Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake XP antivirus prevention


  • Please log in to reply
12 replies to this topic

#1 stradman

stradman

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 15 March 2010 - 08:36 AM

Hi All,

I have dealt with the third Fake Windows Xp virus in two weeks and was wondering the best way to prevent these? I am running current AV/Spyware, CA ITM and AVG and it still comes through. Thanks to this site I am able to clean it up but how does it get through and how can it be prevented? Thanks for any advice.

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 rosiesdad

rosiesdad

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 15 March 2010 - 08:44 AM

Two things come to mind, Facebook and Kids. Do you visit Facebook or have kids that try to game online or go unsupervised to Facebook or Myspace?

#3 hamluis

hamluis

    Moderator


  • Moderator
  • 55,254 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:27 AM

Posted 15 March 2010 - 10:17 AM

IME...the best way to prevent such...is to be careful about what sites are visited, what you click on...and have your system in an optimum security posture (firewall activated, current AV running).

I would also suggest having Malwarebytes installed/updated and use to scan the system routinely. I would also suggest running full scans with your installed AV...after Malwarebytes has detected items of consequence.

You may be interested in http://www.ca.com/us/securityadvisor/vulni...n.aspx?id=34325.

Louis

#4 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,563 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:12:27 AM

Posted 15 March 2010 - 11:13 AM

but how does it get through and how can it be prevented? Thanks for any advice.

Take a look here on the many ways you can become infected: How Malware Spreads - How did I get infected

As for prevention, the best way is to use a 'layered malware prevention ' technique. I will leave the suggestions for the specific prevention and removal tools to our experts and members.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#5 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:27 AM

Posted 15 March 2010 - 04:12 PM

Hi, you want to have a HOSTS file, a good one can be downloaded from here, which also includes an explanation of what exactly a HOSTS file is. You may also be interested in SpywareBlaster, a link to the download is located in my signature.

#6 FiOS Dan

FiOS Dan

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Location:Redondo Beach, CA
  • Local time:11:27 PM

Posted 15 March 2010 - 09:02 PM

You should also consider HIPS and sandbox programs.
Courage is being scared to death but saddling up anyway.

#7 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:27 AM

Posted 16 March 2010 - 02:58 PM

You should also consider HIPS and sandbox programs.


Agreed, but if using HIPS programs, you need to have some knowledge of what exactly is going on, to be able to understand the alerts you will be getting.

#8 FiOS Dan

FiOS Dan

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Location:Redondo Beach, CA
  • Local time:11:27 PM

Posted 16 March 2010 - 08:36 PM

If you are browsing and your HIPS program alerts you to a new or unknown executable attempting to run, the odds are pretty good that you should deny it.
Courage is being scared to death but saddling up anyway.

#9 Rwraith

Rwraith

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 17 March 2010 - 12:11 PM

Now it appears you do not have to go to bad websites or click on a link. Just visiting the site can start the download process. Avast has identified a javascript virus that is infecting some of the larger sites through ads. Here is a link to the article that came out yesterday. The virus is called JS:Prontexi.

http://www.mediapost.com/publications/?fa=...;art_aid=124344

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:27 AM

Posted 17 March 2010 - 12:40 PM

Tips to protect yourself against malware and reduce the potential for re-infection:

Keep Windows and Internet Explorer current with all critical updates from Microsoft which will patch many of the security holes through which attackers can gain access to your computer. If you're not sure how to do this, see Microsoft Update helps keep your computer current.

Avoid gaming sites, porn sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs (i.e. Limewire, eMule, uTorrent). They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Malicious worms, backdoor Trojans IRCBots, and rootkits spread across P2P file sharing networks, gaming, porn and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. Porn sites can lead to the Trojan.Mebroot MBR rootkit and other dangerous malware. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.Beware of Rogue Security software as they are one of the most common sources of malware infection. They infect machines by using social engineering and scams to trick a user into spending money to buy a an application which claims to remove malware. For more specific information on how these types of rogue programs and infections install themselves, read:Keeping Autorun enabled on USB (pen, thumb, jump) and other removable drives has become a significant security risk as they are one of the most common infection vectors for malware which can transfer the infection to your computer. To learn more about this risk, please read:Many security experts recommend you disable Autorun asap as a method of prevention. Microsoft recommends doing the same.

...Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network shares, or other media containing a file system with an Autorun.inf file...

Microsoft Security Advisory (967940): Update for Windows Autorun
How to Maximize the Malware Protection of Your Removable Drives

Other security reading resources:Browser Security resources:• Finally, if you need to replace your anti-virus, firewall or need a reliable anti-malware scanner please refer to:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 ripsaw

ripsaw

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 16 April 2010 - 04:45 PM

I'm using all these steps except HIPS and sandbox programs and I'm still having fits with the rogue anti-whatever malware at the office.

So my question is, does Malwarebytes Pro prevent the rogue stuff from ever installing? If not, is there a corporate type of sandbox program that will?

Specifically I'm currently using:
A Watchguard Firebox firewall with AV/AS, Webblocking and Intrusion Prevention activated.
Trend Micro Client/Server Messaging Suite that scans the Exchange server and provides AV/AS and realtime monitoring on each desktop. It checks for updates hourly.
All computers are automatically update all Microsoft software. I'm looking into patch managment for Adobe, Apple, Java, etc.

The only thing that gets through is this rogue junk.

Edited by ripsaw, 16 April 2010 - 04:50 PM.


#12 jonm01

jonm01

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 16 April 2010 - 05:28 PM

You know what? I think we're approaching a level where you would have to say that the internet is broken. I am computer savvy and never had viruses at all, didn't even use an AV suite.

Now you can ruin your PC simply by clicking a link!? And when you do get infected you can throw every AV program there is at the problem and none of them are any use.

#13 ripsaw

ripsaw

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 19 April 2010 - 09:16 AM

You don't even have to click on a link. If you are on a site that has ads on it and an infected ad loads in your browser, you get the virus.
I will say I have not had an issue on Vista or Win 7 computers but the majority of computers on my LAN are Win XP SP3 and I do not want to migrate to Win 7 for another year at least.
Later this year, I will be testing virtual desktops for my users. That looks like a real help.
At home my wife runs Win 7 and I run Vista, Win 7, and various Linux distros. By far my favorite is Ubuntu 9.10. Even my wife wants to switch. We have not had a virus since we left XP.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users