Solved

Stop browser hijackers on windows 2003 terminal server

Posted on 2009-05-12
11
401 Views
Last Modified: 2013-11-16
I am currently running Symantec Antivirus Corp Edition version 10 on a Windows 2003R2 Terminal Server.  no other spyware / defender running.  Twice now I have had a users session on the terminal server get infected with one of those "Personal Virus Protection look alikes that wants you to purchase their software to remove their malware.
What would be a good, low resource usage program that I can purchase that will stop these malware's / hijackers from getting on the terminal server from a terminal server session.
0
Comment
Question by:BFanguy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 4

Expert Comment

by:gilget
ID: 24368361
well your best possible way to do this is dont allow IE to access the internet but only your local network on the terminal server.

but if you cant do this for some reason. you can get either www.spywareterminator.com or Spybot S&D (Opensource).
they both have a plugin that will real-time scan the registry for any suspicious thing happening.

personally i would suggest using spywareterminator, cause there the realtime scanner is more simple to understand and handle.
0
 
LVL 13

Expert Comment

by:marine7275
ID: 24368404
I prefer adaware from lavasoft or spysweeper from webroot
0
 
LVL 4

Expert Comment

by:gilget
ID: 24368450
detection rate of lavasoft is not as good as it was once anymore.

;)
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 17

Expert Comment

by:Andres Perales
ID: 24368638
Get a web filter...websense is expensive, but OpenDNS is free...give that a try...
www.opendns.com it will also provide you with stats and the such...as easy as point your clients dns to their servers.
0
 

Author Comment

by:BFanguy
ID: 24368644
Thanks for the comments, but how do these work with Terminal Servers.  i.e. does it load into memory for each different user (sometime i have up to 50 users on one terminal server) or does it load once and monitor as each user accesses the internet.
0
 

Author Comment

by:BFanguy
ID: 24368657
peralesa,  i have cyblock as a proxy / web filter and they still get hijacked...
0
 
LVL 4

Expert Comment

by:gilget
ID: 24368765
well, realy, I would not suggest on using the tools on your termianl sever, cause this has some disadvantages:

1. most of them will be loaded into memory per user
2. users might make a wrong decision on a question of those tools and then a service that you need gets dissallowed.

dont do this

is it realy no possibility for you to turn off INTERNET access on the terminal server?
why would they need it anyway? accessing the INTRANET should be enough, cause they can access the internet on their local machine.
0
 

Author Comment

by:BFanguy
ID: 24368846
no local machine access - thin clients.
0
 
LVL 4

Accepted Solution

by:
gilget earned 500 total points
ID: 24368917
outch.
well then this is gona hurt, believe me.

hmm, you wil need the full package.

get yourself a firewall with a trendmicro module or something similar. this will scan for threads in the code but you also have blacklists etc.... this helps a lot.
also get yourself an antivirus that includes spyware detection.

but realy mate, you will always run into trouble like this- for sure.

0
 

Author Closing Comment

by:BFanguy
ID: 31580690
Thanks for the help
0
 
LVL 4

Expert Comment

by:gilget
ID: 24369114
no offence.
i would realy realy suggest you to turn of INTERNET access. or to limit it to only websites that are realy needed.
if you just open the websites you know and that are trusted, then you should be fine too (not 100% but lets say 99.9%).

all the best
tiz
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
FSRREMOS 7 116
Weird Happening at my office with windows machines/network 16 83
Small office AntiVirus 6 37
Protecting Server 2003 against Ransomware 2 80
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question