Dont know if it is relevant for your setup but WOT http://www.mywot.com/
is the best tool to block malware domains - if that is where it comes from. Relying on scanner can a bit unsafe. Well you have to see it so test away. Just a browser plugin and easy to ignore warning/block, does not do much about infected usb drives either of course, so not really much foolproof safety. But if someone needs help navigating internet it is useful. Is updated fast which makes all the difference to for example Siteadvisor from Mcafee. Plugin also flexible so you can set it up to only react to real bad sites, those hosting stuff like Antivirus 2009.
So all XPs are updated with IE8? Smart screen is pretty good at blocking malware. IE7 did very little besides phishing, all changed. WOT is just much more of same blacklisting.
Since you ask here you probably want easy cheap solution right now, magic MS patch preferably. Not available so all considered WOT is better than nothing perhaps. Locking down computers with SRP and whatnot is not an option or possible I guess. Ive only read about SRP but seems very powerful. May be you get other problems, WHY does this not run??? Depends on network and users how well that goes. Same as if you bought and installed better security software. If they dont even tell you when infected any restrictions/changes might be hard to carry out.
You should forget all about Antivirus 2009, only relevant now. Will be something else next time, a new variant Mcafee dont know about? Who knows. 1000s of such infections so expect the worst
There is a problem with at least one of the users, all you can be sure of.
Mcafee detects virus but cant remove it? What is there to remove when detected? Or there was a slip and then Mcafee could not stop it because Network Tour began? Cant trust scanners or people anyhow.
Actually there could be an alternative. Latest beta of Hostman http://forum.abelhadigital.com/index.php?showtopic=553
can use one of WOTs main sources hphost, including daily updates. All done automatically. Can add all the hosts file you can dig up. Tool will remove duplicates and manage them. Not updated as fast as WOT but an alternative. hphost includes a lot! If Antivirus 2009 came from internet very likely hphost already had that domain on the list. May be more appeal since systemwide and not a tiny browser plugin. Hostman beta runs great, think close to final but check forum. I tried it for week or so. Problem with hphost is they are very rigid sometimes - but with hostman it take only few seconds to whitelist a site. Most annoyances with old hosts trick are gone. If you can lock down/hide hostman so not possible or easy to tinker? May be.
You used Malwarebytes then. They just added some IP-blocking. How much? I think Ive seen the dude who make hphost over at their forum. If Malwarebytes start to get data from hphost that would be very cool. I dont know details other than some have complained about lack of exclusion list (which made me think hphost!) Malwarebytes not that expensive is it?
Mcafee will appreciate the help.
Edited by Bambo, 04 September 2009 - 02:18 AM.