Solved

Infected again

Posted on 2014-02-03
10
452 Views
Last Modified: 2014-02-03
Hello,
     We my client's computer got infected again!  Probably user error.  I believe it is clean now...MBAM, SAS, Adwcleaner, JRT, RogueKiller, Hitman Pro last MBAM clean.  I could not run ComboFix - Boot Partition cannot be enumerated correctly.  I am working remotely on it so ComboFix is a little hard to monitor.
     What advice do you have for me or what additional information do you need from me?
Thanks,
Mags
0
Comment
Question by:MagsMcKinley14
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 24

Accepted Solution

by:
aadih earned 200 total points
ID: 39831215
If it is clean now, make a restore point. If possible, advise your client to practice safe browsing habits. You can do no more.
0
 
LVL 18

Assisted Solution

by:Netflo
Netflo earned 100 total points
ID: 39831218
1. Get rid of the users local admin rights, again I quote remove admin rights.
2. Next run the Cryptolocker prevention tools via GPO or local script to protect the common areas which get infected. It does a fairly good job for your regular threats too: http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#prevent
3. Get a paid for antivirus solution with realtime scanning / resident shield enabled.

Best of luck!
0
 
LVL 10

Assisted Solution

by:Korbus
Korbus earned 200 total points
ID: 39831220
Sorry, I wont be of any help with the boot partition.

Not sure if this is advice you were looking for...  Re: repeating infections.  

Make sure the user's normal daily account does NOT have administrator access.
Create a separate account for installing software.  (It may be a pain, but's less of a pin than cleaning up after an infection).

I would also recommend AV software that prevents itself being turned off, unless done manually, as administrator.

Upgrading from XP to Win7 would also probably help.
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 24

Assisted Solution

by:aadih
aadih earned 200 total points
ID: 39831232
Sorry: You cannot protect a user from (her)himself. No technology can. It may offer some protection, yes, but cannot defend completely.
0
 
LVL 10

Assisted Solution

by:Korbus
Korbus earned 200 total points
ID: 39831323
>>You cannot protect a user from (her)himself.
While true in the general sense, I disagree with the implication.  

A good admin CAN indeed protect the computer from the average user.  In fact, I'd even say that's a big part of his/her job.
0
 

Author Comment

by:MagsMcKinley14
ID: 39831390
Thanks everyone for chiming in...it is appreciated!

So if I understand everyone correctly -
At this point, since I have run thorough scans, I will assume the computer is as clean as it can be (without doing a system re-install), restore point has been made.

I will look into the CryptoPrevent Tool mentioned on Bleepingcomputer

It may be a pain to remove her admin rights due to the biofeedback machine attached to it, which is why we haven't updated the operating system.  She may be updating to a new computer and only use this one for biofeedback

If she is going to keep the machine I should add a standard user for her to do her everyday computing

She does have paid internet security - Avast Internet Security...however when she gives something permission, in error, it's not going to protect her

Let me know if I missed anything...thanks again.
Mags
0
 
LVL 24

Expert Comment

by:aadih
ID: 39831393
Let me know if I missed anything. ~Mags

Are you kidding? ;-)  You missed nothing. :-)
0
 

Author Comment

by:MagsMcKinley14
ID: 39831413
Thanks aadih...your support is appreciated!!
Mags
0
 

Author Closing Comment

by:MagsMcKinley14
ID: 39831417
Thank you for your prompt response guys!!
Mags
0
 
LVL 24

Expert Comment

by:aadih
ID: 39831421
Mags, You are too kind. :-)
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question