Antivirus Program Reviews (2006)
The Nyxem Worm (AKA MyWife Worm or Kama Sutra Worm) hits the 3rd of every month! Get protected now!

You may have read about it on CNN.com, or heard on the news: the Nyxem Worm (sometimes called the MyWife Worm but also known as Kama Sutra, Blackmal, Grew, Blackworm, or Kasper) has hit many machines, and activated on February 3rd, 2006, and will activate again on the 3rd of every month after that. It spreads through e-mail, and installs when someone opens an attachment in the e-mail. This worm is nasty and will do a number of things: it disables the mouse and keyboard, changes registry settings, e-mails itself to all contacts, wipes out a lot of antivirus programs, kills current installs of antivirus software, and the big one - it overwrites ALL documents, zip files, Acrobat PDF files, Powerpoints, and more. Not deletes, but overwrites, so you cannot recover them. So which antivirus programs can protect you against this worm? Well, all of the latest versions of the programs I've reviewed can do it, as long as you get it installed and have the most recent virus definition updates. But if you're infected, you need to take some steps first, and then install antivirus software to fully clean the infection. You can choose and download the software now, so you have it ready to go. If you install the software after these steps, you can clean the remnants of the worm, and stop it from reinfecting you. And if you're not currently infected, but want protection against this worm, then all you need to do is get one of these antivirus products, install it, and you'll be safe and covered. I'd strongly recommend having some type of current virus protection so a worm like this in the future doesn't catch you off guard.

If today is the day that the worm activates (the 3rd of the month), and you have it, whatever you do, do NOT reboot your computer today - it kicks off when your computer boots. But there's something you can do to buy some time, so you can clean your system - changing your system clock, so the virus does not activate. Since it's the 3rd, it may already be too late, and I can't promise that this will work, but it's worth trying. Here's how to do it:

  1. Double-click the clock in the lower-right corner to open Date and Time. You can also get here by clicking Start->Control Panel->Date and Time.
  2. Pick the Internet Time tab.
  3. Make sure the "Automatically Synchronize" box is NOT checked.
  4. Click on the Date & Time tab.
  5. Change the date to the 4th, then click OK.
You can then change this back to its original settings when the 4th really does roll around, but this will make sure the worm never actually knows it's the 3rd, so it won't execute and delete all your files. Regardless of whether you do this or not, you still need to remove the worm to ensure you computer stays safe.

If you know you're infected (or if you just want to be sure you're not), take these steps before installing the new antivirus software:
  1. Reboot in safe mode (hold down F8 while your machine is booting up, then choose "safe mode").
  2. In XP, right-click your taskbar (that bar across the bottom of the screen), and choose Task Manager.
  3. Click the Processes tab, and look for any of these names - if you find any, select them and click "end process".
    • rundll16.exe
    • scanregw.exe
    • Update.exe
    • Winzip.exe
    • WINZIP_TMP.EXE
    • New WinZip File.exe
    • WinZip Quick Pick.exe
  4. Even IF you can't figure out how to do that, it's not as important as this step: find these files in your Windows and System directories, and delete them. (%Root% is usually just C:\, %Windows% is normally C:\Windows or C:\WINNT, and %System% is in the Windows directory: C:\Windows\System for Windows 98 and ME, C:\WINNT\System32 for Windows NT and 2000, C:\Windows\System32 on Windows XP and Server 2003. That last one is in your startup group, which you can find by clicking Start->All Programs->Startup and then right-clicking the file and choosing "delete", but it's not as important to delete this one as it is the others.)
    • %Root%\WinZip_Tmp.exe
    • %Windows%\rundll16.exe
    • %Windows%\WINZIP_TMP.EXE
    • %System%\scanregw.exe
    • %System%\Update.exe
    • %System%\Winzip.exe
    • %System%\WINZIP_TMP.EXE
    • %System%\New WinZip File.exe
    • %User Profile%\Start Menu\Programs\Startup\WinZip Quick Pick.exe
  5. Reboot, delete any infected e-mails, then install your antivirus and finish the cleanup!
Steps 2 and 3 are just to kill any parts of the worm that are running, and is a good idea, but they will come back if you don't remove the files. The list of files in step 4 are the ones that the worm poses as, and if you delete those, you'll be able to install and run an antivirus (otherwise those files will not let you run antivirus programs). Once you delete them, you're ready to install and run an antivirus program to clean up that infection, and maybe others. What do these antivirus packages offer? I've spent time reviewing them (after all, this is primarily a review site), to get all the information about each. Here they are:


Rated: 9 out of 10

Product Highlights

  • Scans fast
  • Comes with firewall
  • Anti-spyware and anti-spam tools
  • Free phone support

Trend Micro's PC-cillin is a full package. It comes with a virus scanner, a firewall, e-mail spam protection, and spyware protection. The virus scanner is what the main focus is, though, and it does a good job. It's fast and takes a moderate level of resources. If you've got an older machine, it may take more resources, but it's still fairly fast. Trend Micro does have free phone support, which is always good to have. The one thing PC-cillin doesn't do that might bother some is that it won't scan right after install, you have to kick it off yourself. But that's a minor quibble. The firewall, antispam and spyware-blocking tools are definitely a cool extra, especially if you don't have one (or any) of those already. It's a little more expensive than some of the others, but you get a lot for your money.



Rated: 8 out of 10

Product Highlights

  • Good price
  • Easy-to-use interface
  • Doesn't use a lot of system resources

This is made by Zone Labs, who are the same people who make ZoneAlarm, a really well-known firewall. This product comes with ZoneAlarm's triple defense firewall, the latest in their firewall technology. With that in addition to the anti-virus product, it's a great deal. The price is good, it runs fairly fast (on faster machines, at least), isn't a heavy resource hog, and it's easy to use. It's not the flashiest or the best performing of the programs, but it gets the job done, and at a decent price.



Rated: 7 out of 10

Product Highlights

  • Very low price
  • Virus scan is fast
  • Doesn't use a lot of system resources
  • Has a good online tutorial

eTrust EZ Antivirus is made by Computer Associates. It's fast, easy to use for novices with its online tutorial, and it doesn't use a lot of the computer's resources. It doesn't have a firewall, though, and won't do virus scans on your e-mail on delivery, you have to scan it yourself. And the interface is a bit complicated, which is why the online tutorial is good to have. Overall, it's fast and inexpensive, but it doesn't have a lot of the extra features the other programs have.



Rated: 4 out of 10

Product Highlights

  • Searches thoroughly
  • A ton of changeable settings
  • Updates virus definitions daily

This is the Kaspersky Anti-Virus Personal Pro software. If you've noticed, the "Product Highlights" points aren't that strong, and it's for a reason. Yeah, it searches fully, and tries to find any of the large number of virus bits it looks for (which are updated daily), but it takes a LONG time to do it. The online support is iffy, although the technical support through phone and e-mail is free, 24 hours. There are still some bugs floating around in the software that some people have had problems with. There's an Anti-Virus Personal (not Pro) version out there that's cheaper, but I wouldn't recommend either.



Conclusion

Viruses are constantly growing in complexity and distribution. Installing an antivirus solution to protect your computer and your personal files is a good idea, especially for threats that are as damaging as the Nyxem/Kama Sutra Worm. Considering the selections I've reviewed here, the final choice really depends on what you want. Want to spend as little as possible, but still get some antivirus protection? You'll want eTrust EZ Antivirus. Want to get as much protection as possible, as well as an included firewall, anti-spyware and anti-spam? Trend Micro's PC-cillin is your ideal package. Don't need all the extra stuff, but don't want to get the cheapest out there? Then you'll probably want ZoneAlarm Antivirus. Once you have an antivirus program installed, your computer will be kept safe from infection. If another major worm gets released, if you've got your antivirus program up to date, your computer should be fine. Whichever one you choose to install, you'll rest a little easier once you've got some antivirus protection watching your computer.
Questions or comments? contact@reviewsofstuff.com
Copyright © 2006 ReviewsOfStuff.com. All rights reserved.