Solved

Infected again

Posted on 2014-02-03
10
449 Views
Last Modified: 2014-02-03
Hello,
     We my client's computer got infected again!  Probably user error.  I believe it is clean now...MBAM, SAS, Adwcleaner, JRT, RogueKiller, Hitman Pro last MBAM clean.  I could not run ComboFix - Boot Partition cannot be enumerated correctly.  I am working remotely on it so ComboFix is a little hard to monitor.
     What advice do you have for me or what additional information do you need from me?
Thanks,
Mags
0
Comment
Question by:MagsMcKinley14
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 24

Accepted Solution

by:
aadih earned 200 total points
ID: 39831215
If it is clean now, make a restore point. If possible, advise your client to practice safe browsing habits. You can do no more.
0
 
LVL 18

Assisted Solution

by:Netflo
Netflo earned 100 total points
ID: 39831218
1. Get rid of the users local admin rights, again I quote remove admin rights.
2. Next run the Cryptolocker prevention tools via GPO or local script to protect the common areas which get infected. It does a fairly good job for your regular threats too: http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#prevent
3. Get a paid for antivirus solution with realtime scanning / resident shield enabled.

Best of luck!
0
 
LVL 10

Assisted Solution

by:Korbus
Korbus earned 200 total points
ID: 39831220
Sorry, I wont be of any help with the boot partition.

Not sure if this is advice you were looking for...  Re: repeating infections.  

Make sure the user's normal daily account does NOT have administrator access.
Create a separate account for installing software.  (It may be a pain, but's less of a pin than cleaning up after an infection).

I would also recommend AV software that prevents itself being turned off, unless done manually, as administrator.

Upgrading from XP to Win7 would also probably help.
0
 
LVL 24

Assisted Solution

by:aadih
aadih earned 200 total points
ID: 39831232
Sorry: You cannot protect a user from (her)himself. No technology can. It may offer some protection, yes, but cannot defend completely.
0
 
LVL 10

Assisted Solution

by:Korbus
Korbus earned 200 total points
ID: 39831323
>>You cannot protect a user from (her)himself.
While true in the general sense, I disagree with the implication.  

A good admin CAN indeed protect the computer from the average user.  In fact, I'd even say that's a big part of his/her job.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:MagsMcKinley14
ID: 39831390
Thanks everyone for chiming in...it is appreciated!

So if I understand everyone correctly -
At this point, since I have run thorough scans, I will assume the computer is as clean as it can be (without doing a system re-install), restore point has been made.

I will look into the CryptoPrevent Tool mentioned on Bleepingcomputer

It may be a pain to remove her admin rights due to the biofeedback machine attached to it, which is why we haven't updated the operating system.  She may be updating to a new computer and only use this one for biofeedback

If she is going to keep the machine I should add a standard user for her to do her everyday computing

She does have paid internet security - Avast Internet Security...however when she gives something permission, in error, it's not going to protect her

Let me know if I missed anything...thanks again.
Mags
0
 
LVL 24

Expert Comment

by:aadih
ID: 39831393
Let me know if I missed anything. ~Mags

Are you kidding? ;-)  You missed nothing. :-)
0
 

Author Comment

by:MagsMcKinley14
ID: 39831413
Thanks aadih...your support is appreciated!!
Mags
0
 

Author Closing Comment

by:MagsMcKinley14
ID: 39831417
Thank you for your prompt response guys!!
Mags
0
 
LVL 24

Expert Comment

by:aadih
ID: 39831421
Mags, You are too kind. :-)
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now