TechSpot

Better to Leave Antivirus Programs at Beginning of Malware Cleaning

By Bobbye
Apr 29, 2009
Post New Reply
  1. I had hoped to reach a wider audience with this, but the thread was deleted and I was told "The Meeting Place" was where it should be. I don't agree. This forum is for 'off-topic' threads but my post is very much "on" topic! Here it is:

     
  2. bobcat

    bobcat TechSpot Paladin Posts: 688   +67

    Since this matter was posted in the Meeting Spot, I assume it’s open for comments from ordinary members, so I give mine, which by definition are just my opinion:

    1 The best place for such advice, if considered applicable, would be its integration in the 8-steps for Removal of Malware.
    2 If it requires official discussion and approval before being implemented in the above thread, which is reasonable for such a thread which is justifiably closed, then it should be posted in Site Feedback & Suggestions rather than in an off-topic meeting place.
    3 If a member already has installed a good premium AV plus firewall, I see no point in replacing them with the free tools mentioned. That would be a “step” in the wrong direction. The free tools are not better than the top premium tools, not even as good I’d say.
    4 Indeed, Step 1, or the whole thread, contain no advice for such replacement, merely mention good free tools for those without protection. Of course, those who lack either AV or firewall, should proceed to immediately install the free tool(s).
    5 However, if there is a tendency for advisors to recommend the a.m. replacement, then Step 1 should be amended to make it clear that it is not recommended.
    6 If, on the other hand, a member’s existing AV is clearly considered below par, it may well have been the reason for the presence of malware. In this case, replacement seems logical before trying to get rid of the malware. Probably even better, the member should first scan with the existing inferior tool, then replace it and repeat for more results.
     
  3. Bobbye

    Bobbye Helper on the Fringe Topic Starter Posts: 16,335   +36

    bobcat, I originally posted this in the Virus and Malware forum. It was deleted and I was sent a PM that if I wanted it on the board, I had to change the title (I did) and post on this Off-Topic board. Of course, it's not 'off-topic' at all which was part of my point.

    You itemize my thought exactly and your #6 covers what I said in my third to last paragraph.
     
  4. CAMusing

    CAMusing TS Enthusiast Posts: 179

    Discussion of Virus and Malware

    Bobbye Mon Ami

    The relegation to "The Meeting Place" of your discussion on the subject matter makes no sense.

    Perhaps, the "powers to be" of this website could explain their rationale to the members, or not.
     
  5. kritius

    kritius TS Guru Posts: 2,084

    Bobbye,

    You know my position on this.

    If someone has paid for a security suite then we have no right at all to "recommend" that they unistall.

    No antivirus is perfect and everything will let something through at some point. The only time we should be telling people to install antivirus is if they don't have any.
     
  6. mopar man

    mopar man TechSpot Ambassador Posts: 1,379

    I am I'm still learning a lot about AV, but from what I've seen and heard in the past few months, it seems that Norton and Mcafee have been found to miss a LOT more than Avira, so wouldn't that mean it'd be best if they have something like that to recommend them run a scan with the program already installed, and then maybe TEMPORARILY remove the paid AV?

    This coming from Dr. Vader from here on Techspot, he's done a lot of cleaning recently on school computers and kid's computers we know from school...
     
  7. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Here's the official quote
    Obviously the UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions
    Does not require updating

    Regarding why this thread is at The Meeting Spot
    This is because it is not on topic
    What is on topic ? On topic would be when you post for support required
    The Meeting Spot is to allow other members to discuss things, otherwise not related to the normally offered support.
    Therefore this threads location is correct, as stated previously and clearly (before this thread was made) to Bobbye, through PM

    In regards to mentioning: Use another Antivirus
    Here is another quote: Note this is a Rule
    Therefore if any member wishes to help in the Malware removal process they must first, check the logs and act originally solely on that.

    I agree with Bobbye that the suggestion to replace the currently installed Antivirus can be made at the end of the entire cleaning process, but it is also not against any rule, if a member wishes to suggest (without demand) to replace the currently installed Antivirus, at any time during the thread, whilst also going through the logs

    I hope that clears things up ;)
     
  8. bobcat

    bobcat TechSpot Paladin Posts: 688   +67

    When is Replacement of AV Advisable

    I wish to clarify and stress my all-important point 6:

    I do see a logical case for recommending an alternative AV before removal of malware, but strictly provided that the existing AV is clearly substandard. After all, we are trying to eliminate tough malware and we need a good tool, not an inferior one probably responsible for its presence in the first place. Trying to do it with an inferior tool and then installing a good one, is like holding a faulty umbrella that won’t open, and opening a good one after being soaked by the rain. The fact that the substandard AV has been paid for is not a real consideration, it’s what is called in accounting a “sunk cost”. Just because we bought a faulty umbrella doesn’t mean we should be soaked by the rain instead of opening a freely available good one.

    I repeat that all this refers to substandard AV’s, and I further clarify that by substandard I don’t mean Norton, McAfee or any other leading product. Performance differences do vary depending on who and when performs the test, but leading products generally do a good job. Of course, my arguments also refer to a stable system that will tolerate changing AV’s, otherwise they are inapplicable.

    Now as regards differences of opinion, the OP did not refer to inferior AV’s, so I see no existing disagreement.
     
  9. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Really?
    Well I'll give you an example then. ;)

    The "Op" states Malware is likely present and also provides the attachments. All good so far
    The "Op" also states that he cannot access the Internet and his AVG8 Antivirus will not update

    Now I'll just pause here before continuing. AVG8 is known to stop Internet access when it is corrupt. This has been proven hundreds of times on hundreds of threads and is related to one driver, a network driver ironically, that is a part of the AVG8 installation.
    Just by pure co-incidence Norton also can corrupt with a similar network driver causing a similar - no Internet access scenario.
    After much investigation (generally through loads of experience) with Norton and AVG8, it was found that this network driver would mainly only corrupt under malware or Virus infection (being a tad ridiculous) And by removing this offending driver the "Op's" machine could in fact access the Internet again! But to remove the single network driver, the Antivirus uninstall tool would need to be run.

    Therefore under this one example, I would suggest to remove the inferior AVG8 Antivirus (Note: I honestly believe AVG8 is inferior anyway) by running the removal tool
    On all occasions (all) this then allowed Internet access again.

    Therefore this would be a "logical case" for removing a corrupted Antivirus, and a perfect opportunity to suggest an "alternative" better Antivirus, such as Avira. Note: Avira has never caused this network issue, even under Malware Virus infection, and Avira seems to be better anyway, as proved by scans done after AVG8 has been scanned, finding and removing further malware / Virus. Plus it uses less resource than I'd say all other Antiviruses with it's single running process as shown in Task Manager.


    So, this would then confirm that depending upon the scenario, an alternative Antivirus can be mentioned
    By the way, I could also list the many advantages and disadvantages between Antiviruses, but the main point being here, was: Is it ok to suggest another Antivirus at any stage throughout the thread, from a support member ? Yes most definitely ! If that support member believes that replacing the Antivirus will help the "Op" in the process of removing malware.
     
  10. bobcat

    bobcat TechSpot Paladin Posts: 688   +67

    Lack of communication?

    Without meaning disrespect, I fail to see the entire point you are trying to prove to me. :confused: While your initial reaction seemed disapproving, your conclusion clearly agrees with me, while the example you bring supports my case.

    Unless…you have misread my statement: Please note that when I say I do, I don’t mean I don’t
    …Such misunderstanding could lead to the annulment of every existing marriage. ;) :D
     
  11. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    I find you posts to be very clear and well set out
    My only intention was to re-confirm (via example case scenario)

    My concern was that if any member noticed me saying "uninstall AVG8 ...." I wanted to let all know that it would be for a valid reason. Although that reason may not seem directly apparent at the time, nor may the reason for any support offered be required to be defended at any stage.

    All support members should help each other and give beneficial positive criticism when required. This is a community constantly on the grow. This thread itself and the members posts prove the dedication and willingness for us to have a better community. If we all set out in one direction, to grow and provide better help to all, as a community, then this forum will continue to be one of, if not, the best support forum on the Net :grinthumb
     
  12. captaincranky

    captaincranky TechSpot Addict Posts: 11,702   +1,886

    Bobbye; shouldn't a member with close to 4000 posts know that it was pretty much pointless to post it anywhere? You had to know that you'd be shouted down the instant you hit "submit reply".
    You can have a working AV program that you're happy with, no malware symptoms, and you'll still be told to remove it and install Avira.

    From my own standpoint, I keep my restore disc handy, never install any more software than I need to cruise the internet, and keep all passive files off the C:/ drive. If disaster strikes, in go the discs, and out goes the mean old virus. Ask for help, do a bunch of scans over and over, I pass. Fool me once shame on me, fool me twice.....not happenin'
     
  13. Bobbye

    Bobbye Helper on the Fringe Topic Starter Posts: 16,335   +36

    If this had been the case, I would NOT have posted this. But is is not- I see users being told to uninstall Norton and McAfee "functioning, updating" security suites. It is NOT just the AVG replacement.

    Obviously, if a user cannot update AVG, nor connect to the internet, the possibility of corruption exists-
    but there are other possibilities:

    1. Malware is preventing the update
    OR
    2. Malware is preventing the internet connection.
    OR
    3. Malware is preventing BOTH the update AND the internet connection.

    It wasn't too long ago that a Microsoft Update prevented internet access to those who also had Zone Alarm on their system. These same users could have had a perfectly functioning AVG program. Obviously, if you cannot connect to the internet, you can't update!

    If I ever reach that point, I will cease my computer activity in helping others. This is suppose to be a board with a 'moderator'> this should be a good thing. I see liberties being taken that are being followed by some of the newer members and I think this issue needs to be clarified.

    This thread is not meant to become a war zone, or a 'he said/she said' situation. And it wasn't posted for anyone to try and justify what they are doing. I am hoping that those of you reading this will consider the fact that people posting the HijackLogs are being told to remove their antivirus program or suite containing AV program without consideration as to whether it is updating and configured correctly, or whether it is a free program or a paid one-or what the system stability is before malware cleaning. This includes the Norton/Symantec suites, the McAfee programs and recently the Eset Security. It is NOT just AVG.

    Some of the newer members are emulating instructions they see and think to be the 'rule' or issued by a person of responsibility. I hope they are being reached.

    And please keep my suggestion within the context I state:
    Having a user uninstall the current antivirus program at the beginning of malware cleaning.
     
  14. Bobbye

    Bobbye Helper on the Fringe Topic Starter Posts: 16,335   +36

    This came up today in a thread I'm working on- I think it might be a part of the confusion about Step 1 in the Virus and Malware Cleaning.

    A fairly new member opened the HijackThis log and made this comment:

    That seemed like an observwtion. However, he went on to add:

    I read that to mean that the new member is instructing the member with the problem to remove the security programs he has and use the 'free ones' instead. ( Step 1 only says> "If you're NOT running any antivirus or firewall software, you should install one ASAP ( and goes on to list the programs.)

    Had he not gone on to list the security programs ("Whatver AV / AntiSpy / Antimalware and FIrewall you are currently using...) the point would be moot. But he did and it's wrong!

    SO, how about someone make this Step to read differently so that it is NOT open to so much misunderstanding!
     
  15. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    That member has been sent a PM (just now) on advising incorrectly. Thank-you

    I have amended the 8-Step removal post again. I quote:
    Red color added to text
     
  16. Bobbye

    Bobbye Helper on the Fringe Topic Starter Posts: 16,335   +36

    Thank you. That should help.

    There is still some concern with 2 of our newbies. One made if clear that he was told by you to pull AVG out immediately- even if was updating and functioning. I have been trying to remedy that.

    I do think I have made it clear for him though that AV programs or suites should not be pulled routinely.
     
  17. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Well that is out of context

    I stated that you can suggest to remove AVG and install the better free Avira

    By the way, I know this thread is all on principle and words
    But on a totally different subject! Are you suggesting that Avira is not better than AVG?
    You do also know that it was pulled from the 8-Step Guide by Blind Dragon, who agreed that AVG8 was awful under infection.

    In my view Avira is way more better than

    AVG8 (Definitely)
    Norton (goes without saying ;))
    McAfee (MS preferred Antivirus just doesn't cut it, in my view)
    Trend PC-Cillin (way slow and high on resource)


    You honestly don't believe that free Avira is better than the above (even if users have paid for others) ?

    I find that difficult to accept personally

    Edit:

    My free Avira is presently running at 1.3meg on its single process in TaskManager.
    I'd like to see others beat that. And it seems to detect more legitimate entries than all others. Proven by hundreds of user posts
    I am more than happy with it. And I definitely feel that others should try it. Excellent suggestion I believe
    .
     
  18. Bobbye

    Bobbye Helper on the Fringe Topic Starter Posts: 16,335   +36

    I hope I have clarified this in a PM. Please note: I have never stated AVG is better than Avira or any other AV program. My entire stand on this matter is WHEN AVG should be uninstalled and a new AV installed.
     
  19. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Tell me.

    Your standing on this was that users (members) should not be told to uninstall their paid for product

    AVG8 is free

    Why then would it matter if I said remove the free AVG8 (in PM to support members only, or on the forum) and install Avira?
    Note: This is only stated when a user seems to be infected all over the place, and has actually come to TechSpot for help.

    Plus AVG8 was removed from the guide

    So it would be right, to inform someone to install this better (in my and the 8-Step guide) view. And remove the poor AVG8 and install the better Avira.

    If your PM was in concern to a paid product, ok good point. But not AVG8, as this is free just like the excellent Avira.

    The relevancy of Avira over AVG8 is relevant to this thread. Brought up by you and me.
     
  20. Bobbye

    Bobbye Helper on the Fringe Topic Starter Posts: 16,335   +36

    Kim, you are the moderator and will have the last word on this. So this is my last word on this thread.

    No one who has an updated, functioning antivirus program should be told to uninstall it. A suggestion for a program that is known to have better coverage is acceptable.
     
  21. captaincranky

    captaincranky TechSpot Addict Posts: 11,702   +1,886

    Perhaps the malware forum members that have to decipher the logs and advise the OP should actually have the last word on this. I figure I am unable to read the logs so I don't get a vote!

    Everybody in the world should use Avira, except those that choose not to.
     
  22. Spyder_1386

    Spyder_1386 TS Rookie Posts: 498

    Hi all

    Here's my 2 cents worth on the matter ....

    The 8-step tool is part of TechSpot and is unique to this site as a support tool (correct me if I'm wrong in stating this) ....

    If a user makes a post stating that he/she has been infected and has an AV installed on his/her machine, that particular AV has obviously been bypassed and is therefore useless to the removal of the particular infection at that point in time (unless updating the AV's virus database cures the infection - most users have probably done this before posting and it has not worked - if it were as simple as updating the software, I don't think that we would receive nearly as many cases in the Virus and Malware section) .... again, please correct me if I have stated something that is incorrect.

    Now for my argument .... If we assume my statement above to be True, then updating the software has not assisted in the removal of the virus/malware/spyware (many a time, updating is not even possible due to the AV being corrupted by the infection itself). Now, at this stage, the user has made the post on our site .... the AV currently in use (paid for or not) has let the user down and in my opinion, should thus be completely removed for the duration of the removal process (8-step) as it is as good as any other AV at that instance (no matter the price tag), which includes our recommended products .... If the product has been paid for, it can be re-installed at no further cost once the cleaning has been done.. Am I wrong in saying that uninstalling the AV currently on the user's system cannot cause further damage (if instructed to install a recommended AV) during the cleaning process? If the removal of the bypassed AV would cause further damage to the system (which I doubt it could - unless infected further during the cleaning process - which should technically not happen), then removing it should not be recommended.

    Please note that the AV that has failed and allowed intrusion might well be one of the 2 recommended AVs on our 8-step tool (i.e. Avira or Avast) .... If this is the case, the user should be asked to completely remove the one installed and install the alternative (this method then rules out the possibility of a corrupt AV due to the infection) ....

    This is just my opinion and should be regarded as such .... I am in no way taking any sides in the matter nor am I leaning toward a particular AV. I am speaking as a member of TechSpot - a site which makes a recommendation - why not implement the recommendation for the duration of the cleaning process? This way we have a standardized and unique approach (which has been proven to work almost every single time with the aid of our expert members) ....

    Spyder_1386 :)
     
  23. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    You raise a good point and a different angle to this issue
    I will say that if under infection, sometimes uninstalling the current Antivirus may in turn stop Windows from loading again. I have experienced this issue with AVG and Norton here on TechSpot.

    To avoid the user having their infected computer not starting again after removal of their Antivirus software (that I agree has not helped them, whatever version they use) here are some uninstallers that could also be stated at the time (ie before restart)
    Please note: Avira does not have a uninstall tool, as the standard uninstall option from Add/Remove programs is all that is required ;)

    McAfee Removal Tool

    32Bit AVG8 Removal Tool (most users)
    64Bit AVG8 Removal Tool

    Trend Mico Removal

    F-Secure Internet Security Uninstall Tool - Here or try this one

    Norton Removal tool
     
  24. Bobbye

    Bobbye Helper on the Fringe Topic Starter Posts: 16,335   +36

    It's good this thread has evoked not only some 'opinions' but also the presence of assumptions that have been based on incorrect data:
    To spyder:
    ALL malware is NOT a virus, a Worm or a Trojan. An antivirus program is just what it's named: "antivirus"- not a spyware program, not an adware program. An antivirus program WILL tell a user they have malware if it is NOT a virus, a Worm or a Trojan, but it will NOT remove it. And extending that further: neither did it or is it capable of preventing spyware or adware.

    So we come to the other main malware category: spyware and adware. This malware is either prevented or found and fixed by a spyware/adware program, depending on what type of program it is. So if a user followed your assumption and carried it over to the spyware/adware malware, you would be saying that THESE programs 'have let them down'. Were would you start in removing these programs?

    So the next step after reviewing THIS data is that the helpers can NOT necessarily state to the user that his antivirus program hasn't worked. Whether it's AVG, Norton, McAfee, Avira, Avast or 'other,' the malware COULD be of the spyware/adware type-OR-it could be and frequently is a combination of the two.

    The assumption is being made that IF a user has AVG and IF the user has malware, that "AVG has let the user down and failed to do what it is suppose to do.

    NO spyder, that is not necessarily so. Until we examine ALL the logs, we cannot state the full source of the malware infection. So WHY throw out AVG, or any other AV program?! Please note that I have maintained all along that the program is updating and as far as the user knows, performing as it is meant to. IF it is NOT, then it takes it out of the 'updating and performing well and THAT is an entirely different matter.

    As for the last sentence regarding updating, common symptoms of malware is:
    1. Prevent updating of security programs.
    2. Prevent scans with security programs.
    3. Prevent the running of cleaning programs.

    This is NOT the failure of the security program. It is a characteristic of malware. You are fairly new here and have not had the chance to experience some of these characteristic.
     
  25. treetops

    treetops TS Evangelist Posts: 1,953   +162

    I am not a expert by any means but this is what I think.

    The recommendation is simply at the helpers discretion, whatever they feel is best for the op is what they should recommend. The only reason someone should mention whether or not there av is paid for is to inform members at what level of security they are running.

    I like the 8 step removal process, Iv seen many removal processes on many forums and as always techspot did not disappoint me.

    My own experience from using paid norton is that it is easily corrupted, system hog, hard to uninstall and misses many things upon scanning. That's my customer review on it.

    If anything 2 eyes are better then one, recommending a op uninstalls there current av and installs avira itself is giving them 2 scans from 2 unique scanners instead of one. Of course after they are done cleaning up they can choose to reinstall there old av and uninstall avira. It also gives them a chance to taste another product, some users have only tried 1 product.

    $$ should not be a issue only performance

    I like free avira and free avg, both have great interfaces\scanners as far as I can tell. I hate avasts interface but thats another good free av.

    Kimsland I agree avg is awful under infection, it also seems more succeptable to infection compared to avira. Avira is my pick.t
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...