[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 517
  • Last Modified:

Combofix fixed the problem - how do I keep it fixed?

I often get a call from a client where I assume they have gone onto the wrong website and picked up an infection - the legimate sounding pop ups that tell you the computer is badly infected and you need to download their software.

I have always used Combofix to resolve this and up to now, it has never let me down. It takes longer than some, up to 30 minutes, but it works.

As I mentioned, I believe this has been a result of going onto an infected website, although I doubt they would admit to opening a dodgy email attachment.

Am I corrected in believing they have become infected this way? Are there any good solutions to avoiding these infections, warning if the website is infected, that don't cost the earth?

Thanks for any ideas.
0
mikeabc27
Asked:
mikeabc27
  • 10
  • 8
  • 8
  • +1
2 Solutions
 
KOTiSCommented:
Use a good antivirus - Microsoft Security Essentials is very good and free,,,

Install Firefox as the default browser and use K9 for extra security

http://www1.k9webprotection.com/
0
 
rpggamergirlCommented:

"the legimate sounding pop ups that tell you the computer is badly infected and you need to download their software."

The above descirption of infection are usually belonging to rogue family, also called ransomware, scareware or fake security programs which give the user fake reports that the system is infected so the user will download and pay for their programs to fix the non-existent problem.


Best program for these is MalwareBytes with real-time protection, though it's not 100% protection as your PC could still get infected, but everything considered (Windows Updates, programs updated, and user education) you should have better chances of not getting infected.

MalwareBytes:
Malwarebytes http://www.malwarebytes.org/mbam-download.php
0
 
rpggamergirlCommented:
"I have always used Combofix to resolve this and up to now, it has never let me down."

ComboFix is an excellent tool but it sometimes need user input to cleanup some infections, that's what it's script function is for.
ComboFix will only remove bad files/reg entries that it recognized or that are in its database, often times we need to run a script to remove bad files that aren't removed in its first run.


"although I doubt they would admit to opening a dodgy email attachment."

System can now get infected in many different ways... users no longer have to open attachments or click on any links to get infected. Malware have found many ways to get into the system... malware install can even hide behind a fake blue screen of death. When the user visits an infected or hacked webpage the system can get infected even if the user doesn't click on anything on that page.
When visiting an infected site the resident AV should give a warning anyway though it won't always be able to stop it.
Every little thing counts in the overall protection of the system, not one single program can protect the system 100%.
MalwareBytes is the best one for rogues/fake security apps, but it alone can't protect the system either.
One rogue was able to get in while MalwareBytes Pro was protecting my system.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
younghvCommented:
We have some good EE Articles published that will provide a lot more information than we could type (re-type) here.

Please have a look through and post follow up questions either here or in the comments sections of the articles.


http://www.experts-exchange.com/A_1958.html (MALWARE - "An Ounce of Prevention...")
http://www.experts-exchange.com/A_1940.html (Basic Malware Troubleshooting)

THINGS YOU NEED TO DO WHEN YOUR PC IS INFECTED:
http://www.experts-exchange.com/A_1979.html

HijackThis - Some Tips & Tricks:
http://www.experts-exchange.com/A_2963.html
0
 
mikeabc27Author Commented:
Thanks Kotis, but this PC was running Microsoft Security Essentials with Firefox as it's default browser.

Thanks Rpggamergirl - I'll try mbam with one other AV like McAfee or Symantec and see if that works.

Younghv, I'll check out the articles. Many thanks.

0
 
KOTiSCommented:
mike you missed my recommendation for K9 which is an excellent protection software and completely free

http://www1.k9webprotection.com/

All other option you mention (mbam, mcaffe etc) are not free.
0
 
younghvCommented:
Malwarebytes (MBAM) is most definitely free - for personal or one-time trouble-shooting use.

There is a paid version (which I highly recommend), but the ONLY difference is the configuration for auto-updating/scanning.

As noted, MSE is also free - and also provides 24/7 on-access protection.
I would definitely NOT recommend going to any paid version instead of MSE.
0
 
KOTiSCommented:
Malwarebytes is free when you only need to scan your system or files manually. If you need automatic protection you have to pay for the full version.
0
 
mikeabc27Author Commented:
Thanks KOTiS I'll check out K9. All the computers I deal with already have McAfee, Symantec or, with this group only, MSE. I was going to add Malwarebytes, which I thought was free - obviously not to have on permanently.
0
 
younghvCommented:
Good comparision of the two versions of Malwarebytes.
http://www.malwarebytes.org/products/malwarebytes_free

@mikeabc27 -
If your clients are not simple 'home users', then K9 is not an appropriate product.

More info here:
http://www1.k9webprotection.com/corporate-overview and here:
http://www.bluecoat.com/

In general, the various protection applications are not offered for free in any business/enterprise environment.

Note: MSE is free only up to a maximum of 10 computers in any business environment - above that and you have to upgrade. Details available if you need them.
0
 
mikeabc27Author Commented:
They have to generate income like all of us. Not looking for a free solution just something inexpensive for my client like malwarebytes which after checking wasn't costly.
0
 
mikeabc27Author Commented:
Will Malwarebytes Pro work with the existing AV software or does it need to work alone/works better alone?
0
 
younghvCommented:
One HUGE benefit to the Corporate license (other than cheap and effective) is that they have a 24/7 hot line you or your clients can call for help.

On a typical day, the MBAM staff will update their definition files 5-6 times. I set my auto-updates for "Hourly", plus daily scans for the middle of the night.

In over a year of installing the MSE/MBAM combination for my customers, I have not yet (knock on wood) had any infections.
0
 
younghvCommented:
"Will Malwarebytes Pro work with the existing AV software or does it need to work alone/works better alone?"

Good question.

The only AV solution I have had a problem with has been AVG, and I can't figure out why. It has historically played well with others.

I know personally that it works fine with AVAST, McAfee, and MSE.

Of course, Symantec/Norton products can be problematic in many situations - but I always replace them with something else.

MBAM is NOT a replacement for your basic AV protection - it is an adjunct that focuses on a variety of malware.
0
 
KOTiSCommented:
Malwarebytes is one more resident scanning solution like the ones you are already using. All of them have strengths and weaknesses and none of them offer complete protection. I believe it's better to have different layers of protection - one in the browser and one resident in the system. Browser protection works differently, by blocking suspicious sites and do not run when you don't need them,
0
 
mikeabc27Author Commented:
Both your points have been taken, sorry I was thinking of mbam as an AV solution instead of what it is. Like you say Symantec/Norton don't want anyone else getting in it's way, so that leave McAfee/MSE - the latter I use mainly on smaller P2P networks.

What about main AV + mbam pro + K9 as the combined costs of the additional products on a business basis is very good value?
0
 
KOTiSCommented:
As you increase the number of scanning engines, your systems will need more memory and system resources to accomplish daily tasks. It's better to stick to using as less resident software as possible and also train users on how to protect themselves and their valuable data.
0
 
younghvCommented:
I try to be careful to only comment on things I have personal knowledge of.
I've never used K9 - never heard of it, in fact.

What I do know is that the basics I describe in the Articles works for me and my customers.

"Layered" protection is always best, since you have more defense against a variety of attacks.

What I would NOT do is install duplicating applications.

MSE+MBAM is my only recommendation.

MBAM will also work with McAfee, but McAfee has built in so many additional features over the past few years that I don't recommend it any more.
0
 
mikeabc27Author Commented:
Thanks guys, I'll check it out tonight and reply tomorrow.
0
 
rpggamergirlCommented:
K9 is good for home users who wants to protect their children from internet junks etc, but for clients who don't have children then they're probably better off just using a customized Hosts file or using SpywareBlaster to block unwanted sites.
http://www.javacoolsoftware.com/spywareblaster.html

SpywareBlaster, doesn't need to be running in the background to protect the system so doesn't need any resources. Whereas K9 users can experience problems accessing some legit sites, specially using google images. There's also some downside when all pages you want to access has to pass K9 web servers.
0
 
mikeabc27Author Commented:
Sorry for delay in getting back, I was just with a sick server all day yesterday and didn't get back till very late,

As you point out the more I install, the slower things become.

What about main A/V (not Symantec group) plus Malwarebytes Pro plus Spyblaster - will the mbam slow the system?  
0
 
KOTiSCommented:
If you insist using more than one resident solution, then use only the Microsoft and Malwarebytes Pro combo.

You can also use Web of Trust (http://www.mywot.com/) so your clients will be warned about fraud untrusted websites...
0
 
rpggamergirlCommented:
"will the mbam slow the system?"  

No, it shouldn't, I used it with Avast on my desktop and the system is doing fine, The desktop only has 512mb RAM(it's ancient). I also have Mbam Pro with MSE on the laptop(2 gb RAM) and the system is also running great.

SpywareBlaster is good, it's a passive protection so no running process/no cpu and memory usage. Just check for updates regularly and enable all protection.
0
 
mikeabc27Author Commented:
I've set up MSE and SpywareBlaster on a test system. I ran SpywareBlaster after CCleaner and it still found a lot.

Bearing in mind Kotis' comments that I was going OTT, what do you feel adding Mbam Pro would bring to the party?
0
 
younghvCommented:
MBAM = active protection, SpywareBlaster = passive protection.

You are light years ahead to prevent infections than to try to remove them.
0
 
rpggamergirlCommented:
"I ran SpywareBlaster after CCleaner and it still found a lot."

You mean MSE found a lot?
SpywareBlaster is not a scanner but a protection against activex based malware that work very similar to Spybot's immunize feature.
0
 
KOTiSCommented:
MBAM, SpywareBlaster and CCleaner are not resident / active protection software so there is no problem if you keep them installed. If you are going to use MBAM Pro, then it's safe to use it along SpywareBlaster and CCleaner. You can also keep MS antispyware installed together with mbam pro.
0
 
younghvCommented:
KOTis -
Would explain this comment?
"You can also keep MS antispyware installed together with mbam pro."

What is MS antispyware?
0
 
KOTiSCommented:
Sorry, it's microsoft security essentials...
0
 
mikeabc27Author Commented:
Many thanks for your further help.

You mean MSE found a lot?

I didn't explain that very well. When I clicked your link to spyblaster, I went onto download.com and as usual was pointed to a premium site, instead of the one you want. I didn't notice and downloaded/installed it. It was some rubbishy reg cleaner, which found 472 errors (99% harmless from what I could see) and cleaned 100 and asked for money to clean the other 372. I immediately removed it, rebooted, ran ccleaner which found 400+ errors and I cleaned these, rebooted, then installed spyblaster but this also found around 250+ errrors.

0
 
rpggamergirlCommented:
"rebooted, then installed spyblaster but this also found around 250+ errrors."


Sorry for the mix up.
SpywareBlaster that I suggested is not a scanner...and it is from Javacool Software. http://www.javacoolsoftware.com/sbdownload_free.html


What you downloaded is SpyBlaster, some unknown probably rogue program.
Please remove Spyblaster .
0
 
mikeabc27Author Commented:
Many thanks, going with Mnam Pro and Spyblaster on top of main a/v.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 10
  • 8
  • 8
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now