PeteCresswell wrote:

> So... what to Those Who Know do?   Multiple programs, stick with one and
> live with the compromises?..... if Plan B, which one?
> 
> Once I have a "Good" image to fall back to, I'm not all that worried
> about day-today protection:  keep Avast up-to-date, and roll with
> it....re-image if the unexpected happens.   I was just surprised that
> BitDefender and MalwareBytes found stuff on my supposedly-pristine
> "Good" image...  But now I've got it cleaned up and a copy squirreled
> away offline.
> 
> But I've got a family member bringing their PC up here on Wednesday -
> one which obviously has problems and which I could not troubleshoot via
> TeamViewer.
> 
> Based on past experience - and the fact that they let their Avast
> subscription expire some unknown number of weeks (months?) ago, I am
> expecting it to be heaving mass of malware.
> 
> For these guys, the "Good Image" strategy is pretty much hopeless: they
> spew their data all over the System drive and a re-image is going to
> hurt them.
> 
> Since BitDefender returned so many more hits (65+ vs 7) on my laptop,
> I'm thinking that if I apply only one, BitDefender will be it.

You make no mention if you are talking about the free or paid version of
BitDefender.  The free version was designed for boobs who, in their
opinion, cannot understand what is being reported to them or too lazy to
research the item they report as potentially bad.  As such, and without
prompts, BitDefender Free will quarantine any file it thinks is bad.
That means an app suddenly stops loading or misbehaves, or even the OS
may have troubles.  No prompt means you don't get to choose what
BitDefender does with cookies, registry entries, files for good apps or
the OS, or with PUPs.  If BitDefender Free were not so rude in covertly
quarantining files then I might switch away from Avast Free.  

Note that AV comparisons will show BitDefender as excelling at pest
protection but they are always testing the paid version, not the free
version.  I have to find a site that compares ONLY the *free* versions
of AV software.

Do you use SpywareBlaster?  The free (and paid versions) work to thwart
some nastyware by adding kill entries in the registry.  They are class
IDs for the nastyware.  If the nastyware uses the registry to register
itself (to find its files rather than relying on a local folder search
or using the PATH environment variable) then the SpywareBlaster kill
entries tell Windows not to allow that component to load into memory
(which prevents it from runnin).  I've seen several anti-virus software
see those kill entries for nastyware and report them as an infection.
They don't bother to look at the *value* assigned to those CLSIDs to see
the nastyware is being disabled.  They only see the nastyware's entries
in the registry.

MalwareBytes also reports PUPs as malware unless you configure it to
skip those.  Again, we have no idea what was reported and you removed it
so you can't see what was claimed to be malware (unless there are logs
you can look at to see what actions the anti-malware program committed).
--- NewsGate v1.0 gamma 2