Solved

Conduit and other pesky malware

Posted on 2014-02-26
14
401 Views
Last Modified: 2014-05-11
Almost every week one of our BYOD users manages to get a Malware intrusion by Conduit, Rocket Fuel, FLV or other browser re-directors or pop-up controllers.  Currently there appears to be about six of these things that are prevalent.

I've tried recommending MS Security Essentials, Vipre anti-virus, BitDefender, McAfee, Symantic and other prevention tools yet nothing seems to be able to fully prevent this stuff.

Surfright's Hitman Pro is an excellent "2nd line" removal tool but I'd like to prevent intrusion in the first place.

I'd like to hear how others have dealt with preventing these problems as removing them can be very time consuming.
0
Comment
Question by:DesertDawg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +2
14 Comments
 
LVL 19

Assisted Solution

by:*** Hopeleonie ***
*** Hopeleonie *** earned 250 total points
ID: 39890027
Have you tried to recommend  MS Security Essentials and Malwarebytes Anti-Malware Pro (one time fee of $24.95)?

I personally use Panda Cloud Antivirus Pro and Malwarebytes Anti-Malware Pro.

But note no security product can give you a 100% garantie. You also need to educate your users...
0
 
LVL 26

Accepted Solution

by:
Thomas Zucker-Scharff earned 250 total points
ID: 39890042
What kind of devices are they bringing?  The answer depends on how far you can go and how far you want to go in restricting usage.  If it is a windows machine (laptop) you can use WINSelect from Faronics to mimic what SteadyState used to do for XP.  But be forewarned that the WINSelect component of Faronics is the nastiest if you want to get it off the device.

I image you shaking your head and saying you can't restrict the users' own machines  (as they are BYOD - but if they bring them into the workplace, they fall under your purview), in this case I recommend the following:

MVPS hosts file installed on all machines (FREE)
MBAM Pro (24.95 for a lifetime license) installed alongside any AV sofware
AV/AM software that has AWL (Application White Listing) capabilities (Comodo Endpoint Security - 60day/600 user trial is an excellent choice) (FREE to try)
WinPatrol Plus to monitor various files (29.95 for a lifetime license)
0
 

Author Comment

by:DesertDawg
ID: 39890044
I agree about educating the users but many are women who seem to spend a considerable amount of time on shopping sites.....in their own time, I presume.

I might give Panda Cloud a try.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 39890052
SOPHOS says that approximately 80-85% of infections are due to driveby infections, many from perfectly valid websites.  Beware of malvertising.
0
 
LVL 19

Expert Comment

by:*** Hopeleonie ***
ID: 39890065
Panda alone is not enough!
You need Panda Cloud Antivirus Pro and Malwarebytes Anti-Malware Pro (both).
0
 

Author Comment

by:DesertDawg
ID: 39890081
Thanks guys.  Anybody had experience with Bullguard?

The BYOD units are primarily Windows notebooks and various cell 'phones.  The laptops are the biggest problem.
0
 
LVL 19

Expert Comment

by:*** Hopeleonie ***
ID: 39890091
Anybody had experience with Bullguard?
Yes I and would not recommend it!
0
 

Author Comment

by:DesertDawg
ID: 39890116
O.K!
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39890143
The problem with Conduit is that it is not a virus or malware because #1 the user installed it whether they meant to or not, and #2 it does not by itself do anything 'bad' to your computer.  It's just unwanted because it takes over your home pages and search in your browsers.  It may invite other more dangerous programs to your computer but I'm not sure about that.
0
 

Author Comment

by:DesertDawg
ID: 39890165
I agree with you on it's non-malware functionality but it seems to get everywhere and cause the machine to slow down remarkably.....probably because of the numerous registry entries that it installs.  

It also leads you to other WEB sites that have notorious malware auto-downloads.
0
 
LVL 18

Expert Comment

by:web_tracker
ID: 39890828
I agree that conduit is not malware in itself and is often bundled with stuff women like to download like groupon  or other coupon related garbage that gets installed on peoples systems. that is why we no longer give user admin rights to install their own software on the workstations we deploy. People bloat their systems so much with crap wear that the systems are grinding to a halt. Then they are calling us to support their systems because it is running super slow. Then they complain because they can't install updates because they don't have admin rights and they are getting popups to install updates...... sigh....

We finally decided to add the workstations to a managed group on the active directory so that the workstations are automatically updated.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
is freezing possible in ssd? 4 77
Windows 10 Sysprep problems 14 87
ATI Radeon HD 5450 video card problem? 12 107
PC powers itself on 11 63
This article may be useful for troubleshooting your PC. Power Supply - no lights or fans running If you have no lights or fans running then either you power is bad, turned off (check switch) or the power supply needs to be replaced. That's a r…
Employees depend heavily on their PCs, and new threats like ransomware make it even more critical to protect their important data.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

742 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question