# Comodo/AVG Anti-Spyware, rootkits, and Avast



## Pog (Mar 26, 2007)

I have three questions:

1. In both the Comodo firewall and AVG Anti-Spyware among lists like ActiveX controls, startup items, and running processes they have these other lists like Network Monitor with all of these TCP/UDP etc. listings. The first three lists of course I'm familiar with and have tweaked when necessary, but since there is another list involving several other connections I'm assuming it's important enough to have to be tweaked, if necessary of course, and checked to see if things are the way they should be. How would I know if something is wrong in that list, like a connection that shouldn't be there? Is there anything that is to be checked and/or done in the network monitor or component manager to make sure their isn't any connection going to someone else's computer or if there are connections there that are vulnerable and unneeded?

2. Another involves rootkits. I'm very thorough when it comes to computer and internet security and since none of the major anti-virus or spyware programs have anything for rootkit detection, from what I could tell, I am wondering what is the best way to detect them? I have RootkitDetector but I really don't know at all how to tell what-is-what with the results. Is there any good guide out there about the detection and removal of rootkits?

3. I recently replaced AVG Free with Avast(at the suggestion of one of the HijackThis people) and I started running the scan but it was slow as molasses. Every other scanner I use whether on computer or internet is either half-way finished, close to finished, or entirely finished by the time it(Avast) is up to the 15,000'th file. 
NOTE: I'm not saying I run them all at the same time, I'm just comparing how slow it is compared to others I've run.


----------



## Kalim (Nov 24, 2006)

Pog said:


> How would I know if something is wrong in that list, like a connection that shouldn't be there? Is there anything that is to be checked and/or done in the network monitor or component manager to make sure their isn't any connection going to someone else's computer or if there are connections there that are vulnerable and unneeded?


Yes there is. They are the ports used for network access mainly;
TCP/IP enables two hosts to establish a connection and exchange streams of data and UDP/IP is a direct way to send and receive datagrams over an IP network - to/fro your computer. Here's a list of them and what is usually assigned to a port: http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

TCP Port 80 is the typical WWW aka Internet connection port. 

You can check TCP/UDP ports and their various accesses and uses by good/bad processes and services here: http://www.securitystats.com/tools/portsearch.php

Use *TCPView* (free), a simple small program used to enumerate all port process activities, connections and their states on your system. Very simple really and most of it is explained well on there. It captures real-time activity so you know what is going on by what and where.


> 2. Another involves rootkits. I'm very thorough when it comes to computer and internet security and since none of the major anti-virus or spyware programs have anything for rootkit detection, from what I could tell, I am wondering what is the best way to detect them?
> 
> I have RootkitDetector but I really don't know at all how to tell what-is-what with the results. Is there any good guide out there about the detection and removal of rootkits?


Rootkits can be a little more complex than the other threats, especially given as the whole system can be under someone else's control. There are however many ways to find out, as Rootkits are a famous ever growing and complex threat; one of the main forms used by hackers to exploit systems nowadays.

If you want to take a shot at it yourself, the simplest I know:

First comes..
http://www.techsupportforum.com/f174/pc-safety-and-security-what-do-i-need-115548.html
How to prevent Rootkits

Then..
How to detect Rootkits
http://www.techsupportforum.com/sec...54-users-self-help-malware-removal-guide.html
How to deal with Rootkits
Recovering from Rootkits


> 3. I recently replaced AVG Free with Avast(at the suggestion of one of the HijackThis people) and I started running the scan but it was slow as molasses. Every other scanner I use whether on computer or internet is either half-way finished, close to finished, or entirely finished by the time it(Avast) is up to the 15,000'th file.
> NOTE: I'm not saying I run them all at the same time, I'm just comparing how slow it is compared to others I've run.


Depends what setting is chosen. If you have scanning of all drives, large folders/files, system restore, archives, media, compressed and encrypted files then it will take its time, be sure of that. The more data you have the longer the time taken. Drive and processor speed obviously makes a difference too, as well as what else you're running in the background. 

Best practice is to boot into Safe Mode, disable network connections, close all the security software/processes that are not needed and run ONE security software at a time, like Avast!. Leave that running and go to bed. :laugh:

Let it take its time, 6 hours isn't unusual at all.

I've used Avast! on my personal setups ever since I heard of it and was recommended it by the ASAP community veterans. Its been the best I've witnessed out there in terms of "all round" stability and efficiency. Even AVG and McAfee posed so many problems and hassles, though they are equally as effective. To each his own. :wink:


----------

