VideoHelp Forum

Try DVDFab and download streaming video, copy, convert or make Blu-rays,DVDs! Download free trial !
+ Reply to Thread
Results 1 to 17 of 17
Thread
  1. VH Wanderer Ai Haibara's Avatar
    Join Date
    Jan 2006
    Location
    Somewhere on VideoHelp...
    Search Comp PM
    (sighs) Just had to eradicate Yet Another Piece Of Malware that had set itself up in the Application Data folders. Why is it that malware can apparently install itself in the Application Data root, temp or cache folders, run, and evidently NOT be detected, for the most part? I keep all the antivirus/antimalware programs up-to-date, but the malware ALWAYS seems to conveniently whitelist itself in everything.

    Is there actually any reason why any executables should be allowed to run from any of the Application Data folders? And, if not, is there any way I can prevent anything from executing from those folders?
    (Well, probably short of ramping up all the security settings in Vista and IE to their highest settings, making using that computer a pain for everyone else in the family to use. I don't have this problem on my personal systems, but the system in question is for use by the whole family, and I can't convince most of them to use anything OTHER than IE/Windows Mail, for starters...)
    If cameras add ten pounds, why would people want to eat them?
    Quote Quote  
  2. Always Watching guns1inger's Avatar
    Join Date
    Apr 2004
    Location
    Miskatonic U
    Search Comp PM
    Don't use an administrator level account for day to day use, only for installing and maintaining software.

    Don't turn off UAC.

    Don't use Internet Explorer.

    Do use realtime scanners for virus and malware scanning. A weekly (or even daily) scan won't stop infections, only clean up them.

    Be careful what sites you visit (that said, google is a huge source of infections at the moment due to hijacked pages claiming that systems are infected and offering "solutions" that are highly dangerous).

    Note : You can stop them using IE and Outlook Express if you really want to. They can be hidden and disabled, and if the user does not have admin rights, can not be returned to a usable state.

    I have 2 desktops and 3 laptops in the house, and none of them have been infected by anything in years.
    Read my blog here.
    Quote Quote  
  3. I'm a Super Moderator johns0's Avatar
    Join Date
    Jun 2002
    Location
    canada
    Search Comp PM
    Some malware is designed to resemble legit apps which av cant detect until they are updated to recognize them.
    I think,therefore i am a hamster.
    Quote Quote  
  4. VH Wanderer Ai Haibara's Avatar
    Join Date
    Jan 2006
    Location
    Somewhere on VideoHelp...
    Search Comp PM
    Originally Posted by guns1inger
    Don't use an administrator level account for day to day use, only for installing and maintaining software.

    Don't turn off UAC.

    Don't use Internet Explorer.

    Do use realtime scanners for virus and malware scanning. A weekly (or even daily) scan won't stop infections, only clean up them.

    Be careful what sites you visit (that said, google is a huge source of infections at the moment due to hijacked pages claiming that systems are infected and offering "solutions" that are highly dangerous).

    Note : You can stop them using IE and Outlook Express if you really want to. They can be hidden and disabled, and if the user does not have admin rights, can not be returned to a usable state.

    I have 2 desktops and 3 laptops in the house, and none of them have been infected by anything in years.
    Yeah, I've got them running in a non-admin account and with UAC fully running (and they hate me for it, as I'm the only one who knows the password. ) But it actually isn't my computer (I didn't buy that one), and they refuse to let me take away IE/Outlook Express/Windows Mail. They only really tolerate me being the system admin because I'm the one who maintains all of our systems, but that still won't prevent them from going to questionable sites (or infected regular sites) and getting malware sent in email.

    johns0: Shouldn't the AV/AS/security programs be able to detect most, if not all of them, by signature, though? The two programs I'm using DID detect parts of it, but not all. And it still managed to whitelist one of the EXEs in the main scanner.

    I just don't see why anything is allowed to run from the Application Data folders, anyway. There's probably a perfectly reasonable explanation for that, but it seems like the only thing making use of it is malware.
    If cameras add ten pounds, why would people want to eat them?
    Quote Quote  
  5. Always Watching guns1inger's Avatar
    Join Date
    Apr 2004
    Location
    Miskatonic U
    Search Comp PM
    If you want to be a complete bastard, create an opendns account, change the DNS settings in the router to run through OpenDNS servers, and use the filtering at OpenDNS to restrict them from going to the worst of the net.

    What AV/AS software are you running ?

    Your other options include shifting them to Linux, taking an image of the system when it is clean, and telling the users that any time they screw it up, you will revert back to this point (and they will lose any data they have put on since that time), or simply telling them that you won't fix it if they screw it up through their own behavior.
    Read my blog here.
    Quote Quote  
  6. Member lacywest's Avatar
    Join Date
    Aug 2001
    Location
    California
    Search Comp PM
    Interesting topic
    Quote Quote  
  7. VH Wanderer Ai Haibara's Avatar
    Join Date
    Jan 2006
    Location
    Somewhere on VideoHelp...
    Search Comp PM
    What about having IE block any sites but Microsoft domains?

    I doubt I have it in me to be a complete bastard, really. I'm usually too nice for my own good. Explains why I usually end up on call to fix several generations worth of family members' computers.

    That particular system is a new OEM system (bought last month), so it's still running the Norton suite that was included with it (and they don't want me to touch THAT, either. ) Plus, MalwareBytes. I've seen the problem happen before even on previous Vista and XP systems that had far better AV/anti-spyware programs installed, though.

    I couldn't get them to use Linux or OS X - they've watched me use them, and worse - they know full well their games probably wouldn't work with either of them.
    If cameras add ten pounds, why would people want to eat them?
    Quote Quote  
  8. I'm a Super Moderator johns0's Avatar
    Join Date
    Jun 2002
    Location
    canada
    Search Comp PM
    Originally Posted by Ai Haibara
    johns0: Shouldn't the AV/AS/security programs be able to detect most, if not all of them, by signature, though? The two programs I'm using DID detect parts of it, but not all. And it still managed to whitelist one of the EXEs in the main scanner.
    It cant detect the malware by signature if its a new type,only if its a recognized signature.
    I think,therefore i am a hamster.
    Quote Quote  
  9. VH Wanderer Ai Haibara's Avatar
    Join Date
    Jan 2006
    Location
    Somewhere on VideoHelp...
    Search Comp PM
    Both Norton and MalwareBytes detected parts of it, and cleaned those, so they had signature support for something. I had to go into the appdata folders and manually delete the rest.
    If cameras add ten pounds, why would people want to eat them?
    Quote Quote  
  10. Member hech54's Avatar
    Join Date
    Jul 2001
    Location
    Yank in Europe
    Search Comp PM
    Always try running malware apps in SAFE Mode too.
    Quote Quote  
  11. Video Restorer lordsmurf's Avatar
    Join Date
    Jun 2003
    Location
    dFAQ.us/lordsmurf
    Search Comp PM
    Thumb drives are more problem than internet downloads/browsing, lately.
    Turn off AUTOPLAY!
    Quote Quote  
  12. Get out the system restore disks and show them how to use them. Demo and explain how to run ALL the virus scans and updates. Get a third AV scanner, Spybot Search and Destroy would complement what you already have.

    Explain that they absolutely must NOT click on any of the "Fix your problem now" adds that pop up.

    Mandate that at least one and preferably all three complete scans, AFTER updating, are run after EVERY SINGLE online usage.

    Demo taking a clean PC to Myspace, log on, then immediately log off, run all scans. You'll likely find two or three malwares. This was an eye-opener for my teenager.

    Very simply, they just will NOT stop wandering through the back alleys of the Internet as long as somebody else is cleaning the dog poo off their shoes. Forcing them to be responsible for their own errors is the ONLY way to make them pay attention to where they put their virtual feet.

    You must also be firm that when they have rendered their own PC non-operational, they will NOT use any of the others. Had a customer that one of their kid's friends trashed their PC downloading some crapware. When asked why he did not do this at home, he replied that he already had and their home PC didn't work anymore.
    Quote Quote  
  13. VH Wanderer Ai Haibara's Avatar
    Join Date
    Jan 2006
    Location
    Somewhere on VideoHelp...
    Search Comp PM
    (Gah. Go away for a week, and look what happens. )

    Yeah, I was thinking of installing Spybot, anyway. I normally use it on my Windows systems, but the only problem is I can't have it do an unattended update, that I'm aware of, which means that if I install it on the relatives' systems, I have to go visit all of them and update it because they can't be bothered to do it themselves.

    That's actually the same problem I have here - the people in the house going on the questionable sites and getting malware in their email are older users who don't want to change their computer-using habits, darn it! ...so the nice-person doormat gets to come running every time they complain it doesn't work. I was in the process of trying to get them a Mac or Linux setup, so at least I wouldn't have to run maintenance on it all the time, but they went ahead and bought themselves a new Windows system.
    If cameras add ten pounds, why would people want to eat them?
    Quote Quote  
  14. Get Slack disturbed1's Avatar
    Join Date
    Apr 2001
    Location
    init 4
    Search Comp PM
    You fixed the PC, offered advice on how to stop it from happening. If they can't follow advice, screw 'em! Start charging for your work, or make them fix it themselves. My girlfriend used to have a nasty habit of doing this back when Windows 98 was first released. Almost weekly she'd mutter Honey, fix it please. That all stopped once I tossed the reinstall disc at her, and said here you go, have fun.

    "Doctor it hurts when I do this" - "Then don't do that".

    If your too nice to be a hard ass, save some time and create a restore image. That way you, all you have to do is insert the disc, and press enter.
    Linux _is_ user-friendly. It is not ignorant-friendly and idiot-friendly.
    Quote Quote  
  15. Man of Steel freebird73717's Avatar
    Join Date
    Dec 2003
    Location
    Smallville, USA
    Search PM
    Originally Posted by Ai Haibara
    Yeah, I was thinking of installing Spybot, anyway. I normally use it on my Windows systems, but the only problem is I can't have it do an unattended update, that I'm aware of, which means that if I install it on the relatives' systems, I have to go visit all of them and update it because they can't be bothered to do it themselves.
    Use the taskscheduler and spybot from the command line
    SpybotSD.exe /autoupdate
    SpybotSD.exe /autoimmunize
    SpybotSD.exe /autocheck /autofix /autoclose

    http://www.safer-networking.org/en/faq/30.html
    Donadagohvi (Cherokee for "Until we meet again")
    Quote Quote  
  16. VH Wanderer Ai Haibara's Avatar
    Join Date
    Jan 2006
    Location
    Somewhere on VideoHelp...
    Search Comp PM
    I knew it had to be something simple. Thanks!

    disturbed1: I'd love to create a restore image (for more than one of the systems, actually), but I keep forgetting to pick up an external drive large enough to hold backups of the HDs, or anything else.
    If cameras add ten pounds, why would people want to eat them?
    Quote Quote  
  17. Member
    Join Date
    Jul 2001
    Location
    United States
    Search Comp PM
    Originally Posted by freebird73717
    Originally Posted by Ai Haibara
    Yeah, I was thinking of installing Spybot, anyway. I normally use it on my Windows systems, but the only problem is I can't have it do an unattended update, that I'm aware of, which means that if I install it on the relatives' systems, I have to go visit all of them and update it because they can't be bothered to do it themselves.
    Use the taskscheduler and spybot from the command line
    SpybotSD.exe /autoupdate
    SpybotSD.exe /autoimmunize
    SpybotSD.exe /autocheck /autofix /autoclose

    http://www.safer-networking.org/en/faq/30.html
    Something to add to my 9PM outlook.pst backup! After all these years, never even thought to look for a command line option for Spybot. Thanks!
    Have a good one,

    neomaine

    NEW! VideoHelp.com F@H team 166011!
    http://fah-web.stanford.edu/cgi-bin/main.py?qtype=teampage&teamnum=166011

    Folding@Home FAQ and download: http://folding.stanford.edu/
    Quote Quote  



Similar Threads