Advice on preventing Internet Security 2010, Sysguard, etc.

[rshendrix]

We are having a few users continually getting infected with some of the latest security hoax trojans. What are others using to prevent this sort of thing?

We have Trend Micro AV installed and try to constantly educate on not clicking on every thing that pops up. Just looking for some advice on how others are handling this.

Thanks.

 

[ghost123uk]

NOTE: If the infection execuables/extensions are deleted without correcting or deleting the corresponding registry key, the system may either BSOD on boot, or boot to a logon screen and loop back to the logon screen every time a logon is attempted. This appears to be because the registry keys are altered BEFORE the executables/extensions are downloaded AFTER the registry changes are made.

Yes we have seen that situation often.

It puzzles me that the virus writers write code that prevents a machine from booting when nowadays they are not vandals, they are after our customers money !

Re protecting registry keys, I wonder if registry protection software ( such as Zone Alarm, yuk yuk ) helps with this type of infection. I never recommend using it on end users machines as the pop ups are usually so complicated to understand, the end user always clicks "allow" just so they can get on with what they are doing. Seen that LOTS f times, same with KIS, AVG full security suite and Norton 360 etc. We often have to spend 5 mins on Google researching what it says before knowing whether to click "allow", "allow once" or "always allow" !!!!!!

~~~~~~~~~~~~~~~~~~~~

@ Ghost...

Today I had a very similar situation to the one you described where a customer reported that their PC had been reinfected. She said that since I had cleaned it, she had only visited foodnetwork.com, and checked her email on Yahoo Webmail (through her pop.att.yahoo.com webmail account.) she's a neighbor, and I believe her.

Any overlaps with what you're seeing?

The circumstances = Yes, though not necessarily those URL's

Just to re-iterate, I wonder if MS are working on a patch to prevent it ?

I might even go to an MS forum and ask !



JB - N.W. - UK....
If at first you don't succeed, keep at it until you can't even think straight !

 

[ghost123uk]

Just to re-iterate, I wonder if MS are working on a patch to prevent it ?

I might even go to an MS forum and ask !

I did - and they said they are not !!

Lets just hope some black hat doesn't use the same invasion technique to write a nastier and destructive type threat !!

Mind you if that happened someone WOULD fix it like they did with Blaster in 2003 and Sasser in 2004.

JB - N.W. - UK....
If at first you don't succeed, keep at it until you can't even think straight !

 

[weberm]

I was surfing the web Sunday morning with multiple windows open but not having clicked on anything or opened anything when it infected my machine at the house.

I am relieved to know I wasn't imagining things when that happened to me!

 

[goombawaho]

Stay away from ring tone web pages. I never use those type of pages (or ring tones either), but was watching the other night and someone else would have gotten one of these trojans / B.S. Antivirus 2015 if I hadn't been there to CTRL ALT DEL

Also, song lyrics pages seem to be a danger.

What do the two have in common:
1. Things that everybody wants - ringtones and lyrics
2. Things that people want and ALL FOR FREE

All of the above "computing" suggestions are good, but behavior is also an important component of protection. In terms of behavior - being suspicious is about 70% of protecting yourself. Not going after FREE stuff (porno, music, lyrics, ring tones, etc) is another 15%

 

[ghost123uk]

In terms of behavior - being suspicious is about 70% of protecting yourself. Not going after FREE stuff (porno, music, lyrics, ring tones, etc) is another 15%

Is good general advice, but this thing does not come from "certain" sites (or at least I am 99% sure of that "fact")

From what I can see from on here (and elsewhere) it is like the "Blaster" virus in so much as it is just "floating" around the net looking for PC's to infect. I (we) don't think it comes from an infection in a website or webserver.

So, still no "proactive defense" has been found then



JB - N.W. - UK....
If at first you don't succeed, keep at it until you can't even think straight !