Windows 7 The Latest & Maybe The Greatest... |
|
|
02-22-2010
|
|
OCA Gladiator
|
|
Join Date: Jun 2009
Location: Tampa Florida
Posts: 384
Rep Power: 15
|
|
Quote:
Originally Posted by Neuromancer
To scan other peoples HDDs?
ESET nod32 in with their drive in an external cage and autoplay disabled
Works really good on that big one that pops up every year (that virus that pretend to be a antivirus?)
I cant remember the name... I just remove it. take s 45 minutes tops.
|
We get so many of those fake anti-virus programs it is not even funny, and we are running Mcafee Enterprise edition.
What about for installing on someones machine just to run and eliminate issues.
We have used Spybot, malewarebytes, adaware, etc... Most of them find some things but not all things and none of them are 100%
__________________
This is so outdated and needs an update!
|
02-23-2010
|
|
Superenthusiast
|
|
Join Date: Feb 2009
Location: Krypton, Hawaii
Posts: 11,027
Rep Power: 10
|
|
Quote:
Originally Posted by Neuromancer
To scan other peoples HDDs?
ESET nod32 in with their drive in an external cage and autoplay disabled
Works really good on that big one that pops up every year (that virus that pretend to be a antivirus?)
I cant remember the name... I just remove it. take s 45 minutes tops.
|
Its called P3rson4lS3curity and its nabbed alot of my buddies which means I've had to clean their pc's several times.
__________________
What kind of community do you intend to re-build?
tell me your sins and I'll sharpen my knife...(Take me to church)
|
02-23-2010
|
|
OCA Gladiator
|
|
Join Date: Mar 2009
Location: E'town KY
Posts: 2,113
Rep Power: 18
|
|
It's not just "personal security." In my shop I run across dozens weekly.
No software can stop the insertion of these rogue antivirus programs, since the user "willingly" installs it into their machine.
Click sense, or the lack thereof, is the largest contributor of this. A warning box (through IE or FF process) appears and most people do not even read it. A click anywhere in the window installs the software (click-jacking). The only way to prevent this from happening is to open task manager and kill all internet related tasks.
Where does it come from? Mainly p2p networking clients. Secondly, social networking sites, or any site where "code" or user input that accept redirects or html (or similar code) can be setup to hijack you. These hijacks are primarily designed to circumvent or disable most top marketed antivirus software and pretty much any software firewall.
Prevention is almost impossible, since most people do not understand "click sense," and others do not care to learn. I have preached to people, and they will come back to me with the same problem 2 weeks later.
Early detection is the key. I can remove these, if caught early enough, with Malwarebytes, Superantispyware, and Avast (boot time scan) in that order. If too many services are modified, and system files become too corrupt, it is best to backup the data and wipe the hdd's (all of them). I used to leave recovery partitions in tact, but those are no longer safe anymore either.
BOOM!
__________________
Nooob#1
Quote:
Originally Posted by Kal-EL
I think the flux capacitor caused the aeon influx inductors to mis-allign the dylithium crystals during transphotogenic mutation, but that's just because I stayed at a Holiday Inn last night.
|
Don't forget to delete System32!!!
|
02-23-2010
|
|
OCA Gladiator
|
|
Join Date: Jun 2009
Location: Tampa Florida
Posts: 384
Rep Power: 15
|
|
Quote:
Originally Posted by FACE411
It's not just "personal security." In my shop I run across dozens weekly.
No software can stop the insertion of these rogue antivirus programs, since the user "willingly" installs it into their machine.
Click sense, or the lack thereof, is the largest contributor of this. A warning box (through IE or FF process) appears and most people do not even read it. A click anywhere in the window installs the software (click-jacking). The only way to prevent this from happening is to open task manager and kill all internet related tasks.
Where does it come from? Mainly p2p networking clients. Secondly, social networking sites, or any site where "code" or user input that accept redirects or html (or similar code) can be setup to hijack you. These hijacks are primarily designed to circumvent or disable most top marketed antivirus software and pretty much any software firewall.
Prevention is almost impossible, since most people do not understand "click sense," and others do not care to learn. I have preached to people, and they will come back to me with the same problem 2 weeks later.
Early detection is the key. I can remove these, if caught early enough, with Malwarebytes, Superantispyware, and Avast (boot time scan) in that order. If too many services are modified, and system files become too corrupt, it is best to backup the data and wipe the hdd's (all of them). I used to leave recovery partitions in tact, but those are no longer safe anymore either.
BOOM!
|
Yes in a college environment, "click sense" is not there. That is what we do if we catch it, kill the task, even trying to close the pop-up is a no-no.
If we can't remove we also back up and image the drive, then restore settings.
We just had a meeting (I was not in attendance) and they settled on malewarebytes, and adaware. Buying full versions, so we have two to run.
Thinking about doing a write-up on click sense to pass out via bulk email to everyone in the school, and maybe posters to post up. That is one of our biggest issues is dang viruses. I have a pic on my iphone, if I can figure out how to upload it here, it is a computer with about 12 different "anti-spyware" programs on it. Someone got click happy! lol
Thanks again for the input guys. Now lets figure a way to catch the problem at the source lol
__________________
This is so outdated and needs an update!
|
02-23-2010
|
|
OCA Gladiator
|
|
Join Date: Mar 2009
Location: E'town KY
Posts: 2,113
Rep Power: 18
|
|
The best way is to block ports 80 & 81 to stop basic file sharers. Blocking p2p protocol works too.
Blocking Facebook, Myspace, MyYearbook, YouTube and the like will vastly bring down the infections on business computers. The business we administrate see a drop almost to zero when policies are set to weed out "distractions" from the network. Amazingly, productivity increases as well.
I would recommend strongly NOT to image an infected drive. Starting from scratch and manually redoing drivers and software is the way to go fo' sho'
__________________
Nooob#1
Quote:
Originally Posted by Kal-EL
I think the flux capacitor caused the aeon influx inductors to mis-allign the dylithium crystals during transphotogenic mutation, but that's just because I stayed at a Holiday Inn last night.
|
Don't forget to delete System32!!!
|
02-23-2010
|
|
Superenthusiast
|
|
Join Date: Feb 2009
Location: Krypton, Hawaii
Posts: 11,027
Rep Power: 10
|
|
Quote:
Originally Posted by face411
the best way is to block ports 80 & 81 to stop basic file sharers. Blocking p2p protocol works too.
Blocking facebook, myspace, myyearbook, youtube and the like will vastly bring down the infections on business computers. The business we administrate see a drop almost to zero when policies are set to weed out "distractions" from the network. Amazingly, productivity increases as well. :d
i would recommend strongly not to image an infected drive. Starting from scratch and manually redoing drivers and software is the way to go fo' sho'
|
boooo!
__________________
What kind of community do you intend to re-build?
tell me your sins and I'll sharpen my knife...(Take me to church)
|
02-23-2010
|
|
OCA Gladiator
|
|
Join Date: Jun 2009
Location: Tampa Florida
Posts: 384
Rep Power: 15
|
|
Quote:
Originally Posted by FACE411
The best way is to block ports 80 & 81 to stop basic file sharers. Blocking p2p protocol works too.
Blocking Facebook, Myspace, MyYearbook, YouTube and the like will vastly bring down the infections on business computers. The business we administrate see a drop almost to zero when policies are set to weed out "distractions" from the network. Amazingly, productivity increases as well.
I would recommend strongly NOT to image an infected drive. Starting from scratch and manually redoing drivers and software is the way to go fo' sho'
|
Well we use imagecast, which basically pulls a XP install from our server. We usually pull the info, then format the drive then image it.
I will have to forward some of that info to our network guys. I know they have blocks on some stuff, but do allow facebook because it is a college environment, and the students often use that.
__________________
This is so outdated and needs an update!
|
02-23-2010
|
|
OCA Gladiator
|
|
Join Date: Jun 2009
Location: South Jersey, USA
Posts: 5,645
Rep Power: 21
|
|
My sister and my Dad have been getting that AntiVirus popup when surfing Facebook.
I use Opera so its not triggered for me.
BUT
A little education goes a long way. DO NOT CLICK POPUPS. That antivirus popup if you do not click it is fine. alt+F4 to force close a window.
I love imaging... my XP machines usually get full reinstalls every 3-6 months. (Have not had to do a V64 reinstall yet despite 3 motherboard and 4 CPU changes )
So far I only image my benching rigs... but next ground up build will have a recovery disk done right away
__________________
"Don't You understand? This is Greek to me! Except I spek Greek, this is like Aramaic to me, and not the Western Dialect I can read a little." - Dr. Walter Bishop
Special relativity is not "Eat Two Big Macs."
|
02-26-2010
|
|
Aspiring Overclocker
|
|
Join Date: Feb 2010
Location: So Cal
Posts: 34
Rep Power: 0
|
|
Quote:
Originally Posted by marcam923
On that note, what do you guys use to scan for viruses?
|
I use Avira Anti-virus and Malwarebytes, they are both free and work great for me.
__________________
Heatware
System Specs:
AMD Phenom II X4 920
ASUS M3N-HT Deluxe 780a
EVGA GTX285 in SLI
Windows 7 Ultimate x64
NZXT Tempest case
WD 640Gb black
Creative Audigy2 se
CORSAIR 750TX psu
OCZ 4Gb 1066 ram
LG x22 dvd/cd
24" Samsung
|
02-26-2010
|
|
Superenthusiast
|
|
Join Date: Feb 2009
Location: Krypton, Hawaii
Posts: 11,027
Rep Power: 10
|
|
Hehe, my buddy bought a new security program yesterday, its da bomb!
Security Tool - MALWARE!!!!! $50
Ragging by Supes- Priceless!!!!!!
__________________
What kind of community do you intend to re-build?
tell me your sins and I'll sharpen my knife...(Take me to church)
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -10. The time now is 10:58 AM.
Copyright ©2009-2014, Overclockaholics
|