XP Anti-Spyware 2011.  How does it get in?

Tiras25
Tiras25 used Ask the Experts™
on
I have no admin privileges to any local workstation for my cliens.  Also McAfee AV is up to date.  How does this thing gets in?  I already got 3-4 users infected.  Luckily malawarebytes easily removes it.

Still wondering what can be improved.  Better antivirus antispyware solution?  UPdate more frequently?

Please advice.  Thanks!!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Author of the Year 2011
Top Expert 2006
Commented:
You need more than just Malwarebytes to remove this properly (http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011).

MBAM does do a great job of cleaning - but an even better job of preventing.
Buy your users the Pro version and most of your malware problems will be gone.

They also have an Enterprise version - or multiple licenses with one purchase to save you money.

http://www.experts-exchange.com/A_1958.html (MALWARE - "An Ounce of Prevention...")
Commented:
Second the pro version of malwarebyes, on the few clients I have who also have this, works well.  

As for getting in, generally vulernabilities on the IE is where it comes in whiel they are surfing the net.  Nearly all of my infections are after people stated "they were looking for "something" on google.".  (the last few who do not, just lie and say, I only use it for work!).  In any case, even a fully patched machine will still get these once in a while, but it will lower the instances of it.

Author

Commented:
Thank you.  So the Pro version will always run just like a normal AV?  Do I still need to run McAfee AV on the users machines?
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Commented:
Yes, the pro version runs always like normal AV, and yes, Malwarebytes does not run scan against emails and standard downloads

Author

Commented:
I was also curious how does it get it even if no local Admin privileges.  For years its been preventing and now not anymore..
Commented:
Admin issue will just prevent the user from infecting all users.  Many of the virus authors have this in mind and do things to either artifically elevate a process or application to admin access to change the host file, redirect, modify system files, or will just infect the single user since they will have full rights to their own profile settings and registry for the "current user".  You will often find that the admin account was never used, or if the admin account has no password, a run as command was allowed by the os.

Author

Commented:
So that's my point.  The users doesn't have full rights to their own profile.  So they cannot change settings, registry, etc..
Commented:
They have to have rights.  What they usually do not have are rights to other profiles, system files etc.  If they did not have rights to their own profiles, other things would break, like history of apps, saving to their my docs, application settings and changes, etc. For example, if they had zero rights, they would not be able to set their home pages in IE, see their history of visited files, the start menu custimizations like last opened application or document, etc.  WIthin the registry, they generally have access to their own profile only, since this is where this information is held, and their own application data folder in their profile as where most of their custimization is stored.  
Author of the Year 2011
Top Expert 2006
Commented:
One of the common steps a Tech will make (mistakenly) is to create a new profile and copy all of the old user data over.

The new profile isn't infected (yet), so things seem to work pretty well...until the user starts going back to places he shouldn't be going.

As I state in some of my Articles, I've been using the MSE+MBAM combination for over a year with my customers (most of whom have only Admin accounts) and not one has been infected - yet.

The 24/7 "on-access" protection of MBAM-Pro is about the best you can get, but make sure you use the layered approach I describe here:
http://www.experts-exchange.com/A_1958.html (MALWARE - "An Ounce of Prevention...")

Author

Commented:
Thanks tsaico  and thanks younghv.   Very good article for home and small business users. I will take it into the consideration.

Thanks!
Just want to add that this issue isn't confined to IE.  I have users running Firefox who have had the same thing happen.
Author of the Year 2011
Top Expert 2006
Commented:
@Tiras25,
I'm not sure what your comment means: "I will take it into the consideration."

It appears as though your question has been asked and answered - and if so you need to close it out.

You currently have 14 open questions, which is a real concern to those of us deciding which questions we will try to help solve.

Author

Commented:
Yes the question has been answered.  I will close is out ASAP.  

Sorry about that!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial