Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Infected again

Posted on 2014-02-03
10
Medium Priority
?
460 Views
Last Modified: 2014-02-03
Hello,
     We my client's computer got infected again!  Probably user error.  I believe it is clean now...MBAM, SAS, Adwcleaner, JRT, RogueKiller, Hitman Pro last MBAM clean.  I could not run ComboFix - Boot Partition cannot be enumerated correctly.  I am working remotely on it so ComboFix is a little hard to monitor.
     What advice do you have for me or what additional information do you need from me?
Thanks,
Mags
0
Comment
Question by:Mags
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 24

Accepted Solution

by:
aadih earned 800 total points
ID: 39831215
If it is clean now, make a restore point. If possible, advise your client to practice safe browsing habits. You can do no more.
0
 
LVL 18

Assisted Solution

by:Netflo
Netflo earned 400 total points
ID: 39831218
1. Get rid of the users local admin rights, again I quote remove admin rights.
2. Next run the Cryptolocker prevention tools via GPO or local script to protect the common areas which get infected. It does a fairly good job for your regular threats too: http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#prevent
3. Get a paid for antivirus solution with realtime scanning / resident shield enabled.

Best of luck!
0
 
LVL 10

Assisted Solution

by:Korbus
Korbus earned 800 total points
ID: 39831220
Sorry, I wont be of any help with the boot partition.

Not sure if this is advice you were looking for...  Re: repeating infections.  

Make sure the user's normal daily account does NOT have administrator access.
Create a separate account for installing software.  (It may be a pain, but's less of a pin than cleaning up after an infection).

I would also recommend AV software that prevents itself being turned off, unless done manually, as administrator.

Upgrading from XP to Win7 would also probably help.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 24

Assisted Solution

by:aadih
aadih earned 800 total points
ID: 39831232
Sorry: You cannot protect a user from (her)himself. No technology can. It may offer some protection, yes, but cannot defend completely.
0
 
LVL 10

Assisted Solution

by:Korbus
Korbus earned 800 total points
ID: 39831323
>>You cannot protect a user from (her)himself.
While true in the general sense, I disagree with the implication.  

A good admin CAN indeed protect the computer from the average user.  In fact, I'd even say that's a big part of his/her job.
0
 

Author Comment

by:Mags
ID: 39831390
Thanks everyone for chiming in...it is appreciated!

So if I understand everyone correctly -
At this point, since I have run thorough scans, I will assume the computer is as clean as it can be (without doing a system re-install), restore point has been made.

I will look into the CryptoPrevent Tool mentioned on Bleepingcomputer

It may be a pain to remove her admin rights due to the biofeedback machine attached to it, which is why we haven't updated the operating system.  She may be updating to a new computer and only use this one for biofeedback

If she is going to keep the machine I should add a standard user for her to do her everyday computing

She does have paid internet security - Avast Internet Security...however when she gives something permission, in error, it's not going to protect her

Let me know if I missed anything...thanks again.
Mags
0
 
LVL 24

Expert Comment

by:aadih
ID: 39831393
Let me know if I missed anything. ~Mags

Are you kidding? ;-)  You missed nothing. :-)
0
 

Author Comment

by:Mags
ID: 39831413
Thanks aadih...your support is appreciated!!
Mags
0
 

Author Closing Comment

by:Mags
ID: 39831417
Thank you for your prompt response guys!!
Mags
0
 
LVL 24

Expert Comment

by:aadih
ID: 39831421
Mags, You are too kind. :-)
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Loops Section Overview
Suggested Courses

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question