Solved

Infected again

Posted on 2014-02-03
10
450 Views
Last Modified: 2014-02-03
Hello,
     We my client's computer got infected again!  Probably user error.  I believe it is clean now...MBAM, SAS, Adwcleaner, JRT, RogueKiller, Hitman Pro last MBAM clean.  I could not run ComboFix - Boot Partition cannot be enumerated correctly.  I am working remotely on it so ComboFix is a little hard to monitor.
     What advice do you have for me or what additional information do you need from me?
Thanks,
Mags
0
Comment
Question by:MagsMcKinley14
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 24

Accepted Solution

by:
aadih earned 200 total points
ID: 39831215
If it is clean now, make a restore point. If possible, advise your client to practice safe browsing habits. You can do no more.
0
 
LVL 18

Assisted Solution

by:Netflo
Netflo earned 100 total points
ID: 39831218
1. Get rid of the users local admin rights, again I quote remove admin rights.
2. Next run the Cryptolocker prevention tools via GPO or local script to protect the common areas which get infected. It does a fairly good job for your regular threats too: http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#prevent
3. Get a paid for antivirus solution with realtime scanning / resident shield enabled.

Best of luck!
0
 
LVL 10

Assisted Solution

by:Korbus
Korbus earned 200 total points
ID: 39831220
Sorry, I wont be of any help with the boot partition.

Not sure if this is advice you were looking for...  Re: repeating infections.  

Make sure the user's normal daily account does NOT have administrator access.
Create a separate account for installing software.  (It may be a pain, but's less of a pin than cleaning up after an infection).

I would also recommend AV software that prevents itself being turned off, unless done manually, as administrator.

Upgrading from XP to Win7 would also probably help.
0
 
LVL 24

Assisted Solution

by:aadih
aadih earned 200 total points
ID: 39831232
Sorry: You cannot protect a user from (her)himself. No technology can. It may offer some protection, yes, but cannot defend completely.
0
 
LVL 10

Assisted Solution

by:Korbus
Korbus earned 200 total points
ID: 39831323
>>You cannot protect a user from (her)himself.
While true in the general sense, I disagree with the implication.  

A good admin CAN indeed protect the computer from the average user.  In fact, I'd even say that's a big part of his/her job.
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:MagsMcKinley14
ID: 39831390
Thanks everyone for chiming in...it is appreciated!

So if I understand everyone correctly -
At this point, since I have run thorough scans, I will assume the computer is as clean as it can be (without doing a system re-install), restore point has been made.

I will look into the CryptoPrevent Tool mentioned on Bleepingcomputer

It may be a pain to remove her admin rights due to the biofeedback machine attached to it, which is why we haven't updated the operating system.  She may be updating to a new computer and only use this one for biofeedback

If she is going to keep the machine I should add a standard user for her to do her everyday computing

She does have paid internet security - Avast Internet Security...however when she gives something permission, in error, it's not going to protect her

Let me know if I missed anything...thanks again.
Mags
0
 
LVL 24

Expert Comment

by:aadih
ID: 39831393
Let me know if I missed anything. ~Mags

Are you kidding? ;-)  You missed nothing. :-)
0
 

Author Comment

by:MagsMcKinley14
ID: 39831413
Thanks aadih...your support is appreciated!!
Mags
0
 

Author Closing Comment

by:MagsMcKinley14
ID: 39831417
Thank you for your prompt response guys!!
Mags
0
 
LVL 24

Expert Comment

by:aadih
ID: 39831421
Mags, You are too kind. :-)
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now