Avoid Norton. If you want to buy something, please try Microsoft OneCare paired up with ThreatFire and Prevx CIS (two great supplementary freebies). My standard recommendations follow: Computer exploits do not always enter your system as corrupt email attachments or as compromised software. Many exploits are quietly downloaded and installed without your knowledge. Your system security can be breached simply by visiting otherwise “safe” websites that had been hacked by cyber-criminals. Once these threats are installed on your system, they can be remotely monitored and controlled by cyber-criminals using other compromised systems (remote “Zombie” servers). This manner of criminal social engineering surrenders complete control of your system to the cyber-criminal. Among other things, exploits can copy themselves into your operating system folders (replacing legitimate files), alter your Startup routines (for self-preservation), hijack the functionality of your browser (to track or direct your use), and deliver your every keystroke to criminals (including credit card information and account passwords). Well-engineered exploits will recognize and defeat most common anti-virus or anti-spyware applications that you have installed -- giving you the impression that you are still "safe". YOU ARE NOT! Before you begin any removals or repairs, please DISABLE “SYSTEM RESTORE” to prevent automatic re-infection when you reboot. You may also need to remove any previously installed anti-virus, anti-spyware, and registry cleaning applications that you are currently using as they may be compromised or corrupted. Some will require special tools, such as The Norton Removal Tool, available from my Internet Security page. Other product-specific removal tools may be required. Please use them before installing any replacement anti-threat software or reinstalling damaged applications. Furthermore, there are many virus and Trojan removal tools on my Security page, including the incomparable HiJackThis! HJT! is an advanced tool that must NOT be used by novice users without direct supervision by an experienced user (please see warning below). If you are having difficulty running any of the online scans from my Internet Security page, this may be an indication that your system is compromised. Please reboot in Safe Mode and try the scans again. Once you have run at least THREE DIFFERENT online anti-threat scans to determine that your system is clear of all threats, you may re-enable System Restore. Otherwise, leave System Restore disabled until your system has been cleared of all threats. Begin with an online Windows Live Safety Scan (recommended), BitDefender, AVG/Ewido, Kaspersky, or Panda ActiveScan, among the many online threat scanners from my Internet Security page ... http://SecorConsulting.net/pages/security.html One or more of the scan may identify the exploit by name. Write them down! You may have to search the internet of a specific solution. Often, the scans will remove the more common threats. Next, install Prevx CSI, a FREE quick boot-time security check that identifies many common threats ... http://www.prevx.com/ Another excellent FREE tool is PC Tools’ ThreatFire (http://www.threatfire.com/). NOTE: If you DO NOT intend to install more than one anti-threat application, I urge you to please install ThreatFire to supplement the protection of your primary anti-virus application. This is my recommended minimum secondary line of defense. Now that we have begun to secure your system, lets improve your housekeeping. Download Piriform’s Crap Cleaner (http://www.ccleaner.com/) for general system housekeeping tasks. Un-check the Yahoo toolbar option during installation. Immediately check for Updates before running your first analysis and cleaning all drives of temp files. Follow your file cleanup with a Registry scan and fix to remove extraneous junk. A good schedule to maintain would be to clean out temp files daily, check the registry weekly, and check for updates monthly. Optionally, you may download Piriform’s Defraggler (http://www.defraggler.com/) to defragment your hard drives. To maintain optimal system performance, defragment your drives (or individual files) often. Crap Cleaner and Defraggler are rock-solid utilities that are FREE for personal use. I use them religiously. Next, download and install SpywareBlaster to protect your browser and HOSTS file from exploitation. SpywareBlaster is another excellent FREE utility. Check for updates, then "protect all". Please update monthly ... http://www.javacoolsoftware.com/ If you REALLY want a truly secure HOSTS file, I recommend AbelhaDigial’s HostMan (http://www.abelhadigital.com/) – please install the last non-beta release.. This automates and monitors the popular http://www.mvps.org/winhelp2002/hosts.htm source file. I recommend that you frequently update your HOSTS file to block communications with many known parasites, the most annoying pay-per-click ads, and hijacker sites. This will harden your system against threats as well as many popular anti-spyware applications. It will open your eyes. LET ME MAKE ONE THING ABUNDANTLY CLEAR. THERE IS NO "BEST" ANTI-THREAT APPLICATION THAT IS 100% INFALLIBLE! ZERO, ZIP, ZILCH, NADA, NONE! This should help convince the brain-dead bone-heads out there. Click on VirusTotal statistics (http://www.virustotal.com/estadisticas.html) and view the “Failures In Detection (Last 24 Hours)” donut. You will notice that NEARLY ALL of tens of thousands of suspect files will go undetected by at least one of the thirty most popular anti-threat applications! That should be unsettling to everyone. Clearly, there are no "silver bullets" anywhere on the horizon. Any software publisher that claims otherwise is a outright LIAR! Now that you are motivated, please install one of the following anti-threat applications. Each has their own strengths and weaknesses, but they are all among the best available. Check for updates immediately after installation and update frequently thereafter (daily is preferred) Avast! - http://www.avast.com/ AVG - http://www.grisoft.com/ * Avira - http://www.avira.com/ BitDefender – http://www.bitdefender.com/ CA Antivirus - http://www.ca.com/ F-Secure - http://www.f-secure.com/ Kaspersky - http://usa.kaspersky.com/ NOD32 - http://www.eset.com/ Norman – http://www.norman.com/ Norton / Symantec – NOT RECOMMENDED Panda Antivirus - http://www.pandasoftware.com PCTools - http://pctools.com/ Prevx – http://www.prevx.com/ Sophos - http://www.sophos.com/ Sunbelt Vipre – http://sunbeltsoftware.com/ SUPERAntiSpyware.com – http://SuperAntiSpyware.com/ * TrendMicro - http://www.trendmicro.com/ Windows Live OneCare - http://onecare.live.com/ * Most of these anti-threat application developers offer FREE or trial software, and many will "play well together", should you wish to install more than one anti-threat tool (recommended). If you are the least bit hesitant to install two or more anti-threat applications, please, install PC Tools’ ThreatFire or Prevx CSI as a secondary anti-threat mechanism. To use a military term, like land mines, these tools are “force multipliers”! To protect your browser form future hijackings please install ... XPL/AVG LinkScanner ... http://www.explabs.com/downloads/ or McAfee SiteAdvisor ... http://www.siteadvisor.com/download/ie.html (The XPL LinkScanner is now a part of the commercial AVG package.) If you have an IT background you will find HiJackThis! from my Security page an invaluable tool to track down and remove stubborn malware. Use the convenient online analyzer or upload your HJT! log to any appropriate HJT! forum for assistance. CAUTION: If you do not know your way around the Windows operating system, please do not attempt to use HJT! You may render your system unusable! Now let’s alter your other unsafe Internet practices. Change your mail reader (e.g., Outlook) to accept ONLY plain ASCII text emails and never open attachments from unknown sources (and most known sources). HTML email allows malicious scripts to be run on the host system, defeating some anti-virus applications! Avoid ALL file/music/video sharing sites – they host some of the most malicious social engineering malware. Maintain a very small IM community (if you must), and become realistically “paranoid”. Indeed, “THEY” really are out to get you! Make certain that your Windows firewall (or other software firewall) is active and FULLY STEALTHED. Remember that a "closed" port is every bit as visible to the outside world as an "open" port. Only “stealth” ports are invisible if you are connected to a network or the Internet. I prefer using both hardware and software firewalls. Here are a few good software firewalls … Ashampoo Firewall http://www2.ashampoo.com/webcache/html/1/product_2_0050__.htm Comodo Firewall http://www.personalfirewall.comodo.com/index.html Jetico Firewall http://www.jetico.com/jpf2.htm Kerio Winroute Firewall http://www.kerio.com/kwf_home.html OnlineArmor Firewall http://www.online-armor.com/downloads.html Outpost Firewall http://www.agnitum.com/products/outpostfree/ PortsLock Firewall http://www.devicelock.com/pl/download.html PCTools Firewall http://pctools.com/ ZoneAlarm Firewall http://www.zonealarm.com/store/content/catalog/products/sku_list_za.jsp WITHOUT EXCEPTION, PLEASE AVAOID ALL "NO-NAME” ANTI-THREAT AND REGISTRY CLEANING APPS! ROGUE APPLICATIONS CAN AND WILL COMPROMISE YOUR SYSTEM! There are links to several lists of known rogue tools. If one that you use is on any such list. You need to begin the arduous task of removing it NOW and installing REAL protect! Furthermore, all those ignorant hotshots who are careless and harbor any manner of threat (due their lack of diligence or general apathy) should include themselves as part of the problem. THESE PEOPLE ARE A PUBLIC MENACE. If you know anyone that fits this description, please avoid all contact with these morons. THEY ARE AN EMINENT THREAT TO YOUR SAFETY! Please forward this document (or a link) to these pathetic lepers. You have my permission to add them to your IM again, as soon as they halt their risky behavior and put on an electronic condom. The best of luck to all those fighting the good fight! I’ve got your back. My Internet Security page ... http://SecorConsulting.net/pages/security.html My ID Theft page ... http://SecorConsulting.net/pages/identity.html My XP security “hardening” page (there is no Vista direct equivalency at this time)... http://SecorConsutling.net/pages/benchmark.html If you are truly SERIOUS about preventing security breaches, I encourage you to run these tests … http://www.securityspace.com/smysecure/single_index.html