How To Use HiJackThis to find Malware infection Part One

How To Use HiJackThis to find Malware infection Part One

HijackThis – Trend Micro USA (Genuine Freeware) [wrkx w/ Netbooks]
Trend Micro HijackThis is a free utility that generates an in depth report of registry and file settings from your computer.
http://free.antivirus.com/hijackthis/
http://en.wikipedia.org/wiki/Hijackthis
http://sourceforge.net/projects/hjt/
HiJackThis UPDATED:
Trend Micro Releases HijackThis Source Code to sourceforge.net
MarketWatch (press release)
http://www.marketwatch.com/story/trend-micro-releases-hijackthis-source-code-to-sourceforgenet-2012-02-17

RUNNING A HJT LOG ANALYSIS PART ONE

There is always this need to review this magic utility – how to use it responsibly and SAFELY.

( FYI…. (for your information) The niks [nick names] are “HJT” and “HJT Log Help” and “HJT Log Analysis” – HiJackThis Log help – you may see around at forums etc. )

If you have never performed a HiJackThis Analysis, they are a simple quick look at start up items which may reveal malware installed that is starting up with the computer system and other softwares installed, and set to run every start up. An HJT Log may show a resident threat in some areas. It can reveal malware toolbars installed and possibly other threats misusing an Active X item. HJT generates a sort of system read out snapshot in a text log file that can be examined in depth.

HiJack This was NEVER designed to be a malware remover. It is NOT to be used as one or as a substitute for one. It is always mentioned to the average user to NEVER make changes to the computer with HiJackThis, but rather go to an Advanced User or Professional help online or elsewhere as a friend in the know and savvy at malware removal help. Mistaken use may cause damage to the system and/or other softwares rendering them inoperable.

IF YOU WERE TO CHOOSE “FIX THIS” ….. UH-OHH

If you clicked “Fix This” on any valid process or software – it may delete or corrupt that part of the Windows OS (operating system) or other softwares – now rendering them inoperable. NEVER click “Fix This” unless you are an Advanced User or Professional or have been directed to do so by one.

This may delete the executable file and possibly a “run” registry key, etc.

It can not delete/uninstall malware payload files and registry key entries – the FULL threat – and these left overs can be re-used by malware and potentially hide from antimalware products now. They may also, being orphaned (executable deleted, payload remnant = orphans), being orphaned may be used by a rootkit to hide from detection as an inert file not deemed as a threat during antimalware scans. At best, quality antimalware products may detect these possibly – possibly – as variants and quantine / remove these during a scan. Proabaly not.
 
In cases of in the wild threats or other severe threats rifling and hijacking control of the PC, their executable showing up in the scan/log HJT Log —- to regain control of the computer for the User it may possibly be used to delete the start up entry – the executable generally – “malware.exe” fantasy example. If it is a known malware threat (s) – their payload installation files can be found in full from online malware databases. Having regained control of the computer by deleting the executable from start up, the rest of the payload can now be manually removed. In cases of in’the-wild threats’ – the executable deleted can give control back of the PC, and a follow up to delete the entire installation manually will have to be performed when the payload is known and posted publicly. It should be cautioned to the user in this state to either not use the PC or just very sparingly as instability may occur or further infection activity.

That/this is all because generally the user has no Emergency Repair CD to reinstall Windows and needs the hail mary scenario to save their Computer from the trash – purchased by their hard earned sawbucks and as not being able to replace in the near future – stuck without a PC. It may be used in cases just to regain control of the PC to be able to access private files one wishes to back up – make a copy of – before reinstalling the system to Factory Fresh – wiping the entire disk first, another hail mary to save important files or documents, pictures, movies, etc. If the User is aware of that, proceed with that understanding.

Bottom line….. If you irresponsibly use, or give instructions to irresponsibly use, HJT – ignoring example hazards and damge warnings above – you may find it all come back on you by some smear blitz over the internet about “so and so destroyed my computer that creep ! ” to say the least. If you are a professional or company, you may be sued for damages for gross negligence and deceptive practices and destruction of computer equipment. That would have to be defined by Lawyers and the Court.

PART TWO WILL SHOW THE ACTUAL ANALYSIS. >>>
Click > Do System Scan and Create Log File

Webmaster:

BlueCollarPC.US

Malware Removal / Amateur Forensics

HOME http://bluecollarpc.us/

Alternate https://sites.google.com/site/pcsecurityhelper/

HELP http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/

Membership/Join List:

Subscribe: BlueCollarPCSecurity-subscribe@yahoogroups.com

Free Malware Removal Help / A Community Website Since 2005

Typical Question – How did I get infected with trojan and virus

Typical Question – How did I get infected with trojan and virus…

http://answers.yahoo.com/question/index?qid=20110923202712AAmHzZF

(I am antibotnet Yahoo ID as webmaster www.bluecollarpc.us)

It

may help a little with orientation with the behavior of malware. A trojan takes control and wants to do something and will rifle actions to get it done. A crash may occur because it is not normal expected behavior of the healthy system as is giving control command in an underhanded way as brute force. Trojans have evolved greatly and they have security software disabling trojans which disable free products and some shareware products as well. There are now Downloader Trojans that install more and more malware as the rootkit usually does. There are backdoor trojans that affect connectivity and control vital areas.

The crash you mention probably did occur from the trojan infection and spyware does this too as opposed to a computer virus or worm. AVG did indicate a trojan infection found.

Viruses take over files to spread themselves. Some are specifically created to destroy computer files, systems, or drive itself. Newer ones have been crafted to steal passwords.

Your problem seems to be you are using the free AVG version which will NOT protect the computer because Real Time Protection is only activated in paid subscription antivirus and antispware products. If you had AVG paid antivirus – it would have blocked the trojan infection from occurring. NOTE today there are many newer and sophisticated trojans that simple antivirus no longer detects all. Antispyware will detect many of these and particularly ones used in spyware installations.

These can happen anywhere on the world wide web at any infected website whether hacked or intentionally a malicious content website. This is called a “drive by infection” meaning the unprotected computer will get infected just by visiting a bad website. This can include and is not limited to virus, trojan, spyware, and botnet infections. You MUST have Real Time Protection activated or there is NO protection.

The free home version scanners are called stand alone on demand scanning as “reactive” protection. Paid subscription security softwares have all this plus the “proactive” Real Time Protection processes (heuristics) that block all infections from occurring in the first place. All that gets past this is generally embedded malware in some software download that can be found by scanning the package FIRST before clicking to install OR will detect it trying to execute when the installer package is double clicked to execute the installation.

Threatfire is great as just the Real Time Protection processes protection themselves for both ativirus and antispwyare catagory threats. You can add that and scan regularly with AVG free. http://www.threatfire.com/
You forgot antispware with Real Time Protection – get free from Microsoft, Windows Defender to add to this package….. http://www.microsoft.com/athome/security/spyware/software/default.mspx

There are only two or three known antivirus and antispwyare programs in the world that have offered free Real Time Protection products, and fortunately they are far from dog programs. They have won several prestigious awards that the big companies have such as the VB100 Award and West Coast Certification to name a couple. I would pick one and install it immediately and keep AVG off to the side as a secondary stand alone scanner.

Microsoft Security Essentials
http://www.microsoft.com/security_essentials/

Comodo Free Anti Virus
http://antivirus.comodo.com/

ALSO
Spyware Terminator
(Antispyware and antivirus. Real time protection added ! )
http://www.spywareterminator.com/
* Fast spyware scanning
* 100% real-time protection
* HIPS protection
* Antivirus protection
* Multilanguage Support

Source(s):

http://bluecollarpc.us/Threats_FAQs.html

BSoD Blue Screen Of Death Helpers

BSoD Blue Screen Of Death Helpers

A typical event and answer….
http://answers.yahoo.com/question/index?qid=20110923213652AA4NDOF

QUOTED

….. (I am antibotnet yahoo id)

It would help everything if you noticed any name of anything and go to BleepingComputer.com. I hear you and understand you understand that you knew better than to keep using the computer without taking the few minutes to create an Emergency CD Repair disk to reinstall Windows to factory fresh after wiping the disk (erase all on it). Generally with the BSoD (Blue Screen Of Death) means you have to reinstall Windows unless you are really savvy with security.

You could try accessing the Windows Registry to delete malware entries manually. Fish through system32 and unknown program installations. HiJackFree can help with these things even though you may not yet be that advanced http://www.hijackfree.com/en/ …..We are talking start up processes items (executables and others) unfamiliar and autorun entries (if worm involved) Active X items as unknowns…. HiJackFree can help simply as it lists all these – what is actually loaded and running in your pc – in each section when you install it and use it anytime.

TRY USB DRIVE PORTABLE ANTIMALWARES…. You will need a USB Drive (sometimes called a thumb drive) and these look just like a USB Media stick but make SURE it is a DRIVE to operate these. They will NOT work on a USB Media stick (same price). About 12 to 22 USD (US Dollars) depending on size. A 2Gigabyte size is plenty of room for these and usually the smallest ones and they sell up to 8 gigs and higher. (These also store files like the usb media stick).

Emsisoft Emergency Kit Scanner (best detections)
http://www.emsisoft.com/en/software/eek/
The Emsisoft Emergency Kit contains a collection of programs that can be used without a software installation to scan and clean infected computers for malware.

ClamWin Portable (Antivirus, more) [FREE]
http://portableapps.com/apps/utilities/clamwin_portable
Antivirus to go…. ClamWin Portable is the popular ClamWin antivirus packaged as a portable app, so you can take your antivirus with you to scan files on the go. You can place it on your USB flash drive, iPod, portable hard drive or a CD and use it on any computer, without leaving any personal information behind.
NEWS: ClamWin Portable 0.97.1 (anti-virus) Released | PortableApps.com …
ClamWin Portable 0.97.1 (anti-virus) Released. Submitted by John T. Haller on June 17, 2011 – 7:46pm. logo ClamWin Portable 0.97.1 has been released. …
http://portableapps.com/news/2011-06-17_-_clamwin_portable_0.97.1_released

Microsoft

Standalone System Sweeper (Beta) [FREE]
http://connect.microsoft.com/systemsweeper
Note “beta” means it is actually still a test version with ability of feedbacks from the community for any bugs found they need to correct. It then is released as normal “alpha” version.
NEWS:
Microsoft ships free malware cleaner that boots from CD or USB
ZDNet (blog)
June 1, 2011, 10:15am PDT In a move aimed at cutting down on support call costs, Microsoft has released a malware recovery tool that boots from a CD or USB stick. Ryan Naraine is a journalist and social media enthusiast specializing …
http://www.zdnet.com/blog/security/microsoft-ships-free-malware-cleaner-that-boots-from-cd-or-usb/8712

SUPERAntiSpyware

Portable Scanner (Antispyware) [FREE]
http://www.superantispyware.com/portablescanner.html
Follow the instructions below to download the SUPERAntiSpyware Portable Scanner. The scanner features our complete scanning and removal engine and will detect AND remove over 1,000,000 spyware/malware infections. The scanner does NOT install anything on your Start Menu or Program Files and does NOT need to be uninstalled. The scanner contains the latest definitions so you DO NOT need Internet Access on the infected system to scan.

Source(s):

http://bluecollarpc.us/Help_Center.html
http://portableapps.com/

What is Active X ? Active X Revisited

What is Active X – Revisited

One of the greatest misconceptions about Active X is that many novice computer operators (newbies) think it is malware. That’s a shame because it is and was a wonderful invention for the Windows Operating System and is registered and copyrighted and trademarked with a history – that whole nine yards….

HISTORY OF “OWNERSHIP”: http://en.wikipedia.org/wiki/ActiveX
SEE (Information)
http://www.active-x.com/articles/whatis.htm
http://support.microsoft.com/kb/912945

What it does is acts like a strong man in the operation, navigation, and on websites to deliver content – and when. There is like frames as well and much else in websites as example, and all in the blink of an eye unless on dial up which you can see loading and displaying many times. When you Go To some website and it is loading in the browser to display – as it is displaying all parts of the webpage instantly almost – there are various parts of like sidebar items, if you will, and that is kind of what is delivered by an Active X employed as to streamline the load and display of a webpage – like text first, graphics next, and extras later. All in the blink of an eye. Active X, unlike a Java Script like a familiar drop down menu that may be on a webpage, will deliver some sidebar type content on the page and structured to do so. Generally this is on commercial paid-for website design pages. Generally you will never see any Active X employed on a Personal Website.

Now, where the rumours and fears and alarms go – these are based on real events and that is malware trojans and malware toolbars that virtually all MISUSE an Active X or even reverse engineered (pirated, decompiled, unlawful re-coded/programmed), customised.

I like to brag a little being in Windows Computer Security and webmaster of the BlueCollarPC originally at .net now at .US and since 2005 because there are so many deviants from profession sloughing the public for big bucks and especially like Forums hosing for a buck at donate forums and may include links to Forum Administrator and Forum Moderator owned PC Repair Shops that have no clue to Active X that there are actually FIVE DIFFERENT Active X applications – and worse – virtually all in IT Security don’t even know that.

You wonder why data breaches of all our citizen’s private records are happening in the millions upon millions ? That’s why. Too many persons in Computer
Security are full of it. I have been to many Donate Forums in malware removal in their “boot camps” (Train to be one of their official privileged designated forum helpers) and would not dare put my hand, name, or internet reputation to theirs as finding out what they employ as “malware removal help” to Users computers. So, again, I am not talking through my hat making stuff up. I would guesstimate at least 85 percent of all malware help available on the web can not pass “Compliance” in IT Security though many say they do and are “Microsoft MVPs” ! BUYER BEWARE ! This is only ONE thing they have no clue to. Why important ? Because of the vast hundreds of thousands of spyware packages that misuse Active X in many ways including the even transparent displayed ‘Downloaded Program Files’ (C\Windows/Downloaded Program Files) Active X items. I know my XP and Vista machines like the back of my hand ! Do they ? Obviously not !

You can take this to the bank and who told you…..

There are actually FIVE, count them five, Active X items ….

1) Active X
2) Active X Object
3) Active X Helper Object
4) Active X Control 
5) Active X Control Object

Inevitably, they enter a registry key in the Windows Registry HERE :
HKEY_CLASSES_ROOT

Now in Internet Explorer settings, you can set the browser to ask Permission for each time any Active X item on a webpage is detected – clicking OK allows the Active X item to control and deliver the designated content. This is a good way to become familiar and actually see how many normal websites you visit employ Active X in their website designs. Probably just over half or more do – commercial sites like News, Media, shopping sites, etc.

The free Mozilla Firefox was the rave by UNINFORMED people who claimed it was safer than Internet Explorer and was based on the notion that Firefox does not allow any Active X to run on any site visited. The ensuing cross-infections and Java exploits as password stealing viruses through Firefox for one put a stop to their wildfire spreading of dis-information of computing security. They costed enough people a pretty penney no doubt in ID Theft type activites by cyber crime. Internet Explorer is still the safest browser in the world and has been far ahead in security technologies as anti-phisher, Protected Mode, various secure site additions and so on (list extensive).

Promoting TRUE Computing Security knowledge and practices has always been the history of our BlueCollarPC websites – the original .Net and alternate .Org and finally currently to www.BlueCollarPC.US for the new decade. (The other two were left expire – I no longer own them since about 2009) . I do intimate I have been offered three different prestigious Posistions since 2005, but alas am a 100 percent disabled individual donating what time I can when able to and had to unfortunately decline as health does not permit.

 

Lavasoft Ad-Aware back in the News

Lavasoft Ad-Aware back in the News….

Lavasoft Ad-Aware was one of the pioneers in antispyware defense program software applications. I remember it well and was one of the ‘first loves’ way back in the beginning of the Windows XP years. Originally it was obviously among the top defenders. Graciously they offered a free home version to the public along with gaining more defenses by purchasing the full version. Along the way, the industry leaders kind of left it in the dust – among some Trend Micro Antispyware,  Spysweeper, CounterSpy, to name the few. Surprisingly, they are back in the news but I rely on independent labs results rather than ‘newbie hype’ or perhaps tainted news editors departments ‘test results’. ….for what it is worth…

ARTICLE: Lavasoft’s Ad-Aware Awarded PC Magazine Editors’ Choice

Zawya (press release)

Respected PC Magazine lead security analyst Neil Rubenking, who recently reviewed both versions of Ad-Aware said, “This latest Ad-Aware remains very effective at keeping malware out of a clean system and adds new technology that improves its ability to …

http://www.zawya.com/story.cfm/sidZAWYA20110327064724

___Next they will have to catch up to “Cloud Computing” products as industry leaders Trend Micro and Webroot have innovated…. I have a short blog blast here on that subject…

Desktop/Laptop Cloud Computing – new “super antivirus” for the New Decade

March 8, 2011 — bluecollarpc

https://bluecollarpcwebs.wordpress.com/2011/03/08/desktoplaptop-cloud-computing-new-super-antivirus-for-the-new-decade/

ALWAYS OBSERVE BAD PRODUCTS LISTS

Title: The Spyware Warrior List of Rogue/Suspect Anti-Spyware Products & Web Sites

Description: Bad, False, Fake products

URL: http://www.spywarewarrior.com/rogue_anti-spyware.htm

LavaSoft — The Rogue Gallery

http://www.lavasoft.com/mylavasoft/rogues/latest

The Rogue Gallery, powered by the Malware Labs at Lavasoft, is a resource dedicated to keeping computer users safe from rogue security software. By providing a comprehensive database of current rogue security applications, you have the ability to clearly see what programs are considered rogue – and avoid them.

Partial list of rogue security software

http://en.wikipedia.org/wiki/Rogue_security_software

Scareware / From Wikipedia, the free encyclopedia

http://en.wikipedia.org/wiki/Scareware

Rogue security software / From Wikipedia, the free encyclopedia

http://en.wikipedia.org/wiki/Rogue_software

For reference I am webmaster http://BlueCollarPC.US/  (Windows – Community Help malware removal/info)

Since 2005

Rogue Gallery Helps IDentify Scam Software

Rogue Gallery Helps IDentify Scam Software

If you’re trying to figure out whether that “MalwareDefender2009″ program is a legit app or a scam, a new listing of the known scams can help. …..
http://www.networkworld.com/news/2009/120109-rogue-gallery-helps-id-scam.html?source=NWWNLE_nlt_security_2009-12-02

SEE

LavaSoft (makers of Ad-Aware, more)
The Rogue Gallery
The Rogue Gallery, powered by the Malware Labs at Lavasoft, is a resource
dedicated to keeping computer users safe from rogue security software. By
providing a comprehensive database of current rogue security applications, you have the ability to clearly see what programs are considered rogue – and avoid them. Navigate the Rogue Gallery by displaying the latest threats or by searching for specific programs, listed in alphabetical order. Use the “Submit a Rogue” link to quickly and easily send any suspicious programs directly to Malware Labs to be analyzed.
http://www.lavasoft.com/mylavasoft/rogues/latest

SEE
Title: The Spyware Warrior List of Rogue/Suspect Anti-Spyware Products & Web Sites 
Description: Bad, False, Fake products 
URL:  http://www.spywarewarrior.com/rogue_anti-spyware.htm 
About This Page – Please Read:
Those who have followed the development of this page since 2004 will have noted that the list of “rogue/suspect” anti-spyware products has not been updated since May 2007. Unfortunately, other time commitments have precluded our efforts to keep that list up to date. Since the last update dozens of “new” rogue anti-spyware programs have hit the ‘Net. The vast majority of them, however, are not really new, but are simply re-branded clones and knockoffs of the same rogue applications that have been around from years. In most cases, they are being pushed through the same deceptive practices by the same parties responsible for earlier versions. See in particular these “families” of anti-spyware products, which continue to live on through shameless re-branding: 15, 18, 19, 21, 22, & 23. 
If you are looking for information on the most recent rogue anti-spyware applications, we recomend visiting these sites:

BleepingComputer.com: Spyware & Malware Removal Guides
MalwareBytes: Newest Rogue Threats
MalwareBytes Blog
Bharath’s Security Blog
VitalSecurity.org
Sunbelt Blog

TO FIGHT FAKE ROUGE PRODUCTS YOU ARE GOING TO HAVE TO BECOME FAMILIAR WITH AGE OLD TRUSTED PUBLICATIONS SUCH AS ARSTECHNICA.COM AND PCWORLD.COM AND CNET.COM AND ON AND ON….. FAMILIAR AND POPULAR DESTINATIONS ON THE WORLD WEB THAT ARE WELL ESTABLISHED AND WELL KNOWN AND HAVE WRITE UPS ABOUT REAL PRODUCTS.

I HAVE JUST SEEN A FAKE PRODUCT VARIANT OF MALWARE VIRUSBURST SITE THAT LOOKS LIKE A REAL ANTIVIRUS PRODUCT WEBSITE WITH SEARCH ENGINE RESULTS CLAIMING IT JUST WAN ITS 4TH VB100 AWARD !!!! 

FBI Releases Warning about Scareware (US-CERT) http://www.us-cert.gov/current/index.html#fbi_releases_warning_about_scareware
KNOW AND ASK ABOUT AGE OLD KNOWN PUBLICATION WEBSITES FOR CROSS REFERENCES OF PRODUCTS – BELOW ARTICLE SHOWS 16 TOP PRODUCT NAMES THAT YOU NOW KNOW ARE NOT ROGUE FAKE ANTIVIRUS PRODUCTS. IT HAS TURNED INTO A NIGHTMARE CURRENTLY !!! BELOW ARE YOUR TOP WORLD PRODUCTS – SHAREWARE ……PRELIMINARY LIST WILL ADD MORE / JAN 2010

Rating the best anti-malware solutions
http://arstechnica.com/security/news/2009/12/av-comparatives-picks-eight-antipua-winners.ars

Here are the results of this particular test:

1.G DATA Antivirus 2010: 99.8 percent
2.Trustport Antivirus 2010: 99.8 percent
3.AVIRA AntiVir Premium 9.0: 98.9 percent
4.McAfee VirusScan Plus 2010: 98.9 percent
5.BitDefender Antivirus 2010: 98.6 percent
6.eScan AntiVirus 10.0: 98.6 percent
7.F-Secure Anti-Virus 2010: 98.6 percent
8.Symantec Norton Antivirus 2010: 98.6 percent
9.Kaspersky Anti-Virus 2010: 96.7 percent
10.ESET NOD32 Antivirus 4.0: 96.5 percent
11.avast! Free 5.0: 96.3 percent
12.Sophos Antivirus 9.0.1: 95.4 percent
13.Microsoft Security Essentials 1.0: 94.6 percent
14.AVG Anti-Virus 9.0: 93.9 percent
15.Norman Antivirus & Anti-Spyware 7.30: 88.5 percent
16.Kingsoft AntiVirus 9 Plus: 87.1 percent

VB100 Award = Perfect scores ! (Top AntiVirus World Prize)
http://www.virusbtn.com/vb100/index
http://en.wikipedia.org/wiki/Virus_Bulletin
About the Virus Bulletin 100% award
The Virus Bulletin 100% awards recognise those products best able to detect viruses known to be ‘in the wild’. Unlike some other similar-sounding schemes, Virus Bulletin uses the most up-to-date WildList in its tests. This means that products that are ‘up with the game’ are the ones most likely to be granted VB100 awards. More information about Virus Bulletin can be found on its website: www.virusbtn.com.

ESET NOD32 Currently 59 VB100 awards !
http://www.eset.com/
http://en.wikipedia.org/wiki/ESET_NOD32
This brings the ESET Antivirus VB100 award total to 59 – still
the highest of any antivirus vendor!
December 2009 – ESET antivirus scoops 59th VB100 Award
http://www.betterantivirus.com/nod32-and-virus-news/archives/1456-December-2009-ESET-antivirus-scoops-59th-VB100-Award.html

Sophos Antivirus (UK)
http://www.sophos.com/
http://en.wikipedia.org/wiki/Sophos
Sophos’s anti-virus engine and identities are now packaged into
Webroot Spy Sweeper with Anti-Virus (Webroot Spysweeper one of world’s best)
http://www.webroot.com/
Sophos wins VB100 on Windows XP
http://www.sophos.com/pressoffice/news/articles/2009/04/vb100.html
…..the 46th VB100 that Sophos has received !
(Note, Sophos is a corporate business application only available to Home Desktop in the new “marriage” combo suite created recently with industry leader Webroot Spysweeper.)

F-Secure
http://www.f-secure.com/
F-Secure Awards – Award-Winning Antivirus and Protection Products
http://www.f-secure.com/en_US/about-us/awards-reviews/2009/

Advanced +++ in AV-Comparatives Performance test
Dec 23, 2009
Anti-virus (Award)
F-Secure Internet Security 2010 receives VB100 award in the latest Virus Bulletin comparative review.
http://www.f-secure.com/en_US/products/home-office/internet-security/
VB100 award
Dec 01, 2009
Internet Security (Award)

Kaspersky (Russia)
http://www.kaspersky.com/
Kaspersky Lab’s antivirus solutions win prestigious VB100 award in testing on Windows 7 platform
http://www.kaspersky.com/news?id=207575987
One of the most popular anti-virus solutions among computer users, Kaspersky Anti-Virus 2009, won a VB100 award from Virus Bulletin on Windows Vista Business Edition.

Avast
http://www.avast.com/
http://www.avast.com/eng/awards.html

PC Tools Spyware Doctor with AntiVirus (PC Tools Spyware Doctor one of world’s best)
http://www.pctools.com/consumer/products/
PC Tools receives prestigious Virus Bulletin VB100 awards
for Spyware Doctor and PC Tools AntiVirus
http://www.pctools.com/news/view/id/177/

Avira
http://www.avira.com/
http://www.avira.com/en/company_news/avira_receives_again_vb_100_award_on_windows_xp.html
Desktop Products
 Avira AntiVir Premium
 Avira Premium Security Suite
 Avira AntiVir Professional

CounterSpy (antispyware) with Vipre Antivirus (CounterSpy one of world’s best)
http://www.sunbeltsoftware.com/
VIPRE® Antivirus + Antispyware from Sunbelt Software Wins VB100 Award for Malware Detection on Windows 7 Platform
http://www.sunbeltsoftware.com/Press/Releases/?id=322
http://www.counterspy.com/

Kingsoft Internet Security
http://www.binarynow.com/
Kingsoft Internet Security 2009 obtains VB100 award from Virus Bulletin for April 2009
http://www.binarynow.com/internet-security/kingsoft-internet-security-2009-obtains-vb100-award-from-virus-bulletin-for-april-2009/
Kingsoft Internet Security 9 Plus
Internet security suite that contains anti-virus, anti-malware, a vulnerability scanner and personal firewall.
Find and fix rootkits, spyware, trojans, virus and malware infections. Protect your PC for less!
Forefront Client Security
http://www.microsoft.com/forefront/clientsecurity/en/us/product-information.aspx
Forefront Client Security wins VB100 award for Windows Server 2008 anti-malware
http://blogs.technet.com/forefront/archive/2008/10/02/forefront-client-security-wins-vb100-award-for-windows-server-2008-anti-malware.aspx