• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1036
  • Last Modified:

Prevent Fake Anti-Virus & Conduit Apps ?

I have a problem win8.1 user in the field who keeps getting malware installed on his pc (like fake antivirus 2013, Optimizer Pro v3.2, Conduit's ValueApps,  MyPC Backup.)

He's surfing with IE11 and his pc is protected (if you can call it that) with the free, integrated Windows antivirus (defender or Microsoft Security Essentials, whatever you call it).

He does not have Java installed.  Though I had uninstalled Adobe's PDF reader, I just discovered he had downloaded and installed it.

I think I'l like to have him surf with Chrome browser, use PDF-Xchange Viewer (instead of Adobe).

Should I switch to a different antivirus product or do none of them protect a stupid user from himself?

In this last incident, instead of going to apple.com to download itunes, he did a google search and clicked on itunes.download-new.com

HELP! What should I do!

Would getting him a MAC be reasonable?  (He's a VIP and has become a terrible support burden).

Is there a solution which will protect him from himself?

I presume that even if he had a mac, he would have merely bypassed the built-in protections of only installing stuff from the mac app store.

Any thoughts would be very much appreciated,

Thanks,
Mike
0
mike2401
Asked:
mike2401
  • 7
  • 4
  • 3
  • +3
4 Solutions
 
aadihCommented:
Ask him to practice safe browsing habits and install a decent anti-virus solution, such as Avast, AVG, AVira, etc (free Avira is recommended).

Sorry. No technology will prevent him from him. :-(
0
 
corneritCommented:
Hi Mike,

Firstly, I'd start with a clean install.

You could check in the registry and analyse the running processes to see if anything is nefarious. However, this is time consuming.

Once you've rebuilt, get him using Chrome. These unwanted apps.. such as Fake antivirus 2013, Optimizer Pro v3.2, Conduit's ValueApps. They are often downloaded as a result of user input.

Macs are expensive and probably a bit overkill.

Plan of action.

Install AdBlocker to block ads on websites which might point to these downloads.
Set the DNS on the machine to something like OpenDNS. They will filter out some of the unwanted sites.
Restrict access rights on the machine. A limited accout with no rights to install software.

From here you can manage installs as Admin rights will be required.

Might I add, these applications are specifically malware. They are pesky, ask for money. Often not containing any malicious code. No amount of Anti Virus will combat them.
0
 
Sudeep SharmaTechnical DesignerCommented:
No matter what security measure you take, if User is not educated or cautious enough he would get any of these application installed and would infect the machine.

I would rather recommend that you should have the security software like MalwareBytes installed in the system. If you could buy it for him good, if not it is still OK. Atleast you could scan the system once a week to clean it.
If you buy it, it would give you real time scanning of files and realtime scanning of website his system tries to access or user tries to access.

This would help in minimizing the risk of going to the unwanted websites.

You may want to install it with Trial version and see if that is really helpful in your case.

Sudeep
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
MiftaulCommented:
Its always good to make the user account as non-admin account like a regular user. It will stop unneeded programs from being installed. If anything needs to be installed, we can enter the admin credentials anyways.
0
 
mike2401Author Commented:
It's the user's home pc.  I had previously made him limited user but it messed up some things (maybe backups - I forget exactly).

If a purchased copy of malwarebytes would prevent installation of "fake antivirus 2013, Optimizer Pro v3.2, Conduit's ValueApps,  MyPC Backup", THAT SOUNDS GREAT!

Is it really protect the user from himself?

Thanks,
Mike
0
 
MiftaulCommented:
No tool can protect the user from himself.

If any specific program messes with limited user, create a RunAS shortcut for that specific application and advise user to use that shortcut to use that specific program.
0
 
mike2401Author Commented:
For this user (who is the president of our company), the idea of making him limited user and refusing to give him the password doesn't seem like a good idea.

Besides, UAC always seems to pop up at unexpected times, sometimes doing very ordinary things, and he would be handcuffed and frustrated.

Of everything said here, malwarebytes (if it would actually block: "fake antivirus 2013, Optimizer Pro v3.2, Conduit's ValueApps,  MyPC Backup" would be great.  So, what's the consensus on that?  

Thanks,
Mike
0
 
aadihCommented:
Use Avira (or equivalent) for real-time protection and Malwarebytes Antimalware (free) to cleanup suspected infections.
0
 
MiftaulCommented:
malwarebytes is system resource hungry.
0
 
mike2401Author Commented:
Though I appreciate your comment @aadih , my whole objective is to avoid malware from getting onto his system in the first place.  I'm not interested in cleanup after.

Mike
0
 
aadihCommented:
You cannot guarantee that (malware entering into the system). That's the way it is.  

So, use a security software you like (MBAM Pro) and 'hope' for the best.  Since the person is at the top of the 'heap' and is unwilling to change his habits, nothing more you could do I am afraid. :-(
0
 
mike2401Author Commented:
Thanks everyone.  I'm going to close this question with the most valuable suggestion to use a live anti-malware program.  You'd think that a regular anti-virus might do that, but apparently not.

I will open a separate question asking what's the best anti-malware solution.

Thanks to all !!

Mike
0
 
mike2401Author Commented:
Thanks everyone!
0
 
aadihCommented:
FWIW, Malwarebytes Antimalware is not an "outstanding or exceptional" alternative to several other antimalware (antivirus) programs. And there is no 'best' antivirus software.

A suggestion: search Experts-Exchange site first, as you are the not the first (nor the last) to seek an answer, and save yourself some time and effort.
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
Just saw this, and I agree with a lot of what has been said.  But here is my recommendation anyway.

Do a clean Install
Install Malwarebytes Pro
Install WinPatrol Plus and set it up to watch the most important files
If you don't already have a console view - get s/w that allows it so you can monitor the laptop, even if it means using something other than MBAM Pro
Install Comodo Dragon as default browser (acts like chrome, but is slightly better)

MOST Importantly: User Education is necessary otherwise all your efforts will be for naught.  The head of the company should realize this more than anyone else (if the employees do what he is doing you will have a disaster).
0
 
mike2401Author Commented:
Thanks Thomas.

Education, however, is not an option.  

Exec's tend to care less and be careless because someone else always cleans up the mess :-)
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
I hear that.  My boss is the same way.  I try to keep the most dangerous stuff out of his grasp.  Try using this hosts file:

http://winhelp2002.mvps.org/hosts.htm

You are welcome to use this article:  

http://www.experts-exchange.com/ITPro/IT_Administration/A_2389-A-policy-to-help-you-prevent-malware-infections.html

Note that I have migrated away from Vipre, I am now considering Comodo Endpoint Security with Comodo Endpoint Security Manager (CESM) - free 10 licenses: http://www.comodo.com/business-enterprise/cesm3/index_v2.php.
0
 
mike2401Author Commented:
Correction: the free version of opendns does NOT support malicious url blocking :-(
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

  • 7
  • 4
  • 3
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now