Free Computer Consultant ………. Daily Insights

Many people have used a free antivirus program from Grisoft known as AVG Free.

For the most part it has been a decent free antivirus program, although not a complete internet security suite.

With version 7.5, Grisoft made the program harder to find. Now with version 8 they are adding a “feature” that kind of helps you but only by “phoning home”.

When you upgrade to AVG version 8, you have the option to install the AVG Security Toolbar which comes with Yahoo! search box (I have written about the default addin crap that previously trusted vendors were polluting our machines with in this post).

With the AVG Security Toolbar you get another “bonus” whether you want it or not - LinkScanner.

When you search, LinkScanner “phones home” to check the sites returned by the search, much like McAfee’s SiteAdvisor (the only offering from McAfee that I recommend) except that it leaves your IP address on Grisoft’s servers which could potentially identify you in conjunction with the search.

Virus Bulletin has stated that in the process of checking out a site, LinkScanner emulates actually going there!

You can turn off LinkScanner, and I recommend you do so. Double click the AVG icon in the system tray. Under Tools, Advanced settings you can choose LinkScanner and uncheck “Enable AVG Search-Shield”.

You will have to restart your browser, but then you should be good.

I have said for a long time that the biggest risk to your computer’s health is your own surfing behavior. Now an article at [Yahoo! link now dead] reports on findings by McAfee that, indeed, some domain “extensions” are more dangerous than others.

Of particular note are domains “.hk” (Hong Kong), “.cn” (China) and “.info” (information). Of the .hk sites 19.2% were found to be dangerous or potentially dangerous; 11.8 for .cn and 11.7 for .info.

As a comparison, just over 5% of “.com” domains were found to be hazardous.

Honorable mention for danger are, no surprise, “.ro” (Romania), with 6.8 percent, and “.ru” (Russia), with 6 percent of sites flagged as dangerous.

How about the safest sites? Here McAfee claims that “.gov” (government) at 0.05%, “.jp” (Japan), with 0.1% and “.au” (Australia) with 0.3% are the least risky domains by domain extension.

Pay attention to where you are going. And while I don’t particularly care for McAfee’s internet security software I do highly recommend that you download and use their free SiteAdvisor web surfing safety tool.

I wish I weren’t such a nice guy. A gal that works for one of my clients asked where she could take her laptop to for cleaning.

There wasn’t anyone I really felt comfortable recommending and I figured “how bad can it be?”

“Bring it to me”, I foolishly said.

It’s an IBM Thinkpad, which is good, with a Celeron processor, that’s bad.

Even though it has a Windows XP Pro license sticker on the bottom, XP Home is installed - Strike two.

And this thing is so polluted you can barely move the mouse pointer. There was no working antivirus software, although I finally found some program shortcuts for Norton 2003. No sign of the software though.

Internet Explorer is absolutely useless, well, more than usual. Unless you like infinite exploding popup windows. So after cleaning out the registry and everything else that was easy to find, I loaded BOClean antitrojan, antimalware and Firefox. BOClean has found only 1 item so far (and killed it).

Firefox runs, go to Google and do a search, no problem. Try to navigate to http://housecall.trendmicro.com and the program closes.

Using a USB flash drive I copied adaware 2007 (free version) and ran it twice. Found quite a bit and cleaned it. Now it refuses to run.

Using a USB flash drive I copied SysClean from another PC where I downloaded it. It gave me fits too, but finally I was able to make it run.

Also from a USB flash drive I copied the free antivirus from Comodo. It found nothing, although much had already been cleaned.

Searching for RootKits I used F-Secure’s Free (expires Oct 1st) BlackLight. It found nothing.

The persistent file I find, loading from the registry is PRX.exe in C:\Windows\System32. Googling it brought up nothing of any use.

I keep threatening to blast the whole thing, format the drive and reinstall Windows XP Pro from scratch but:

• I’m stubborn and see this as a challenge
• The owner says there is nothing she wants on the machine, but I’ve heard that before
• I can save C:\Windows\inf off to USB before I blast it, but I still fear the potential hassle of finding all of the drivers I will need for a laptop this old

Folks, surf wisely. Check out my User Behavior page on my website. Use SiteAdvisor. Run a competent antivirus program and BOClean for malware. Don’t open suspicious emails.

============

Update

============

• McAfee’s rootkit tool found nothing
• Trend Micro PC-Cillin would not install.. reported corrupt installation file. Installs fine on other, known clean, PC’s
• Navigating to Avast.com or AVG in Firefox caused the browser to immediately close
• Even if left unattended, at some point IE windows would open at a furious rate trying to go to www.llehs.com

Final resolution: Wipe Drive and Reinstall Windows XP.

I use Google quite a bit and I just realized that McAfee SiteAdvisor was not highlighting the search results with green, yellow, red or gray. A quick Google search didn’t help much either.

So I went to McAfee’s website and downloaded the plugin for Firefox again and voila, it works again.

I heavily rely on McAfee’s SiteAdvisor (free version) to help me stay away from bad sites. And that is the secret to keeping your computer clean of malware.

Check out McAfee SiteAdvisor here.