×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Scareware/Rougueware detection and prevention

Scareware/Rougueware detection and prevention

Scareware/Rougueware detection and prevention

(OP)
These new strains of infections are becoming quite troublesome.

I run a mix of Symantec, MS Security Essentials, AVG and Nitro IPS and average at least one infection a week for the past several months.

Anyone out there using a A/V solution that detects and prevents infections?

Mark C.
 

RE: Scareware/Rougueware detection and prevention

Unfortunately, at the rate these things are written and re-written, it's hard to find anything that will catch everything even with up-to-date codecs and heuristic AV programs. Coders are constantly rewriting malware to try and stay ahead of the AV programs.
 

James P. Cottingham
I'm number 1,229!
I'm number 1,229!

RE: Scareware/Rougueware detection and prevention

Your best bet is a layered approach with the following components (my recommendation)

1.  Be careful what you do and where you go on the internet
2.  Run an anti-virus product (free or paid)
3.  Run the paid version of MalwareByte's anti-malware or at least scan monthly with the free version if you're cheap.
4.  Run your browser with less rights using dropmyrights
5.  Good luck avoiding everything bad

RE: Scareware/Rougueware detection and prevention

I read of this forum that "only an idiot would web browse using a user profile with full permissions", and I said to myself hey wait I am an idiot so I checked and I was.  I created a limited user and it saved the bacon at least by not letting one of those ransom ware programs get deep seated.  Forgot who it was but he deserves a star for it.

My question is then- For information only, if you are having trouble do you browse with a limited user? (permissions)

RE: Scareware/Rougueware detection and prevention

Can you, after not proofreading a post, edit it after it is posted? I cannot see how to do it.

RE: Scareware/Rougueware detection and prevention

(OP)
@James - I figured as much, but had to ask.

@goombawaho - I love your recommendations, but we all know how difficult it is to get a "typical-end-user" to be "cautious" when browsing the web. On paper it looks good, but in the real-world... just doesn't happen.

@hawkdaddy - great point. I however, am not an idiot. (sry, been doing this way too long). I use GPO to control permissions on domain machines. I'm not seeing any real pattern with infections either in regards to level of user permissions. Oh and no, you cant edit after you submitted a post.

With all the different levels of "infecting" these new strains do, It takes alot longer to remove than just running Malwarebytes scan and rebooting. Over the last month, II  cant believe what it takes to remove these rougueware programs. What was once a 20 minute scan is now a 2 hour ordeal.

I'm out searching to see if there are better methods than what I am using to combat these new stains. IMHO, a few infections a week isnt bad considering I'm blocking 99.999% of infections before they even reach my network.

Mark C.
 

RE: Scareware/Rougueware detection and prevention

I caught and cleaned a few of these in the past year or so. I installed Adblock Plus and noscript for firefox and I haven't seen one for a long time now. It could just be that I've been lucky, but I wouldn't go without those add-ons if I had the choice. Goombawaho's suggestion for dropmyrights sounds good to, I'll have to check that one out.

RE: Scareware/Rougueware detection and prevention

Yeah - people will be people, doing all kind of crazy stuff online.   But if you want to avoid the bad stuff, staying away from porn sites, free ring tones, peer to peer file sharing, etc., etc. would help out quite a bit.

I just say that because it IS TRUE whether anybody wants to be careful or not is another issue.  Would that GUARANTEE they never get any malware - NO!  But if you only visited your webmail page and your bank's web site, you'd probably never get any malware.

Just like you'd never get your heart broken if you never dated.

I wouldn't say that people are idiots to browse with ADMIN rights.  I've always done it.  I just use DropMyRights now with Firefox so that the browser has less ability to allow something to run.

RE: Scareware/Rougueware detection and prevention

One infection a week !!!
I would suggest that your machine has a deep infection that is directing other nasties to you.
So suggesting a defence combination is 'locking the door after the horse etc'

I would  suggest running Malwarebytes and SuperAntiSpyware. run a rootkit scanner and Combofix (you will need to uninstall everything else before this will run). Also if I am right you might find it difficult to download these programs.
Look through the posts here to get more info on where to get and run these tools.
 

Steve: N.M.N.F.
If something is popular, it must be wrong: Mark Twain

RE: Scareware/Rougueware detection and prevention

(OP)
I'm not kidding about the once a week infection. However it's not on the same machine every week. I have a dozen off site pc's that I'm dealing with.

I have the skills and the tools to remove them. My goal was to find another product (low cost or free) that is better at protecting from these new strains.

I will try DropMyRights and see how that goes.
 

Mark C.
 

RE: Scareware/Rougueware detection and prevention

Quote:

I'm not kidding about the once a week infection. However it's not on the same machine every week.
Why is that unusual?  If it's not the same PC every week, then it's not an every week problem.  Different computers, different users, different environments, since off-site.

Are these your PCs, non-related individuals, individuals as part of a large organization, what?

If they are totally unrelated, then it's going to be a per user issue, and yes, it's VERY likely for some to get reinfected.  Some of the risks cannot be fixed with any hardware/software configuration - particularly if it's a personal or small business computer.
 

RE: Scareware/Rougueware detection and prevention

@mlchris,
How can you run so many security programs and not having trouble with them? I thought using more than 1 security software will cause trouble with Windows.

RE: Scareware/Rougueware detection and prevention

An anti-virus program runs all the time, but...

Malwarebytes and SuperAntiSpyware, a rootkit scanner and Combofix all run on demand and thus don't interfere.  Even the paid version of Malwarebytes doesn't cause a problem even though it's always running.

You wouldn't want two dedicated anti-virus programs running like Trend Micro and Microsoft Security Essentials.

RE: Scareware/Rougueware detection and prevention

mach04,

It's definitely possible to run more than one "security" app at once.  As goombawaho points out, there are more than one type.  There are:
Antivirus
Antimalware/Antispyware/AntiAdware
Script Blocking Applications (or add-ins such as NoScript in Firefox and Google Chrome)
Software Firewalls
"Sandbox" software - though I'm not always so sure about them, as in being worth the headache.

And within those categories, you can sometiems run more than one product.  For instance, I've successfully run Avira Antivir and Microsoft Security Essentials (per someone else mentioning the same thing) on a couple of machines with no issues.  I have seen an issue once on a machine running both, but based on the symtoms, I think it was just an issue with MS Security Essentials.  For some reason, at rare times, it'll just eat up resources seemingly for no good reason.  But 99% of the time, it runs just fine, quietly doing it's job.
 

RE: Scareware/Rougueware detection and prevention

To make it simple, for non-technical users, I recommend to not run more than one TRADITIONAL A/V product.

Other specialized tools can often be run with the A/V running or in safe mode.  Combofix will often warn you about running it with an A/V running.  If you want to roll the dice and ignore that warning, you can.  I usually don't and remove the A/V temporarily.

RE: Scareware/Rougueware detection and prevention

kjv1611

mlchris2 is running 4 AV, it sounds very interesting that he is not having any trouble with them. I had read people used 2 AV like Avast+MSE, but not 4 AV.
I am currently running Avast+Superantispyware+Malwarebytes antimalware.  

RE: Scareware/Rougueware detection and prevention

Wow, yeah, I must have overlooked that - running multiple AV products (not general security - there are diff categories, as mentioned already) is probably not a good idea.

For instance, it could be that AV1 finds and quarantines an infection.  Then AV2 could find the same quarantined infection... and try itself... same thing with AV3 and AV4.  of course, with many/most of them, you can specify folders to not scan.  So you could make sure they don't scan each others' quarantine folders.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login


Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close