Solved

Infected again

Posted on 2014-02-03
10
451 Views
Last Modified: 2014-02-03
Hello,
     We my client's computer got infected again!  Probably user error.  I believe it is clean now...MBAM, SAS, Adwcleaner, JRT, RogueKiller, Hitman Pro last MBAM clean.  I could not run ComboFix - Boot Partition cannot be enumerated correctly.  I am working remotely on it so ComboFix is a little hard to monitor.
     What advice do you have for me or what additional information do you need from me?
Thanks,
Mags
0
Comment
Question by:MagsMcKinley14
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 24

Accepted Solution

by:
aadih earned 200 total points
ID: 39831215
If it is clean now, make a restore point. If possible, advise your client to practice safe browsing habits. You can do no more.
0
 
LVL 18

Assisted Solution

by:Netflo
Netflo earned 100 total points
ID: 39831218
1. Get rid of the users local admin rights, again I quote remove admin rights.
2. Next run the Cryptolocker prevention tools via GPO or local script to protect the common areas which get infected. It does a fairly good job for your regular threats too: http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#prevent
3. Get a paid for antivirus solution with realtime scanning / resident shield enabled.

Best of luck!
0
 
LVL 10

Assisted Solution

by:Korbus
Korbus earned 200 total points
ID: 39831220
Sorry, I wont be of any help with the boot partition.

Not sure if this is advice you were looking for...  Re: repeating infections.  

Make sure the user's normal daily account does NOT have administrator access.
Create a separate account for installing software.  (It may be a pain, but's less of a pin than cleaning up after an infection).

I would also recommend AV software that prevents itself being turned off, unless done manually, as administrator.

Upgrading from XP to Win7 would also probably help.
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 24

Assisted Solution

by:aadih
aadih earned 200 total points
ID: 39831232
Sorry: You cannot protect a user from (her)himself. No technology can. It may offer some protection, yes, but cannot defend completely.
0
 
LVL 10

Assisted Solution

by:Korbus
Korbus earned 200 total points
ID: 39831323
>>You cannot protect a user from (her)himself.
While true in the general sense, I disagree with the implication.  

A good admin CAN indeed protect the computer from the average user.  In fact, I'd even say that's a big part of his/her job.
0
 

Author Comment

by:MagsMcKinley14
ID: 39831390
Thanks everyone for chiming in...it is appreciated!

So if I understand everyone correctly -
At this point, since I have run thorough scans, I will assume the computer is as clean as it can be (without doing a system re-install), restore point has been made.

I will look into the CryptoPrevent Tool mentioned on Bleepingcomputer

It may be a pain to remove her admin rights due to the biofeedback machine attached to it, which is why we haven't updated the operating system.  She may be updating to a new computer and only use this one for biofeedback

If she is going to keep the machine I should add a standard user for her to do her everyday computing

She does have paid internet security - Avast Internet Security...however when she gives something permission, in error, it's not going to protect her

Let me know if I missed anything...thanks again.
Mags
0
 
LVL 24

Expert Comment

by:aadih
ID: 39831393
Let me know if I missed anything. ~Mags

Are you kidding? ;-)  You missed nothing. :-)
0
 

Author Comment

by:MagsMcKinley14
ID: 39831413
Thanks aadih...your support is appreciated!!
Mags
0
 

Author Closing Comment

by:MagsMcKinley14
ID: 39831417
Thank you for your prompt response guys!!
Mags
0
 
LVL 24

Expert Comment

by:aadih
ID: 39831421
Mags, You are too kind. :-)
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question