Solved

Prevent Fake Anti-Virus & Conduit Apps ?

Posted on 2014-01-22
18
1,007 Views
Last Modified: 2014-01-22
I have a problem win8.1 user in the field who keeps getting malware installed on his pc (like fake antivirus 2013, Optimizer Pro v3.2, Conduit's ValueApps,  MyPC Backup.)

He's surfing with IE11 and his pc is protected (if you can call it that) with the free, integrated Windows antivirus (defender or Microsoft Security Essentials, whatever you call it).

He does not have Java installed.  Though I had uninstalled Adobe's PDF reader, I just discovered he had downloaded and installed it.

I think I'l like to have him surf with Chrome browser, use PDF-Xchange Viewer (instead of Adobe).

Should I switch to a different antivirus product or do none of them protect a stupid user from himself?

In this last incident, instead of going to apple.com to download itunes, he did a google search and clicked on itunes.download-new.com

HELP! What should I do!

Would getting him a MAC be reasonable?  (He's a VIP and has become a terrible support burden).

Is there a solution which will protect him from himself?

I presume that even if he had a mac, he would have merely bypassed the built-in protections of only installing stuff from the mac app store.

Any thoughts would be very much appreciated,

Thanks,
Mike
0
Comment
Question by:mike2401
  • 7
  • 4
  • 3
  • +3
18 Comments
 
LVL 24

Expert Comment

by:aadih
ID: 39800019
Ask him to practice safe browsing habits and install a decent anti-virus solution, such as Avast, AVG, AVira, etc (free Avira is recommended).

Sorry. No technology will prevent him from him. :-(
0
 
LVL 4

Accepted Solution

by:
cornerit earned 200 total points
ID: 39800024
Hi Mike,

Firstly, I'd start with a clean install.

You could check in the registry and analyse the running processes to see if anything is nefarious. However, this is time consuming.

Once you've rebuilt, get him using Chrome. These unwanted apps.. such as Fake antivirus 2013, Optimizer Pro v3.2, Conduit's ValueApps. They are often downloaded as a result of user input.

Macs are expensive and probably a bit overkill.

Plan of action.

Install AdBlocker to block ads on websites which might point to these downloads.
Set the DNS on the machine to something like OpenDNS. They will filter out some of the unwanted sites.
Restrict access rights on the machine. A limited accout with no rights to install software.

From here you can manage installs as Admin rights will be required.

Might I add, these applications are specifically malware. They are pesky, ask for money. Often not containing any malicious code. No amount of Anti Virus will combat them.
0
 
LVL 29

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 200 total points
ID: 39800044
No matter what security measure you take, if User is not educated or cautious enough he would get any of these application installed and would infect the machine.

I would rather recommend that you should have the security software like MalwareBytes installed in the system. If you could buy it for him good, if not it is still OK. Atleast you could scan the system once a week to clean it.
If you buy it, it would give you real time scanning of files and realtime scanning of website his system tries to access or user tries to access.

This would help in minimizing the risk of going to the unwanted websites.

You may want to install it with Trial version and see if that is really helpful in your case.

Sudeep
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39800046
Its always good to make the user account as non-admin account like a regular user. It will stop unneeded programs from being installed. If anything needs to be installed, we can enter the admin credentials anyways.
0
 

Author Comment

by:mike2401
ID: 39800133
It's the user's home pc.  I had previously made him limited user but it messed up some things (maybe backups - I forget exactly).

If a purchased copy of malwarebytes would prevent installation of "fake antivirus 2013, Optimizer Pro v3.2, Conduit's ValueApps,  MyPC Backup", THAT SOUNDS GREAT!

Is it really protect the user from himself?

Thanks,
Mike
0
 
LVL 11

Assisted Solution

by:Miftaul
Miftaul earned 50 total points
ID: 39800152
No tool can protect the user from himself.

If any specific program messes with limited user, create a RunAS shortcut for that specific application and advise user to use that shortcut to use that specific program.
0
 

Author Comment

by:mike2401
ID: 39800279
For this user (who is the president of our company), the idea of making him limited user and refusing to give him the password doesn't seem like a good idea.

Besides, UAC always seems to pop up at unexpected times, sometimes doing very ordinary things, and he would be handcuffed and frustrated.

Of everything said here, malwarebytes (if it would actually block: "fake antivirus 2013, Optimizer Pro v3.2, Conduit's ValueApps,  MyPC Backup" would be great.  So, what's the consensus on that?  

Thanks,
Mike
0
 
LVL 24

Expert Comment

by:aadih
ID: 39800294
Use Avira (or equivalent) for real-time protection and Malwarebytes Antimalware (free) to cleanup suspected infections.
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39800300
malwarebytes is system resource hungry.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:mike2401
ID: 39800333
Though I appreciate your comment @aadih , my whole objective is to avoid malware from getting onto his system in the first place.  I'm not interested in cleanup after.

Mike
0
 
LVL 24

Assisted Solution

by:aadih
aadih earned 50 total points
ID: 39800347
You cannot guarantee that (malware entering into the system). That's the way it is.  

So, use a security software you like (MBAM Pro) and 'hope' for the best.  Since the person is at the top of the 'heap' and is unwilling to change his habits, nothing more you could do I am afraid. :-(
0
 

Author Comment

by:mike2401
ID: 39800353
Thanks everyone.  I'm going to close this question with the most valuable suggestion to use a live anti-malware program.  You'd think that a regular anti-virus might do that, but apparently not.

I will open a separate question asking what's the best anti-malware solution.

Thanks to all !!

Mike
0
 

Author Closing Comment

by:mike2401
ID: 39800362
Thanks everyone!
0
 
LVL 24

Expert Comment

by:aadih
ID: 39800377
FWIW, Malwarebytes Antimalware is not an "outstanding or exceptional" alternative to several other antimalware (antivirus) programs. And there is no 'best' antivirus software.

A suggestion: search Experts-Exchange site first, as you are the not the first (nor the last) to seek an answer, and save yourself some time and effort.
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 39800680
Just saw this, and I agree with a lot of what has been said.  But here is my recommendation anyway.

Do a clean Install
Install Malwarebytes Pro
Install WinPatrol Plus and set it up to watch the most important files
If you don't already have a console view - get s/w that allows it so you can monitor the laptop, even if it means using something other than MBAM Pro
Install Comodo Dragon as default browser (acts like chrome, but is slightly better)

MOST Importantly: User Education is necessary otherwise all your efforts will be for naught.  The head of the company should realize this more than anyone else (if the employees do what he is doing you will have a disaster).
0
 

Author Comment

by:mike2401
ID: 39800748
Thanks Thomas.

Education, however, is not an option.  

Exec's tend to care less and be careless because someone else always cleans up the mess :-)
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 39801180
I hear that.  My boss is the same way.  I try to keep the most dangerous stuff out of his grasp.  Try using this hosts file:

http://winhelp2002.mvps.org/hosts.htm

You are welcome to use this article:  

http://www.experts-exchange.com/ITPro/IT_Administration/A_2389-A-policy-to-help-you-prevent-malware-infections.html

Note that I have migrated away from Vipre, I am now considering Comodo Endpoint Security with Comodo Endpoint Security Manager (CESM) - free 10 licenses: http://www.comodo.com/business-enterprise/cesm3/index_v2.php.
0
 

Author Comment

by:mike2401
ID: 39801293
Correction: the free version of opendns does NOT support malicious url blocking :-(
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now