the system is restarted, the Trojan registers its executable file in the system registry:
The Trojan also extracts the file shown below from its body:
This file is 44608 bytes in size. It will be detected by Kaspersky Anti-Virus as Trojan-GameThief.Win32.WOW.ahe.
The Trojan also extracts the file shown below from its body:
This file is 31713 bytes in size. It will be detected by Kaspersky Anti-Virus as Trojan-GameThief.Win32.OnLineGames.mdl.
| Payload |
The Trojan loads the .dll file to all processes launched in the system.
The Trojan intercepts mouse and keyboard events if any of the processes below have been launched:
maplestory.exe wow.exe
It sniffs traffic sent to the following addresses:
216.107.***.53 216.107.***.51 216.107.***.52
It does this in an attempt to harvest account data for the following games:
Maple Story World of Warcraft
and some other games. The Trojan also analyses the configuration files of the games above and attempts to harvest information about gamers' accounts on the web server.
Harvested data is sent to the remote malicious user's site.
The Trojan also modifies the following system registry key parameter values:
The Trojan also attempts to terminate the following processes:
KAV RAV AVP KAVSVC
The Trojan also has worm functionality, making it able to propagate via removable storage media. The Trojan copies its executable file to the root of each drive as follows:
<X> indicates the relevant disk.
In addition to its executable file, the Trojan also places the file shown below in the root directory of every disk:
This file will launch the Trojan executable file each time the user opens the infected disk using Explorer.
| Removal instructions |
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
]]>
The Trojan copies its executable file to the Windows system directory:
In order to ensure that the Trojan is launched automatically each time the system is restarted, the Trojan registers its executable file in the system registry:
The Trojan also extracts the file shown below from its body:
This file is 114176 bytes in size. It will be detected by Kaspersky Anti-Virus as Trojan-GameThief.Win32.OnLineGames.szc.
The Trojan also extracts the file shown below from its body:
This file is 29815 bytes in size. It will be detected by Kaspersky Anti-Virus as Trojan-GameThief.Win32.OnLineGames.stcw.
| Payload |
The Trojan loads the .dll file to all processes launched in the system.
The Trojan intercepts mouse and keyboard events if any of the processes below have been launched:
maplestory.exe dekaron.exe gc.exe RagFree.exe Ragexe.exe ybclient.exe wsm.exe sro_client.exe so3d.exe ge.exe elementclient.exe
It sniffs traffic sent to the following addresses:
61.220.60.*** 61.220.62.*** 61.220.56.*** 61.220.62.*** 203.69.46.*** 220.130.113.***
It does this in an attempt to harvest account data for the following games:
ZhengTu Wanmi Shijie or Perfect World Dekaron Siwan Mojie HuangYi Online Rexue Jianghu ROHAN Seal Online Maple Story R2 (Reign of Revolution) Talesweaver
and some other games. The Trojan also analyses the configuration files of the games above and attempts to harvest information about gamers' accounts on the web
server.
Harvested data is sent to the remote malicious user's site.The Trojan also modifies the following system registry key parameter values:
The Trojan also attempts to terminate the following processes:
KAV RAV AVP KAVSVC
The Trojan also has worm functionality, making it able to propagate via removable storage media. The Trojan copies its executable file to the root of each drive as follows:
<X> indicates the relevant disk.
In addition to its executable file, the Trojan also places the file shown below in the root directory of every disk:
This file will launch the Trojan executable file each time the user opens the infected disk using Explorer.
| Removal instructions |
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
<x> stands for the letter of the removable disk.
]]>
| Payload |
The Trojan downloads a file from the URL shown below by exploiting a vulnerability (CVE-2006-1359) in the processing of "createTextRange" in Microsoft Internet Explorer:
The Trojan saves this file to its working directory as shown below:
The downloaded file will then be launched for execution.
At the time of writing, the link was not active.
| Removal instructions |
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
Note: Some vendors are referring to the Bofra worm as a variant of MyDoom, though even then there is disagreement as to which variant they claim it is. For example, Symantec (who also calls the widely known Bagle worm the Beagle worm) initially dubbed the Bofra worm as MyDoom.AH then later changed their name to MyDoom.AI). Bofra.A is a mass-mailing email worm that arrives without an attachment and infects when the user clicks on an enticing link contained in the Bofra worm's message. The email link claims to point to an adult video or webcam photos.
Specifically, Bofra.A exploits a vulnerability in certain versions of SHDOCVW.DLL, a Windows operating system file that renders the IFRAME, FRAME, and EMBED HTML tags.
The vulnerable versions of SHDOCVW.DLL are found on Windows Xp (SP1 and below) and 2000 systems. Windows XP SP2 is not affected.
The vulnerability was first discovered on October 23, 2004 with first public release of exploit code on November 1, 2004. Bofra.A was discovered on November 8, 2004.
The From address in the email is spoofed and portions of the header may also be forged. The Subject line of the email will be one of the following:
The Message Body varies and may be either of the following:
The links point to a webpage on the infected host (via TCP port 1639) that exploits the SHDOCVW.DLL vulnerability and results in a buffer overflow condition in Internet Explorer. This allows shell code to execute, causing the local machine to download and execute the malicious file, thus becoming another infected host (and making the download site a perpetually moving target).
The Bofra worm searches the newly infected system for email addresses, sending the email to those found, thus repeating the process.
A second variant of the worm masquerades as a PayPal notice, claiming that PayPal has charged $175 to your account and providing a link to find 'details'. Of course, clicking the link infects the recipient's computer.
]]>A killer at 11, he's free at 21 and kill again!
U.S. Secretary of State Condoleezza Rice has kicked German Chancellor
Angela Merkel
British Muslims Genocide
Naked teens attack home director.
230 dead as storm batters Europe.
Radical Muslim drinking enemies's blood.
Chinese missile shot down Russian satellite
Saddam Hussein alive!
Venezuelan leader: "Let's the War beginning".
Fidel Castro dead.
The attachment carried by the Storm worm may be named one of the following:
FullVideo.exe
Full Story.exe
Video.exe
Read More.exe
FullClip.exe
GreetingPostcard.exe
MoreHere.exe
FlashPostcard.exe
GreetingCard.exe
ClickHere.exe
ReadMore.exe
FlashPostcard.exe
FullNews.exe
Note: There are dozens of variants of the Storm worm. The following technical details may not apply to each of them. To determine whether a Storm worm infection is present, scan your systems with up-to-date antivirus software.
System Impact:
The Storm email worm may drop the the file 'wincom32.exe' into the Windows system directory (typically, C:\Windows\System under Windows 95/98/ME, C:\Winnt\System32 under Windows NT/2000, and C:\Windows\System32 under Windows XP.
The Storm worm loads the dropped wincom32.exe as a device driver by modifying the registry as follows:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wincom32
This device driver injects a module into the services.exe process, sets up a peer-to-peer filesharing network on infected systems, and opens and listens for commands on UDP port 4000, 7871, and 11271.
The Storm worm then downloads files from various remote IP addresses and executes those files on the local system.
Removal Notes:
The Storm worm is rootkit enabled and may hide files and processes associated with it and other malware it downloads. To remove the worm and other installed malware, scan the system using up-to-date antivirus software.
The worm will also copy itself to various peer-to-peer shared folders as the following files:
1001 Sex and more.rtf.exe
3D Studio Max 6 3dsmax.exe
ACDSee 10.exe
Adobe Photoshop 10 crack.exe
Adobe Photoshop 10 full.exe
Adobe Premiere 10.exe
Ahead Nero 8.exe
Altkins Diet.doc.exe
American Idol.doc.exe
Arnold Schwarzenegger.jpg.exe
Best Matrix Screensaver new.scr
Britney sex xxx.jpg.exe
Britney Spears and Eminem porn.jpg.exe
Britney Spears blowjob.jpg.exe
Britney Spears cumshot.jpg.exe
Britney Spears fuck.jpg.exe
Britney Spears full album.mp3.exe
Britney Spears porn.jpg.exe
Britney Spears Sexy archive.doc.exe
Britney Spears Song text archive.doc.exe
Britney Spears.jpg.exe
Britney Spears.mp3.exe
Clone DVD 6.exe
Cloning.doc.exe
Cracks & Warez Archiv.exe
Dark Angels new.pif
Dictionary English 2004 - France.doc.exe
DivX 8.0 final.exe
Doom 3 release 2.exe
E-Book Archive2.rtf.exe
Eminem blowjob.jpg.exe
Eminem full album.mp3.exe
Eminem Poster.jpg.exe
Eminem sex xxx.jpg.exe
Eminem Sexy archive.doc.exe
Eminem Song text archive.doc.exe
Eminem Spears porn.jpg.exe
Eminem.mp3.exe
Full album all.mp3.pif
Gimp 1.8 Full with Key.exe
Harry Potter 1-6 book.txt.exe
Harry Potter 5.mpg.exe
Harry Potter all e.book.doc.exe
Harry Potter e book.doc.exe
Harry Potter game.exe
Harry Potter.doc.exe
How to hack new.doc.exe
Internet Explorer 9 setup.exe
Kazaa Lite 4.0 new.exe
Kazaa new.exe
Keygen 4 all new.exe
Learn Programming 2004.doc.exe
Lightwave 9 Update.exe
Magix Video Deluxe 5 beta.exe
Matrix.mpg.exe
Microsoft Office 2003 Crack best.exe
Microsoft WinXP Crack full.exe
MS Service Pack 6.exe
netsky source code.scr
Norton Antivirus 2005 beta.exe
Opera 11.exe
Partitionsmagic 10 beta.exe
Porno Screensaver britney.scr
RFC compilation.doc.exe
Ringtones.doc.exe
Ringtones.mp3.exe
Saddam Hussein.jpg.exe
Screensaver2.scr
Serials edition.txt.exe
Smashing the stack full.rtf.exe
Star Office 9.exe
Teen Porn 15.jpg.pif
The Sims 4 beta.exe
Ulead Keygen 2004.exe
Visual Studio Net Crack all.exe
Win Longhorn re.exe
WinAmp 13 full.exe
Windows 2000 Sourcecode.doc.exe
Windows 2003 crack.exe
Windows XP crack.exe
WinXP eBook newest.doc.exe
XXX hardcore pics.jpg.exe
W32/Netsky-P harvests email addresses from files with the following extensions:
PL, HTM, HTML, EML, TXT, PHP, ASP, VBS, RTF, UIN, SHTM, CGI, DHTM, ADB, TBB, DBX, SHT, OFT, MSG, JSP, WSH, XML.
The worm has a trigger date of 24 March 2004, at which time it will attempt to mass mail.
Emails have the following characteristics (note that not all variations listed):
Subject lines: constructed from the following groups of strings -
Re: Re:
Re: Encrypted Mail
Re: Extended Mail
Re: Status
Re: Notify
Re: SMTP Server
Re: Mail Server
Re: Delivery Server
Re: Bad Request
Re: Failure
Re: Thank you for delivery
Re: Test
Re: Administration
Re: Message Error
Re: Error
Re: Extended Mail System
Re: Secure SMTP Message
Re: Protected Mail Request
Re: Protected Mail System
Re: Protected Mail Delivery
Re: Secure delivery
Re: Delivery Protection
Re: Mail Authentification
Message texts: chosen from -
Please confirm my request.
ESMTP [Secure Mail System #334]: Secure message is attached.
Partial message is available.
Waiting for a Response. Please read the attachment.
First part of the secure mail is available.
For more details see the attachment.
For further details see the attachment.
Your requested mail has been attached.
Protected Mail System Test.
Secure Mail System Beta Test.
Forwarded message is available.
Delivered message is attached.
Encrypted message is available.
Please read the attachment to get the message.
Follow the instructions to read the message.
Please authenticate the secure message.
Protected message is attached.
Waiting for authentification.
Protected message is available.
Bad Gateway: The message has been attached.
SMTP: Please confirm the attached message.
You got a new message.
Now a new message is available.
New message is available.
You have received an extended message. Please read the instructions.
Attachment description: chosen from -
Your details.
Your document.
I have received your document. The corrected document is attached.
I have attached your document.
Your document is attached to this mail.
Authentication required.
Requested file.
See the file.
Please read the important document.
Please confirm the document.
Your file is attached.
Please read the document.
Your document is attached.
Please read the attached file!
Please see the attached file for details.
followed by -
<attached filename>:
+++ Attachment: No Virus found
+++ MessageLabs AntiVirus - www.messagelabs.com
+++ Attachment: No Virus found
+++ Bitdefender AntiVirus - www.bitdefender.com
+++ Attachment: No Virus found
+++ MC-Afee AntiVirus - www.mcafee.com
+++ Attachment: No Virus found
+++ Kaspersky AntiVirus - www.kaspersky.com
+++ Attachment: No Virus found
+++ Panda AntiVirus - www.pandasoftware.com
++++ Attachment: No Virus found
++++ Norman AntiVirus - www.norman.com
++++ Attachment: No Virus found
++++ F-Secure AntiVirus - www.f-secure.com
++++ Attachment: No Virus found
++++ Norton AntiVirus - www.symantec.de
Attached file:
<filename>_ <recipient_name>.<extension>
<filename> chosen from:
document_all
message
excel document
word document
screensaver
application
website
product
letter
information
details
document
<extension> chosen from:
EXE
SCR
PIF
ZIP
W32/Netsky-P attempts to delete registry entries which may be set by variants of the W32/Mydoom and W32/Bagle worms.
W32/Netsky-P also creates a number of the TMP files in the Windows folder: base64.tmp, zip1.tmp, zip2.tmp, zip3.tmp, zipped.tmp. NOTE: The information contained in this analysis may be considered offensive by some customers.
W32/Netsky-P is a mass-mailing worm which spreads by emailing itself to addresses harvested from files on the local drives.
The worm copies itself to the Windows folder as FVProtect.exe and adds the following registry entry to run itself whenever the user logs on to the computer:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Norton Antivirus AV
= <Windows>\FVProtect.exe
The worm will also copy itself to various peer-to-peer shared folders as the following files:
1001 Sex and more.rtf.exe
3D Studio Max 6 3dsmax.exe
ACDSee 10.exe
Adobe Photoshop 10 crack.exe
Adobe Photoshop 10 full.exe
Adobe Premiere 10.exe
Ahead Nero 8.exe
Altkins Diet.doc.exe
American Idol.doc.exe
Arnold Schwarzenegger.jpg.exe
Best Matrix Screensaver new.scr
Britney sex xxx.jpg.exe
Britney Spears and Eminem porn.jpg.exe
Britney Spears blowjob.jpg.exe
Britney Spears cumshot.jpg.exe
Britney Spears fuck.jpg.exe
Britney Spears full album.mp3.exe
Britney Spears porn.jpg.exe
Britney Spears Sexy archive.doc.exe
Britney Spears Song text archive.doc.exe
Britney Spears.jpg.exe
Britney Spears.mp3.exe
Clone DVD 6.exe
Cloning.doc.exe
Cracks & Warez Archiv.exe
Dark Angels new.pif
Dictionary English 2004 - France.doc.exe
DivX 8.0 final.exe
Doom 3 release 2.exe
E-Book Archive2.rtf.exe
Eminem blowjob.jpg.exe
Eminem full album.mp3.exe
Eminem Poster.jpg.exe
Eminem sex xxx.jpg.exe
Eminem Sexy archive.doc.exe
Eminem Song text archive.doc.exe
Eminem Spears porn.jpg.exe
Eminem.mp3.exe
Full album all.mp3.pif
Gimp 1.8 Full with Key.exe
Harry Potter 1-6 book.txt.exe
Harry Potter 5.mpg.exe
Harry Potter all e.book.doc.exe
Harry Potter e book.doc.exe
Harry Potter game.exe
Harry Potter.doc.exe
How to hack new.doc.exe
Internet Explorer 9 setup.exe
Kazaa Lite 4.0 new.exe
Kazaa new.exe
Keygen 4 all new.exe
Learn Programming 2004.doc.exe
Lightwave 9 Update.exe
Magix Video Deluxe 5 beta.exe
Matrix.mpg.exe
Microsoft Office 2003 Crack best.exe
Microsoft WinXP Crack full.exe
MS Service Pack 6.exe
netsky source code.scr
Norton Antivirus 2005 beta.exe
Opera 11.exe
Partitionsmagic 10 beta.exe
Porno Screensaver britney.scr
RFC compilation.doc.exe
Ringtones.doc.exe
Ringtones.mp3.exe
Saddam Hussein.jpg.exe
Screensaver2.scr
Serials edition.txt.exe
Smashing the stack full.rtf.exe
Star Office 9.exe
Teen Porn 15.jpg.pif
The Sims 4 beta.exe
Ulead Keygen 2004.exe
Visual Studio Net Crack all.exe
Win Longhorn re.exe
WinAmp 13 full.exe
Windows 2000 Sourcecode.doc.exe
Windows 2003 crack.exe
Windows XP crack.exe
WinXP eBook newest.doc.exe
XXX hardcore pics.jpg.exe
W32/Netsky-P harvests email addresses from files with the following extensions:
PL, HTM, HTML, EML, TXT, PHP, ASP, VBS, RTF, UIN, SHTM, CGI, DHTM, ADB, TBB, DBX, SHT, OFT, MSG, JSP, WSH, XML.
The worm has a trigger date of 24 March 2004, at which time it will attempt to mass mail.
Emails have the following characteristics (note that not all variations listed):
Subject lines: constructed from the following groups of strings -
Re: Re:
Re: Encrypted Mail
Re: Extended Mail
Re: Status
Re: Notify
Re: SMTP Server
Re: Mail Server
Re: Delivery Server
Re: Bad Request
Re: Failure
Re: Thank you for delivery
Re: Test
Re: Administration
Re: Message Error
Re: Error
Re: Extended Mail System
Re: Secure SMTP Message
Re: Protected Mail Request
Re: Protected Mail System
Re: Protected Mail Delivery
Re: Secure delivery
Re: Delivery Protection
Re: Mail Authentification
Message texts: chosen from -
Please confirm my request.
ESMTP [Secure Mail System #334]: Secure message is attached.
Partial message is available.
Waiting for a Response. Please read the attachment.
First part of the secure mail is available.
For more details see the attachment.
For further details see the attachment.
Your requested mail has been attached.
Protected Mail System Test.
Secure Mail System Beta Test.
Forwarded message is available.
Delivered message is attached.
Encrypted message is available.
Please read the attachment to get the message.
Follow the instructions to read the message.
Please authenticate the secure message.
Protected message is attached.
Waiting for authentification.
Protected message is available.
Bad Gateway: The message has been attached.
SMTP: Please confirm the attached message.
You got a new message.
Now a new message is available.
New message is available.
You have received an extended message. Please read the instructions.
Attachment description: chosen from -
Your details.
Your document.
I have received your document. The corrected document is attached.
I have attached your document.
Your document is attached to this mail.
Authentication required.
Requested file.
See the file.
Please read the important document.
Please confirm the document.
Your file is attached.
Please read the document.
Your document is attached.
Please read the attached file!
Please see the attached file for details.
followed by -
<attached filename>:
+++ Attachment: No Virus found
+++ MessageLabs AntiVirus - www.messagelabs.com
+++ Attachment: No Virus found
+++ Bitdefender AntiVirus - www.bitdefender.com
+++ Attachment: No Virus found
+++ MC-Afee AntiVirus - www.mcafee.com
+++ Attachment: No Virus found
+++ Kaspersky AntiVirus - www.kaspersky.com
+++ Attachment: No Virus found
+++ Panda AntiVirus - www.pandasoftware.com
++++ Attachment: No Virus found
++++ Norman AntiVirus - www.norman.com
++++ Attachment: No Virus found
++++ F-Secure AntiVirus - www.f-secure.com
++++ Attachment: No Virus found
++++ Norton AntiVirus - www.symantec.de
Attached file:
<filename>_ <recipient_name>.<extension>
<filename> chosen from:
document_all
message
excel document
word document
screensaver
application
website
product
letter
information
details
document
<extension> chosen from:
EXE
SCR
PIF
ZIP
W32/Netsky-P attempts to delete registry entries which may be set by variants of the W32/Mydoom and W32/Bagle worms.
W32/Netsky-P also creates a number of the TMP files in the Windows folder: base64.tmp, zip1.tmp, zip2.tmp, zip3.tmp, zipped.tmp.
]]>F-Secure Anti-Virus 2009 comes with F-Secure DeepGuard™ 2.0, introducing network-based instant recognition of both safe and malicious software, which is able to protect you in 60 seconds from the first confirmation of a new threat. No other antivirus vendor has such "in-the-cloud" real-time protection network deployed globally.
With F-Secure® Anti-Virus 2009, you can open e-mail attachments and use your computer without any fear of virus infections, spyware intrusion or malicious programs that can take over your computer. In addition, F-Secure DeepGuard™ 2.0 provides instant protection against new threats with real-time protection network that shortcuts the hours it typically takes to send out database updates.
F-Secure Anti-Virus 2009
Advanced Virus Protection for Your Online Life
With F-Secure® Anti-Virus™ 2009, you can use your computer without any
fear of virus infections, spyware intrusion or malicious programs that can take
over your computer. F-Secure Anti-Virus has been designed to automate all key
tasks required to keep your computer and data safe from viruses. It's so easy
all you have to do is install and forget it.
DeepGuard 2.0 - Protect Yourself Against the Unknown
Fast-spreading hidden attacks designed by money-driven online criminals are a
major problem on the Internet. F-Secure Anti-Virus 2009 comes with updated
DeepGuard 2.0 technology that automatically protects you against anything
that might be a sign of danger in your computer. The new version also
introduces instant recognition of both safe and potentially bad software which
makes the technology virtually unnoticeable and more accurate than ever.
Protect your Privacy with Antispyware
Spyware can secretly track your surfing habits and profile your shopping
preferences. It can even hijack your web browser or abuse your Internet
connection by sending data to a third party. F-Secure Anti-Virus protects your
privacy by detecting and removing such software from your computer.
The Fastest Protection with Automatic Updates
Antivirus software is only as good as the capability of antivirus software
manufacturer to provide a timely cure for new virus outbreaks. F-Secure
Anti-Virus Research Team updates virus definition databases several times a
day to ensure that customers have 24-hour protection against new,
fast-spreading viruses. This is why F-Secure products constantly rank at the top
when compared with competing products.
Protects your computer against
viruses, worms and other attacks
With daily automatically updated
virus protection from the
world-renowned F-Secure Data
Security Laboratory and F-Secure
DeepGuard technology that
protects you against zero-day
attacks and other future threats, you
can safely use your computer, now
and tomorrow.
Detects and removes spyware from
your computer
F-Secure Anti-Virus removes secretly
installed software from your
computer, ensuring that your system
is running smoothly and clean of
spyware.
Fastest Protection
F-Secure is one of the leading
antivirus vendors when it comes to
reaction times and update delivery
times during virus outbreaks.
Protection Against Unknown Threats and Rootkits
Modern malware can break into your computer even if you have
up-to-date security components installed. F-Secure DeepGuard™ detects
and prevents any suspicious activity that might indicate a danger in
your computer. Rootkits are also detected and removed.
Scans E-mail and Web Traffic
POP3, IMAP and SMTP traffic are scanned for viruses so that you do
not have to worry about infected e-mails. Web Traffic Scanning
protects you against web sites that can infect your computer even if you
do not download anything from them.
Easy to Install and Use
F-Secure Anti-Virus is extremely easy to install and use. As the software
is highly automated, you do not have to understand the complexities of
data security.
The Fastest Protection Against Virus Outbreaks
Immediate reaction times and fast cures during new and emerging
threats ensured by F-Secure Research Team working 24 hours a day.
Security News
Get information about new viruses and their behavior immediately, as
well as the instructions on how to avoid the infection and a confirmation
whether your computer is already protected against the latest threat.
Multiple Scanning Engines
F-Secure Anti-Virus uses multiple scanning engines, bringing you the very
best in detection and disinfection. Each scanning engine specializes in
detecting a different type of malware. It is like having several antivirus
products running in your computer at the same time!
Software in your Language
F-Secure Anti-Virus has a clear user interface, including an easily
accessible electronic manual. Both the software and electronic manual
are available in your language.
F-Secure Anti-Virus is a great product that offers many of the standard functions associated with antivirus software, but also goes above and beyond the bar set by others with efforts by F-Secure to educate the people that use F-Secure Anti-Virus on general security practices as well as specific threats.
F-Secure Anti-Virus is one of the most effective antivirus programs on the market. Its heuristic scanner is considered by many to be one of the fastest and most complete on the market.
We did have some problems with its on-access scanner though. The test system we used is a pretty fast system. Intel Pentium D 2.8GHz with 1GB of RAM. The on-access scanner would sometimes bring this system to a halt when opening programs or moving files.
F-Secure Anti-Virus comes with the standard protection you would expect from any modern antivirus suite. Both on-access and on-demand scanners are included as well as a spyware scanner that runs with both. An email scanner is also included for those of us using local email clients like Outlook or Thunderbird.
One feature we especially liked about F-Secure Anti-Virus was the integrated news on the home menu. The Security News section is full of useful information about which new security threats are out and whether you are protected from each threat.
Integrated protection
Real-time protection, automatic updates, low-impact background scanning for on-line threats, and instant quarantining or removal of infected files ensures maximum protection. Every interaction between your computer and the Internet is monitored, so nothing can get onto your system without your knowledge. AVG scans in real time:
The new web shield checks every web page at the moment you click on the link to ensure you're not hit by a stealthy drive-by download or any other exploits. All links on search results pages in Google, Yahoo, and MSN are analyzed and their current threat level is reported in real time before you click on the link and visit the site.
AVG's award-winning antivirus technology protects millions of users and is certified by major antivirus testing organizations (VB100%, ICSA, West Coast Labs Checkmark).
When you purchase an AVG product, everything you need is included in the price for the full license duration - technical support, virus updates, and new program versions. All users of paid AVG products also qualify for generous discounts on subscription renewals and product upgrades.
]]>
Confidently download, share and open files from friends, family, co-workers - and even total strangers!
Protect your identity: shop, bank, listen, watch privately and securely
Guard your conversations with top-of-the line encryption
Play safe, play seamlessly!
Get fine-tuned performance from your computer !
Family network protection
Manage the security of your home network from a single location. BitDefender software from other computers in the network can be remotely configured, while tasks such as scans, backups tune-ups and updates can be run on-demand or scheduled to run during off-hours.
Hassle - Free Hourly Updates
Hourly updates ensure that you are protected against the latest threats without pushing a button. Lost program files are not a problem either. In the rare event of file damage due to PC problems, BitDefender automatically repairs and updates itself.
For those seeking the best antivirus software for the money AND an "install and forget" proposition, BitDefender is the right choice. Not only does it protect your computer and files, but BitDefender is easy to use, light on your computer and, maybe most importantly, light on your pocketbook.
No matter how technically capable any piece of software may be, the productivity enhancement it offers is only effective if people use it. This is especially true in antivirus software. The primary reasons people fail to protect their computers from a variety of malware are the cost and the 'burden' of installing and maintaining antivirus software. The best protection in the world is worthless if people find it cumbersome and distracting to use.
The same holds true for price. This is the beauty of BitDefender: It provides comprehensive protection, takes up little space on your computer, costs less and requires little maintenance.
You might think antivirus software that's this easy to use and this inexpensive might not be as effective as products with bigger brand names and bigger price tags, but you would be wrong. AV-Test.org is among the most prestigious, independent research laboratories in the world for testing antivirus software. In recent tests, BitDefender received their highest rating for having removed 98% of all viruses and spyware in their rigorous tests. In addition, BitDefender has received the highest ratings for effectiveness by Virus Bulletin (VB100%) and AV Comparatives.org, and was certified by ICSA, Checkvir.com and West Coast Labs for its ability to detect viruses and virus replication while minimizing false positives (detecting viruses that are not there).
One of the key features BitDefender has developed is a virtual machine that runs invisibly in the background on your computer where it tests suspicious code, which is code that looks like a virus but doesn't currently match any of the known virus signatures. In this way, BitDefender can protect your computer from viruses no one has reported yet. In the same tests by AV-Test.org, BitDefender scored higher than Kaspersky, Norton, Computer Associates (CA) and McAfee on its proactive detection of viruses and other malware with this heuristic approach. BitDefender scans somewhat slower than some of its competitors, due (we believe) to this virtual machine running. Naturally, there's going to be a price for this type of protection, but other products like ESET's NOD32 have done a better job at minimizing it.
Although BitDefender is great at removing viruses and spyware, it excels at protecting your system from incoming viruses. The new BitDefender can actually strip viruses from your incoming HTML stream before the virus makes it to your browser. We think every new computer should be outfitted with this kind of protection.
In the spirit of "install and forget" software, BitDefender doesn't go in for the blinking red and green lights to notify you of its activity. Instead, a tiny red and black icon appears in the lower-right corner of your desktop, just above the system tray. This unobtrusive icon is the scan activity monitor. A green line indicates when files are being scanned for viruses and spyware. You can remove the monitor by going into the configuration settings.
The antispyware section of BitDefender includes Privacy Protection. This feature is disabled by default, but turning this feature ON is recommended. In the Advanced Setting link, you can enter your credit card numbers or other private information, and if any Windows application attempts to send these over the Internet, it stops and requires your active permission. Otherwise, BitDefender will refuse any program that attempts to send your personal information over the Internet.
BitDefender is the only antivirus software reviewed with a gamer mode. With gamer mode enabled, online gamers are protected without sacrificing much performance. Since online gamers are notorious for disabling firewalls and other protection to optimize performance, this could be a lifesaver for the family computer used for online gaming by members of your household.
]]>Kaspersky Labs has been one of the best antivirus software developers in the world for over a decade and now Kaspersky Anti-Virus 2009 only strengthens that reputation. Founded by Natalia and Eugene Kaspersky in 1997, this Russian company is often the first to find and identify new viruses. Long used in Russia and Europe, Kaspersky is now making inroads in the North American market. Kaspersky Anti-Virus 2009 is one of the most effective antivirus packages in the world today and boasts a great interface with easy to use and intuitive controls.
Kaspersky Labs has always been known for its ability to effectively detect and remove viruses as well as or better than any software program on the market. Like BitDefender, Kaspersky was able to remove over 98% of all viruses it encountered in the most recent objective tests of AV-test.org. Kaspersky is also certified by all of the major virus/malware testing laboratories. Tests confirm Kaspersky's effectiveness. It found every virus on the test computer.
Although Kaspersky is excellent at detecting viruses and malware, it could use some work in the detection of spyware. Independent tests by AV-test.org showed that Kaspersky allowed 8% of adware/spyware to go undetected. Furthermore, Kaspersky's proactive/heuristic engine failed to meet the high standards set by BitDefender, NOD32, F-Secure, Panda and some others.
Like other software with proactive/heuristic engines to detect malware before their signatures are available, Kaspersky's scan is relatively slow. The time and resources demanded by these proactive/heuristic engines slows these scans, and relatively slow scans may be the price we pay for this level of protection. Of the antivirus software packages reviewed, only NOD32 scored high on both proactive detection and scan speed.
Kaspersky's feature set is one of its strongest assets. While BitDefender's interface is primarily an enable/disable feature set, Kaspersky is the software-tweakers dream with controls for nearly all of its features. Like most of the antivirus packages in our review, Kaspersky protects your computer from spyware as well as viruses. Scanning for both viruses and spyware simultaneously is far more efficient in terms of time and resources than stopping to do both separately. Kaspersky scans email and port 80 traffic (port 80 is the port that receives web traffic and must be open while browsing the web) so that this excellent software can detect and block online viruses, Trojans, and various other malware before they can cause you trouble.
Kaspersky also has a proactive defense for your computer. Kaspersky watches for unwanted adware, dialers, rootkits, remote access utilities and locks specific registry keys that malicious code may target to damage your computer. Furthermore, Kaspersky now includes protection from viruses while using IM and ICQ.
Kaspersky, in its ever-vigilance against viruses and other malware, now helps you create a rescue disc in the case that your computer is hit by some malicious code that makes your system unbootable. Although this effort to prepare users for the computer equivalent of Armageddon is commendable, the process is tedious and difficult. If you downloaded your operating system or the system disc is lost or unavailable, this feature will be unavailable to you.