Virus (and Spyware) Information Sites
Last Updated: 30 Jul 2006 (Prior Update: 01 Mar 2006)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*** PLEASE NOTE: Link(s), If Provided, May Be Wrapped ***
You can find out about current viruses (virii) and hoaxes
at the following sites:
ONLINE ANTIVIRUS SCANS
• McAfee ................. http://us.mcafee.com/virusInfo/
• Panda .................. http://www.pandasoftware.com/activescan/com/activescan_principal.htm
• Symantec ............... http://security.symantec.com/sscv6/vc_scan.asp
• TrendMicro ............. http://housecall.trendmicro.com/
AV RESOURCES (BULLETINS)
• AV Info Exchange ....... http://www.avien.org/
• Virus Control Center ... http://www.messagelabs.com/analysis/Statistics/daily/daily.htm
• VirusList .............. http://www.viruslist.com/
• InfoStar ............... http://www.infostar.com/webvir01.htm
• Microsoft............... http://www.microsoft.com/technet/security/virus/
• Northern Lights ........ http://special.northernlight.com/compvirus/
• TruSecure .............. http://www.trusecure.com/knowledge/hypeorhot/
• Virus Encyclopedia ..... http://www.sneaker.net.au/docs/encyclo/GIL1.HTM
AV PRODUCTS/VENDORS
• AntiGen ................ http://www.sybari.com/alerts/
• AVG .................... http://www.grisoft.com/html/us_index.htm
• AVAST .................. http://www.avast.com/
• CA Innoculan ........... http://www.cai.com/virusinfo/encyclopedia/
• Command Central ........ http://www.antivirusexpert.com/
• DataFellows ............ http://www.datafellows.com/vir-info/
• InVircible ............. http://www.invircible.com/
• Kaspersky .............. http://www.kaspersky.com/
• MailWarden ............. http://www.seattlelab.com/mwdefault/
• McAfee ................. http://vil.nai.com/vil/
• Nod32 .................. http://www.nod32.com/
• Panda Software ......... http://www.pandasoftware.com/
• Protector Plus ......... http://www.protectorplus.com/
• Reliable AntiVirus ..... http://www.ravantivirus.com/
• Sophos ................. http://www.sophos.com/virusinfo/
• Symantec ............... http://www.symantec.com/avcenter/
• Trend Micro ............ http://www.antivirus.com/vinfo/virusencyclo/
• Virus Buster ........... http://www.virusbuster.hu/en/product/antivirus/
ANTIVIRUS APPLIANCES
• Barracuda .............. http://www.barracudanetworks.com/
• FortiGate AV Firewall .. http://www.fortinet.com/
• Ositis eShield ......... http://www.ositis.com/english/products/pd_hardware_en.asp
• Panda GateDefender ..... http://www.pandasoftware.com/products/gatedefender/
• Trend Virus Wall ....... http://www.trendmicro.com/en/products/network/nvw/evaluate/overview.htm
HOAXES
• CIAC ................... http://hoaxbusters.ciac.org/
• Computer Medic ......... http://www.computermedic.ab.ca/virushoax.htm
• Hoax Kill .............. http://www.hoaxkill.com/
• PC911 .................. http://www.pcnineoneone.com/howto/hoax1.html
• Schmahl World .......... http://www.schmahl.net/cr/hoax.htm
• Sophos ................. http://www.sophos.com/virusinfo/hoaxes/
• Stiller Research ....... http://www.stiller.com/hoaxes.htm
• Security Resources ..... http://esearch.cc.columbia.edu/acis/security/
• Virus Myths ............ http://www.vmyths.com/
• Virus Hoaxes ........... http://www.virusbtn.com/Hoax/
INTERNET WORM RESOURCES
• WormWatch .............. http://www.wormwatch.org/
OTHER RESOURCES
• http://www.personalfirewallday.org/
• http://www.zdnet.com.au/reviews/hardware/peripherals/0,39023417,20272398-2,00.htm
• http://diescum.freespaces.com/
RUNNING ANTIVIRUS ON DOMAIN CONTROLLERS
• http://support.microsoft.com/?KBID=822158
• http://support.microsoft.com/?KBID=815263
SPYWARE/MALWARE INFO & REMOVAL TOOLS
• http://www.microsoft.com/athome/security/spyware/software/
• http://www.microsoft.com/security/articles/spyware.asp
• http://www.sunbelt-software.com/product.cfm?id=400
• http://www.sunbelt-software.com/product.cfm?id=410
• http://security.kolla.de/
• http://www.lavasoftusa.com/support/download/
• http://www.emco.is/networkmalwarecleaner/features.html
• http://tds.diamondcs.com.au/
• http://www.spywareinfo.com/articles/hijacked/
• http://pestpatrol.com/Support/About/About_Pest_Threats.asp
• http://www.greatis.com/regrun3useless.htm
• http://www.spywareguide.com/
• http://www.wilderssecurity.com/spywareblaster.html
• http://www.tom-cat.com/spybase/
• http://www.misec.net/
ANTIVIRUS POLICIES
• http://www.trendmicro.com/en/security/white-papers/overview.htm
• http://www.trusecure.com/knowledge/resource/wp_general.shtml
• http://www.microsoft.com/technet/columns/security/essays/10imlaws.asp
VIRUS CLEAN-UP PROCEDURE
If you suspect a machine of becoming infected with a
virus or trojan, particularly if it has evaded your
current AV scanner, you should seriously consider
taking the following steps to limit your exposure and
avoid infecting any other machines on your network:
1. Disconnect the system from the network.
2. Turn off the system.
3. Boot from a clean, write-protected floppy.
4. Run AV software with the latest signatures.
5. Reboot with the network still disconnected.
6. Run another AV scan.
7. After connecting to the network, try an online scan.
Also, consider booting into Safe Mode if possible.
Some viruses may inhabit files in the System Restore area.
This will necessitate disabling System Restore temporarily
to delete your old restore points, and get rid of the
virus or trojan. After this, you can re-enable System
Restore and create new restore points.
If you've been infected by one of the major worms which
leave backdoors, change permissions, etc, it is highly
advisable to format the system and reinstall the OS
(restoring data from a recent backup which has been
tested for cleanliness), rather than spending a great
deal of time trying to clean a seriously compromised
system. Far better to reinstall in these circumstances
than to suffer reinfection or a network intrusion because
of some lurking backdoor software.
• http://KB.UltraTech-llc.com/Docs/?File=VirusMitigation.PDF
DELUXE CRAPWARE CLEANING D.I.E.S.C.U.M.™ (by Carl Houseman)
• http://diescum.freespaces.com/
• http://www.santeriasys.net/article37.html
• http://lyris.sunbelt-software.com/read/attachment/458512/1/htmlversion.html
• http://lyris.sunbelt-software.com/read/messages?id=458512
PERSONAL NOTES
• 30 Jul 2006
Added link to updated D.I.E.S.C.U.M. v4.1 by Carl Houseman
• 01 Mar 2006
Added link to updated D.I.E.S.C.U.M. v4.0 by Carl Houseman
• 30 Jan 2005
Added links to Microsoft AntiSpy
Added links to Sunbelt-Software CounterSpy
• My stance on AV products with regards to servers is:
A - Unless it's a FILE server, I don't do real-time
scans.
B - On a FILE server, I only do real-time scans on
INBOUND files.
C - On Exchange servers, I use products such as Trend
or AntiGen which have Exchange specific modules.
D - On all other servers, I run scheduled scans once
a day during off-hours.
E - I hate Innoculan. CA customer service is worse
than abominable, and the product is far too
quirky for anyone's good. In fact, their whole
xxxxxxxxxIT line of products should be avoided.
A web server generally falls into Category D,
unless lots of people are allowed to upload things
to it, in which case set the Real-Time scanner for
INBOUND files only (Category B).
• AVG offers free AntiVirus software with regular updates
• Various FREE products install Spyware for the purpose
of tracking your internet browsing habits. Ad-Aware
gets rid of them for you.
• Ad-Aware is once again releasing frequent signature
updates. Some people still prefer SpyBot to Ad-Aware,
and many people run both. SpyBot tends to be a bit more
aggressive in what it recommends for removal, so be
very careful.
• One of the few real reasons to go with FDISK/FORMAT
is after a virus infection. It is advisable to start
afresh, rather than try and piece everything back
together, when there may be hidden backdoors put into
place by the virus.
RELATED SCRIPTS (ALSO IN THIS ARCHIVE)
• http://KB.UltraTech-llc.com/Scripts/?File=DelMalware.BAT
RELATED TOPICS (ALSO IN THIS ARCHIVE)
• http://KB.UltraTech-llc.com/?File=AntiSPAM.TXT
• http://KB.UltraTech-llc.com/?File=Security.TXT
• http://KB.UltraTech-llc.com/?File=NetPolicy.TXT
• http://KB.UltraTech-llc.com/?File=OSBasics.TXT
• http://KB.UltraTech-llc.com/?File=SMTP.TXT
