Windows Stopping new crop of rogue antiviruses

Lately it seems whenever I go to a relatives house it seems I'm having to clean a fake "internet security 2010" or some crap off their systems. A lot of these programs will try to run in safe mode and basically render the computer useless by blocking all .exes until the thing is removed which is a major pain in the ass. Over the years I still can't get them to stop clicking on stupid links or whatever else so I imagine this will keep happening over and over. I've noticed a lot of google image search links becoming disease vectors for these types of viruses and spyware too. Is there any functionality that I can outright disable that these websites are exploiting to run their scripts? I would like to find a way to keep them from getting these rogue antiviruses at all even if it means blocking java websites and the like. Yes, I have tried to get my Luddite family members to convert to apple computers, but they always baulk at the price, as long as I can continue to clean all this crap off their systems.

Thanks for any ideas on how to put a stop to this!

 

Well the first step is to make sure they all have antivirus installed, explain to them that many viruses are invisible, working in the background and may steal they bank login details etc! They need to be aware of the risks they are actually taking.

 

Start charging for fixing their PC's. They'll soon learn not to click every single sodding link.

 

Install Ubuntu. May sound ridiculous, but it isn't.

 

Teach them how to fish, soon they'll be able to know that not all fishes are good for our health.

 

This is actually a really good idea and I would do it in a heartbeat except at least one person in my family still uses AOL (yes she pays for AOL on top of her cable internet service). I've also been trying to convert her for forever to firefox or chrome, but it's just totally hopeless. She's been using the internet for more than a decade and still has troubles with email attachments and determining where she saves anything which makes reformatting their comp a nightmare. Lol she also double-clicks all web links and watching her attempt to use a computer just makes me want to pry the mouse away and pull my hair out.

 

Sounds like you should run away - FAST. If she's still using AOL software then there's quite simply no hope.

 

A large chunk of AOL's business model right now is making people believe they still need to pay them.

 

This thread is relevant to my interests

More recent rogue antivirus software seems to protect itself pretty well, right down to blocking all processes and internet access, even in safe mode. Not impossible to remove, but tricky and time consuming.

As much as I want to teach people how to avoid installing it in the first place, a lack of understanding and/or caring, plus increasingly clever and fear educing tactics by the malicious sites makes this pretty impossible in my experience.

So, the alternative is finding some level of automated protection.

Antivirus software, in my experience, is often found lacking. This isn't a virus. Often it requires a level of user deception to install, so antivirus software has problem catching it on installation. And of course, once it is installed it has control of the system and can disable the antivirus process. Maybe more fully featured antivirus packages have greater or different approaches to protection, but in my experience they are still lacking. Malwarebytes or the like is almost always more effective at removing infections, which suggests their definitions are lacking.

Options, I suppose, would be dedicated resident anti-malware. The paid for version of Malwarebytes has this, as do some others. Does anyone have any experience of how effective this is over anti-virus software at stopping infections of this type?

Also, I presume a limited user account would help, but I wonder if the malware has ways around this?
Also, it's not something I do lightly as I'd rather people had control of their own computers and the opportunity to learn.

 

Modern browser block sites which are known to host such things however list take a while to update. Alternatively do the same through a DNS service such as http://www.opendns.com/home

Most of these things need you to type in the admin password at least on vista/7 (user account control) so putting them on a limited account would help.

 

It has nothing to do with OS.
Once they learn, and get a few bad experiences (ie: get a virus or malware), they will slowly learn and perform smarter web surfing.

I also recommend to explain what User Account Control from Windows Vista and 7 and explain that a picture should not need true administrative privileges to view. It's a picture, not a system file. You don't remove the locks of your door, because you installed a painting on the wall of your house... sounds ridiculous, but that is what they did.

Mac OS, is also starting to be plagues with similar malware and virus attacks.
http://www.dailytech.com/Another+OS...+But+Danger+is+Still+Limited/article21518.htm
As time go on, these attacks will get stronger and more populated, specially that Apple computers are getting more popular. With the addition of everyone not have any protection watch so ever, and the company itself, Apple, not focusing on security first, like Microsoft, Apple users are at the most danger. And with Apple intense advertisement, made people because that the OS is so secure that they don't need A/V software... so telling them that they need one.. requires heavy convincing.

I also think that you should set Windows to show file extensions, and educate them about file extensions. Make a nice small sheet which you give a printout to everyone, showing several popular picture format, documents extension, and so on. And explain what exe's are.
Practice with yourself before jumping, to make sure your explanation is clear and simple, even if you feel you generalize too much. Tech them also of double extensions tricks, and that the last one, is the real one, and that usually double extension means a malware.

Education is the best protection. I am surprised that schools these days don't even explain these kind of things, and all they do is the same computer course several time (well where I am anyways), since high-school they teach you Word, Excel, PowerPoint (or alternatives) year after year... and nothing on computer protection and so on. When I started with computer classes, everyone at school, was already giving home work on the computer. So we leader nothing, years after years.. a waits of time, where something more important could be thought instead.

No mater, it is your duty now (that's the downside of learning too much about computers ), to do this task. Educate them.

 

You'd be amazed at how quickly people become interested in being responsible with their machine after they have lost their data a few times. Once a machine is infested, I'd just reinstall windows. If they haven't done back ups thats their problem, unless they're going to pay me.
As far as prevention goes, limited user accounts are key. Most of them are installed by the user via giving it admin privilege, thus circumventing all protections. If you take away that from the user it cannot be installed. The next biggest thing is via exploits, but only so much can be done about these, as it's up to the software developer to plug their holes. But once again, stuff needs to have admin privileges generally to do harm. Exceptions being the rare exploits that can do privilege elevation on their own. Asides from locking down windows, the only other choice would be to place a dedicated *nix firewall / anti-virus box that intercepts, inspects, and cleans all traffic before hitting the windows boxes.

 

The Lysol way, disinfection bathrooms, and now computers

 

Yeah right now my preferred way of cleaning this crap off is Malwarebytes and a little precision HijackThis registry surgery to remove the remaining cancerous registry entries. Part of the problem is I could teach them to use malwarebytes easily, but for some of the more aggressive infections which require registry surgery I couldn't trust them to do it properly with without doing severe damage to the operating system. Also I've noticed that some of these programs target malwarebytes specifically and keep you from running it. The only way to circumvent this is to rename the executable so the malware can't see it to target it specifically. This tactic is also beyond the computer illiterate and isn't something I would trust to a tech support phone session. When I do it, the scanning and removal ends up taking the better part of an hour and I hate having to constantly do this.

 

install ie9

 

That does not fix IE's security problems. Nor does it fix any other vector of attack.

 

ie9 will prevent most of these malwarev attacks through smart filtering, try it

my wife was plagued by faake antivirus trying to get on her machine, she hasnt haad one since ie9 was installed

ie9 doesn't suffer the same security problems as previous versions, and i don't care what browser someone uses they all have their faults

 

i am just in the process of fixing one called MS removal tool . nasty little thing makes lots of false trojans and locks down your pc nothing works .would not mind just done a full install on it 3 weks ago

 

IE8 has smartfilter...

 

Nothing is full proof.. but it's no reason to not upgrade to a more secure web browser.