How to prevent rootkits.

[RTKNM]

My parents dont`s use their pc very much, only visit a few websites a day. Nevertheless the regularly have rootkits on their pc. They only visit websites such as newspapers and a known dutch trade site.
Is it possible that someone sends them these rootkits as they have a fixed ip?
What can I do to prevent it?
The pc is protected with a known free av and firewall. They are up to date and I asked them to use Firefox .
Thank you.

[ploder]

Perhaps after their system has been cleaned try something like Sandboxie? http://www.sandboxie.com/

If they are running as administrator, create a limited account for them to use instead for their surfing and other online use. How are these "regular" rootkits being removed? BTW, Securing you PC and Data... is an excellent read.

[hierophant]

Perhaps they're playing Sony CDs

[Triple Helix]

Quote:

Originally Posted by hierophant

Perhaps they're playing Sony CDs

LOL Sony BMG

TH

[AvinashR]

Why Admin? Try to give them LUA with SRP implemented. I am sure they'll get 99.9% protection from getting infected. Try to tell your dad that they should run LUA all the time unless and until they want to install anything.

[AvinashR]

Quote:

Originally Posted by Triple Helix

LOL Sony BMG

TH

May be the news paper website is infected one...Yesterday i saw an Indian Newspaper website infected with Rootkit.Win32.Agent.ey. This Rootkit have Stealth-mode characteristics which is common to Rootkits. And i wonder that their IT Admins are very much unaware of the same. What a shame on them !!!

[RTKNM]

Thanks for all your answers, I will study the solutions.
At first I thought about that the ads of the newspaper or fleemarket/trade site might be infected.
I scanned it (with a freeware rootkit scanner) and there was nothing today, deleted most items from a local settings/temp folder. Hope this helps too.

[RTKNM]

I found one today, it was a swf file so maybe from a flash ad. But if its from an ad many people would have this rootkit.

Maybe its better to use linux

[Fly]

Quote:

Originally Posted by RTKNM

I found one today, it was a swf file so maybe from a flash ad. But if its from an ad many people would have this rootkit.

Maybe its better to use linux

Uninstall Flash and Java?

Or: uninstall Java (too insecure) and use the mvps HOSTS file ?
That will cut down on the ads.
If it's too slow, disable the Windows DNS client.

Maybe Returnil ?

[LockBox]

Quote:

Originally Posted by Fly

Uninstall Flash and Java?

Or: uninstall Java (too insecure) and use the mvps HOSTS file ?
That will cut down on the ads.
If it's too slow, disable the Windows DNS client.

Maybe Returnil ?

Bingo!

[Konata Izumi]

Install MBRGuard to protect MBR from Rootkits.
http://www.blueridgenetworks.com/sup...rd/mbguard.php

Limited User Account.
Dont install JAVA.

[Konata Izumi]

Quote:

Originally Posted by snowdrift

Also don't install Flash and use Privoxy to filter ads, MVPS HOSTS, Spyware Blaster, and Firefox with AdBlocker.

I can't live without Flash lol.
If you want Flash, go install Chrome and run it with the command:
-incognito --safer-plugins

so the Flash plugin are locked in a sandboxed.

or you could just use sandboxie to run your browser.

[HAN]

You don't mention email. Could that be a means of infections too?

I also recommend Sandboxie. I just recently started using it and it's pretty simple to use. The only change I made to the defaults was to delete the sandbox when the last program in it ends. I think it would make a big improvement for them.

[Baz_kasp]

Quote:

Originally Posted by RTKNM

My parents dont`s use their pc very much, only visit a few websites a day. Nevertheless the regularly have rootkits on their pc. They only visit websites such as newspapers and a known dutch trade site.
Is it possible that someone sends them these rootkits as they have a fixed ip?
What can I do to prevent it?
The pc is protected with a known free av and firewall. They are up to date and I asked them to use Firefox .
Thank you.

Is windows up to date would be a good first question :-)

[G1111]

Quote:

Originally Posted by RTKNM

My parents dont`s use their pc very much, only visit a few websites a day. Nevertheless the regularly have rootkits on their pc. They only visit websites such as newspapers and a known dutch trade site.
Is it possible that someone sends them these rootkits as they have a fixed ip?
What can I do to prevent it?
The pc is protected with a known free av and firewall. They are up to date and I asked them to use Firefox .
Thank you.

First is to make sure all the rootkits, etc. are gone. -http://www.youtube.com/user/mrizos#p/u/144/nWfWJmB2kJc- for ideas. You may have to run from a bootable CD with A-Squared or Dr. Web Cureit. Worse case scenario is to reformat hard drive. Next run Secunia inspector: http://secunia.com/vulnerability_scanning/online/ to make sure everything is update, not only Windows but also Adobe Reader, Apple Quicktime, etc. Once computer is clean in addition to an Anti-Virus and firewall I would install either DefenseWall HIPS, Shadow Defender or Sandboxie (if they want something that is more configurable).