Solved

Prevent Fake Anti-Virus & Conduit Apps ?

Posted on 2014-01-22
18
1,014 Views
Last Modified: 2014-01-22
I have a problem win8.1 user in the field who keeps getting malware installed on his pc (like fake antivirus 2013, Optimizer Pro v3.2, Conduit's ValueApps,  MyPC Backup.)

He's surfing with IE11 and his pc is protected (if you can call it that) with the free, integrated Windows antivirus (defender or Microsoft Security Essentials, whatever you call it).

He does not have Java installed.  Though I had uninstalled Adobe's PDF reader, I just discovered he had downloaded and installed it.

I think I'l like to have him surf with Chrome browser, use PDF-Xchange Viewer (instead of Adobe).

Should I switch to a different antivirus product or do none of them protect a stupid user from himself?

In this last incident, instead of going to apple.com to download itunes, he did a google search and clicked on itunes.download-new.com

HELP! What should I do!

Would getting him a MAC be reasonable?  (He's a VIP and has become a terrible support burden).

Is there a solution which will protect him from himself?

I presume that even if he had a mac, he would have merely bypassed the built-in protections of only installing stuff from the mac app store.

Any thoughts would be very much appreciated,

Thanks,
Mike
0
Comment
Question by:mike2401
  • 7
  • 4
  • 3
  • +3
18 Comments
 
LVL 24

Expert Comment

by:aadih
ID: 39800019
Ask him to practice safe browsing habits and install a decent anti-virus solution, such as Avast, AVG, AVira, etc (free Avira is recommended).

Sorry. No technology will prevent him from him. :-(
0
 
LVL 4

Accepted Solution

by:
cornerit earned 200 total points
ID: 39800024
Hi Mike,

Firstly, I'd start with a clean install.

You could check in the registry and analyse the running processes to see if anything is nefarious. However, this is time consuming.

Once you've rebuilt, get him using Chrome. These unwanted apps.. such as Fake antivirus 2013, Optimizer Pro v3.2, Conduit's ValueApps. They are often downloaded as a result of user input.

Macs are expensive and probably a bit overkill.

Plan of action.

Install AdBlocker to block ads on websites which might point to these downloads.
Set the DNS on the machine to something like OpenDNS. They will filter out some of the unwanted sites.
Restrict access rights on the machine. A limited accout with no rights to install software.

From here you can manage installs as Admin rights will be required.

Might I add, these applications are specifically malware. They are pesky, ask for money. Often not containing any malicious code. No amount of Anti Virus will combat them.
0
 
LVL 29

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 200 total points
ID: 39800044
No matter what security measure you take, if User is not educated or cautious enough he would get any of these application installed and would infect the machine.

I would rather recommend that you should have the security software like MalwareBytes installed in the system. If you could buy it for him good, if not it is still OK. Atleast you could scan the system once a week to clean it.
If you buy it, it would give you real time scanning of files and realtime scanning of website his system tries to access or user tries to access.

This would help in minimizing the risk of going to the unwanted websites.

You may want to install it with Trial version and see if that is really helpful in your case.

Sudeep
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 11

Expert Comment

by:Miftaul
ID: 39800046
Its always good to make the user account as non-admin account like a regular user. It will stop unneeded programs from being installed. If anything needs to be installed, we can enter the admin credentials anyways.
0
 

Author Comment

by:mike2401
ID: 39800133
It's the user's home pc.  I had previously made him limited user but it messed up some things (maybe backups - I forget exactly).

If a purchased copy of malwarebytes would prevent installation of "fake antivirus 2013, Optimizer Pro v3.2, Conduit's ValueApps,  MyPC Backup", THAT SOUNDS GREAT!

Is it really protect the user from himself?

Thanks,
Mike
0
 
LVL 11

Assisted Solution

by:Miftaul
Miftaul earned 50 total points
ID: 39800152
No tool can protect the user from himself.

If any specific program messes with limited user, create a RunAS shortcut for that specific application and advise user to use that shortcut to use that specific program.
0
 

Author Comment

by:mike2401
ID: 39800279
For this user (who is the president of our company), the idea of making him limited user and refusing to give him the password doesn't seem like a good idea.

Besides, UAC always seems to pop up at unexpected times, sometimes doing very ordinary things, and he would be handcuffed and frustrated.

Of everything said here, malwarebytes (if it would actually block: "fake antivirus 2013, Optimizer Pro v3.2, Conduit's ValueApps,  MyPC Backup" would be great.  So, what's the consensus on that?  

Thanks,
Mike
0
 
LVL 24

Expert Comment

by:aadih
ID: 39800294
Use Avira (or equivalent) for real-time protection and Malwarebytes Antimalware (free) to cleanup suspected infections.
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39800300
malwarebytes is system resource hungry.
0
 

Author Comment

by:mike2401
ID: 39800333
Though I appreciate your comment @aadih , my whole objective is to avoid malware from getting onto his system in the first place.  I'm not interested in cleanup after.

Mike
0
 
LVL 24

Assisted Solution

by:aadih
aadih earned 50 total points
ID: 39800347
You cannot guarantee that (malware entering into the system). That's the way it is.  

So, use a security software you like (MBAM Pro) and 'hope' for the best.  Since the person is at the top of the 'heap' and is unwilling to change his habits, nothing more you could do I am afraid. :-(
0
 

Author Comment

by:mike2401
ID: 39800353
Thanks everyone.  I'm going to close this question with the most valuable suggestion to use a live anti-malware program.  You'd think that a regular anti-virus might do that, but apparently not.

I will open a separate question asking what's the best anti-malware solution.

Thanks to all !!

Mike
0
 

Author Closing Comment

by:mike2401
ID: 39800362
Thanks everyone!
0
 
LVL 24

Expert Comment

by:aadih
ID: 39800377
FWIW, Malwarebytes Antimalware is not an "outstanding or exceptional" alternative to several other antimalware (antivirus) programs. And there is no 'best' antivirus software.

A suggestion: search Experts-Exchange site first, as you are the not the first (nor the last) to seek an answer, and save yourself some time and effort.
0
 
LVL 27

Expert Comment

by:Thomas Zucker-Scharff
ID: 39800680
Just saw this, and I agree with a lot of what has been said.  But here is my recommendation anyway.

Do a clean Install
Install Malwarebytes Pro
Install WinPatrol Plus and set it up to watch the most important files
If you don't already have a console view - get s/w that allows it so you can monitor the laptop, even if it means using something other than MBAM Pro
Install Comodo Dragon as default browser (acts like chrome, but is slightly better)

MOST Importantly: User Education is necessary otherwise all your efforts will be for naught.  The head of the company should realize this more than anyone else (if the employees do what he is doing you will have a disaster).
0
 

Author Comment

by:mike2401
ID: 39800748
Thanks Thomas.

Education, however, is not an option.  

Exec's tend to care less and be careless because someone else always cleans up the mess :-)
0
 
LVL 27

Expert Comment

by:Thomas Zucker-Scharff
ID: 39801180
I hear that.  My boss is the same way.  I try to keep the most dangerous stuff out of his grasp.  Try using this hosts file:

http://winhelp2002.mvps.org/hosts.htm

You are welcome to use this article:  

http://www.experts-exchange.com/ITPro/IT_Administration/A_2389-A-policy-to-help-you-prevent-malware-infections.html

Note that I have migrated away from Vipre, I am now considering Comodo Endpoint Security with Comodo Endpoint Security Manager (CESM) - free 10 licenses: http://www.comodo.com/business-enterprise/cesm3/index_v2.php.
0
 

Author Comment

by:mike2401
ID: 39801293
Correction: the free version of opendns does NOT support malicious url blocking :-(
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Professional business grade adblocker with central management required 3 86
mysql disables rename 4 71
7 camera surveillance system hacked 6 52
Lightweight Networking 9 43
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question