Kaspersky Recommendation Over Norton Antivirus

Once upon a time, Norton Anti-virus reigned supreme in the anti-virus world. Fast, easy to install, small footprint. Unfortunately, that was in the year 2000.

Since then Norton has become the exact opposite of all that. Now it’s slow, often difficult to install — and especially uninstall — without side effects, and the program has far surpassed the level of bloatware.

To top it all off, Norton appears to miss a LOT of viruses and is very slow to update. Poor Peter Norton’s legacy has befallen the bureacracy of large scale companies.

Personally, I am recommending a couple of other alternatives to Norton.

For free antivirus software the last holdout seems to be avast. http://www.avast.com. It catches a reasonable amount of viruses, updates fairly often, has a relatively small footprint, and the price is right.

For paid antivirus I feel Kaspersky is now king of the hill. It consistently ranks high in the best antivirus detection as well as update speed tests.

Now if you currently have Norton (or McAfee for that matter) I would continue to use it as long as you’re happy with the results. However, if you find that your computer is running particulary slow when you check your Outlook email or if you are still getting a fair share of viruses on your system, then consider switching over to Kaspersky http://www.kaspersky.com once your current subscription expires.

Free Avast Instead Of Not-So-Free AVG

After many years of using and recommending the great free AVG antivirus software, Grisoft has finally decided not to make it free anymore. *sob* It’s still a great antivirus program — much better than Norton or McAfee, the one time leaders in the antivirus market.

Smaller, faster programs have emerged such as AVG, Nod32, Kaspersky. If you’re willing to spend a few dollars on antivirus software, those are all excellent choices.

As far as the free antivirus market goes, Avast now seems to be the last holdout. I’ve started using it a few months ago and it seems pretty good, although the interface is a little less than intuitive. For example, it wasn’t obvious to me how to scan a whole drive. (Right-click on the Avast icon to get all the goodies.)

Despite the slightly quirky interface, Avast antivirus is an excellent — and perhaps only — free choice.

Try it here: http://www.avast.com/eng/avast_4_home.html


Update: AVG appears to be free again! http://www.free.grisoft.com

While you’re at it, you can also download their free anti-spyware as well. Works as a full version for 30 days before downgrading itself to a minimal — albeit free — version.

How To Remove Notifyalert.exe Dell Support

I decided to remove the Notifyalert.exe program from a Dell PC which appeared to be slowing it down. The program is part of the Dell Support program that you can normally remove under Add / Remove Programs. Apparently this only works for version 3. If you have version 2 of Dell Support then the Add / Remove programs function can fail.

If you have version 2 of the Dell Support program, you need to reinstall the program and then remove it. Go to http://support.dell.com/ and do a search on “uninstall dell support” which will give you a link to the uninstall program.

Slow Booting Problem Due To 85.255.116.67 and 85.255.112.71

Interesting slow booting problem found on a network. This is a good check for whenever you have a slow starting PC.

I noticed on a 10 PC network that one PC was particularly slow to boot. I checked the ethernet wiring from the PC to the switch with a cable tester and it all looked OK.

I then decided to check the ethernet card, thinking it might be damaged. I checked the TCP/IP properties and noticed that it had DNS server values of 85.255.116.67 and 85.255.112.71. Very unusual since this network was supposed to obtain the DNS server addresses automatically.

I did a quick Google search on the servers IPs and it looks like they are related to some Trojan. After removing the hard coded DNS server addresses the system boots up quickly now.

Cybertech Bulletin Links

http://www.us-cert.gov/cas/techalerts/ – This is the US Department of Homeland Security’s cyber defense site. Good to see the latest cyber tech alerts.

http://sunbeltblog.blogspot.com/ – Another good site that posts the latest computer vulnerabilities and exploits.

http://explabs.blogspot.com/ – Exploit Prevention Labs has some good information on the latest exploits and how they are being used.

Inline Autocomplete Page Slow To Load Without HTTP

Here’s an unusual problem that took a while to resolve, mostly because it was hard to find just the right Google search terms to look up the solution.

The problem is that in the IE browser, typing in just www.[somedomain].com would not autofill the http:// prefix.  The browser would just stall and not load the page.

I did a lot of searching for phrases like “http not autofilling” and “page slow to load without http.”  I finally stumbled on the correct nomenclature.  This autofill feature is actually called “inline autocomplete.” 

Most  of the suggestions said to make sure that under Tools > Internet Options > Autocomplete the Use Inline Autocomplete boxed was checked.  That did not solve my problem.

What finally did the trick was an obscure posting that said to do this: 

Verify the following entries are correct in the Registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\URL\DefaultPr­efix]
@=”http://”

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\URL\Prefixes]
“ftp”=”ftp://”
“gopher”=”gopher://”
“home”=”http://”
“mosaic”=”http://”
“www”=”http://”

Once I added the @=”http://” entry all is working OK.

Phishing – Order Confirmation number: WC2905036

I recently received a phishing email loosely disguised as an order confirmation that attempted to install the Backdoor.Win32.Haxdoor.ga virus.

It was pretty obvious that it WASN’T a legitimate email since the EXE was inside a ZIP file attachment. Very unlikely that any company would send an order confirmation inside a ZIP file let alone it being an executable program!

The gory details can be found here: Phishing – Order Confirmation number: WC2905036

You can read more about these types of phishing and spam emails at http://www.spamandphish.com.

Removing yyy65.html

For yyy65.html and other yyy-type popups, you can use the l2mfix program found at these locations:

http://www.downloads.subratam.org/l2mfix.exe
http://www.atribune.org/downloads/l2mfix.exe

Download the zip file and unzip it to your desktop. This will create an l2mfix folder.

From within the folder run the l2mfix.bat file.

Select option #1 for Run Find Log.

Select option #2 for Run Fix. It will reboot your computer and then run the fix on reboot. On some systems the scanning passes may take a while so be patient.

After it is done it will open up notepad with a trace log.

I usually run ewido and a virus checker like AVG after that, just for good measure.