[marcam923]

Quote:

Originally Posted by Neuromancer

To scan other peoples HDDs?

ESET nod32 in with their drive in an external cage and autoplay disabled

Works really good on that big one that pops up every year (that virus that pretend to be a antivirus?)

I cant remember the name... I just remove it. take s 45 minutes tops.

We get so many of those fake anti-virus programs it is not even funny, and we are running Mcafee Enterprise edition.

What about for installing on someones machine just to run and eliminate issues.

We have used Spybot, malewarebytes, adaware, etc... Most of them find some things but not all things and none of them are 100%

[Kal-EL]

Quote:

Originally Posted by Neuromancer

To scan other peoples HDDs?

ESET nod32 in with their drive in an external cage and autoplay disabled

Works really good on that big one that pops up every year (that virus that pretend to be a antivirus?)

I cant remember the name... I just remove it. take s 45 minutes tops.

Its called P3rson4lS3curity and its nabbed alot of my buddies which means I've had to clean their pc's several times.

[FACE]

It's not just "personal security." In my shop I run across dozens weekly.

No software can stop the insertion of these rogue antivirus programs, since the user "willingly" installs it into their machine.

Click sense, or the lack thereof, is the largest contributor of this. A warning box (through IE or FF process) appears and most people do not even read it. A click anywhere in the window installs the software (click-jacking). The only way to prevent this from happening is to open task manager and kill all internet related tasks.

Where does it come from? Mainly p2p networking clients. Secondly, social networking sites, or any site where "code" or user input that accept redirects or html (or similar code) can be setup to hijack you. These hijacks are primarily designed to circumvent or disable most top marketed antivirus software and pretty much any software firewall.

Prevention is almost impossible, since most people do not understand "click sense," and others do not care to learn. I have preached to people, and they will come back to me with the same problem 2 weeks later.

Early detection is the key. I can remove these, if caught early enough, with Malwarebytes, Superantispyware, and Avast (boot time scan) in that order. If too many services are modified, and system files become too corrupt, it is best to backup the data and wipe the hdd's (all of them). I used to leave recovery partitions in tact, but those are no longer safe anymore either.

BOOM!

[marcam923]

Quote:

Originally Posted by FACE411

It's not just "personal security." In my shop I run across dozens weekly.

No software can stop the insertion of these rogue antivirus programs, since the user "willingly" installs it into their machine.

Click sense, or the lack thereof, is the largest contributor of this. A warning box (through IE or FF process) appears and most people do not even read it. A click anywhere in the window installs the software (click-jacking). The only way to prevent this from happening is to open task manager and kill all internet related tasks.

Where does it come from? Mainly p2p networking clients. Secondly, social networking sites, or any site where "code" or user input that accept redirects or html (or similar code) can be setup to hijack you. These hijacks are primarily designed to circumvent or disable most top marketed antivirus software and pretty much any software firewall.

Prevention is almost impossible, since most people do not understand "click sense," and others do not care to learn. I have preached to people, and they will come back to me with the same problem 2 weeks later.

Early detection is the key. I can remove these, if caught early enough, with Malwarebytes, Superantispyware, and Avast (boot time scan) in that order. If too many services are modified, and system files become too corrupt, it is best to backup the data and wipe the hdd's (all of them). I used to leave recovery partitions in tact, but those are no longer safe anymore either.

BOOM!

Yes in a college environment, "click sense" is not there. That is what we do if we catch it, kill the task, even trying to close the pop-up is a no-no.

If we can't remove we also back up and image the drive, then restore settings.
We just had a meeting (I was not in attendance) and they settled on malewarebytes, and adaware. Buying full versions, so we have two to run.
Thinking about doing a write-up on click sense to pass out via bulk email to everyone in the school, and maybe posters to post up. That is one of our biggest issues is dang viruses. I have a pic on my iphone, if I can figure out how to upload it here, it is a computer with about 12 different "anti-spyware" programs on it. Someone got click happy! lol

Thanks again for the input guys. Now lets figure a way to catch the problem at the source lol

[FACE]

The best way is to block ports 80 & 81 to stop basic file sharers. Blocking p2p protocol works too.

Blocking Facebook, Myspace, MyYearbook, YouTube and the like will vastly bring down the infections on business computers. The business we administrate see a drop almost to zero when policies are set to weed out "distractions" from the network. Amazingly, productivity increases as well.

I would recommend strongly NOT to image an infected drive. Starting from scratch and manually redoing drivers and software is the way to go fo' sho'

[Kal-EL]

Quote:

Originally Posted by face411

the best way is to block ports 80 & 81 to stop basic file sharers. Blocking p2p protocol works too.

Blocking facebook, myspace, myyearbook, youtube and the like will vastly bring down the infections on business computers. The business we administrate see a drop almost to zero when policies are set to weed out "distractions" from the network. Amazingly, productivity increases as well. :d

i would recommend strongly not to image an infected drive. Starting from scratch and manually redoing drivers and software is the way to go fo' sho'

boooo!

[marcam923]

Quote:

Originally Posted by FACE411

The best way is to block ports 80 & 81 to stop basic file sharers. Blocking p2p protocol works too.

Blocking Facebook, Myspace, MyYearbook, YouTube and the like will vastly bring down the infections on business computers. The business we administrate see a drop almost to zero when policies are set to weed out "distractions" from the network. Amazingly, productivity increases as well.

I would recommend strongly NOT to image an infected drive. Starting from scratch and manually redoing drivers and software is the way to go fo' sho'

Well we use imagecast, which basically pulls a XP install from our server. We usually pull the info, then format the drive then image it.

I will have to forward some of that info to our network guys. I know they have blocks on some stuff, but do allow facebook because it is a college environment, and the students often use that.

[Neuromancer]

My sister and my Dad have been getting that AntiVirus popup when surfing Facebook.

I use Opera so its not triggered for me.


BUT

A little education goes a long way. DO NOT CLICK POPUPS. That antivirus popup if you do not click it is fine. alt+F4 to force close a window.

I love imaging... my XP machines usually get full reinstalls every 3-6 months. (Have not had to do a V64 reinstall yet despite 3 motherboard and 4 CPU changes )

So far I only image my benching rigs... but next ground up build will have a recovery disk done right away

[t77snapshot]

Quote:

Originally Posted by marcam923

On that note, what do you guys use to scan for viruses?

I use Avira Anti-virus and Malwarebytes, they are both free and work great for me.

[Kal-EL]

Hehe, my buddy bought a new security program yesterday, its da bomb!

Security Tool - MALWARE!!!!! $50
Ragging by Supes- Priceless!!!!!!