How to prevent rootkits.

Discussion in 'privacy problems' started by RTKNM, Apr 25, 2010.

Thread Status:
Not open for further replies.
  1. RTKNM
    Offline

    RTKNM Registered Member

    My parents dont`s use their pc very much, only visit a few websites a day. Nevertheless the regularly have rootkits on their pc. They only visit websites such as newspapers and a known dutch trade site.
    Is it possible that someone sends them these rootkits as they have a fixed ip?
    What can I do to prevent it?
    The pc is protected with a known free av and firewall. They are up to date and I asked them to use Firefox .
    Thank you.
  2. ploder
    Offline

    ploder Registered Member

  3. wat0114
    Offline

    wat0114 Guest

    If they are running as administrator, create a limited account for them to use instead for their surfing and other online use. How are these "regular" rootkits being removed? BTW, Securing you PC and Data... is an excellent read.
  4. hierophant
    Offline

    hierophant Registered Member

    Perhaps they're playing Sony CDs ;)
  5. Triple Helix
    Offline

    Triple Helix Webroot Product Advisor

    LOL Sony BMG :argh:

    TH
  6. AvinashR
    Offline

    AvinashR Registered Member

    Why Admin? Try to give them LUA with SRP implemented. I am sure they'll get 99.9% protection from getting infected. Try to tell your dad that they should run LUA all the time unless and until they want to install anything.
  7. AvinashR
    Offline

    AvinashR Registered Member

    May be the news paper website is infected one...Yesterday i saw an Indian Newspaper website infected with Rootkit.Win32.Agent.ey. This Rootkit have Stealth-mode characteristics which is common to Rootkits. And i wonder that their IT Admins are very much unaware of the same. What a shame on them !!!
  8. RTKNM
    Offline

    RTKNM Registered Member

    Thanks for all your answers, I will study the solutions.
    At first I thought about that the ads of the newspaper or fleemarket/trade site might be infected.
    I scanned it (with a freeware rootkit scanner) and there was nothing today, deleted most items from a local settings/temp folder. Hope this helps too.
  9. RTKNM
    Offline

    RTKNM Registered Member

    I found one today, it was a swf file so maybe from a flash ad. But if its from an ad many people would have this rootkit.

    Maybe its better to use linux :D
  10. Fly
    Offline

    Fly Registered Member

    Uninstall Flash and Java?

    Or: uninstall Java (too insecure) and use the mvps HOSTS file ?
    That will cut down on the ads.
    If it's too slow, disable the Windows DNS client.

    Maybe Returnil ?
  11. LockBox
    Offline

    LockBox Registered Member

    Bingo!
  12. Konata Izumi
    Offline

    Konata Izumi Registered Member

  13. Konata Izumi
    Offline

    Konata Izumi Registered Member

    I can't live without Flash lol.
    If you want Flash, go install Chrome and run it with the command:
    -incognito --safer-plugins

    so the Flash plugin are locked in a sandboxed.

    or you could just use sandboxie to run your browser. :thumb:
  14. HAN
    Offline

    HAN Registered Member

    You don't mention email. Could that be a means of infections too?

    I also recommend Sandboxie. I just recently started using it and it's pretty simple to use. The only change I made to the defaults was to delete the sandbox when the last program in it ends. I think it would make a big improvement for them.
  15. Baz_kasp
    Offline

    Baz_kasp Registered Member

    Is windows up to date would be a good first question :)
  16. G1111
    Offline

    G1111 Registered Member

    First is to make sure all the rootkits, etc. are gone. -http://www.youtube.com/user/mrizos#p/u/144/nWfWJmB2kJc- for ideas. You may have to run from a bootable CD with A-Squared or Dr. Web Cureit. Worse case scenario is to reformat hard drive. Next run Secunia inspector: http://secunia.com/vulnerability_scanning/online/ to make sure everything is update, not only Windows but also Adobe Reader, Apple Quicktime, etc. Once computer is clean in addition to an Anti-Virus and firewall I would install either DefenseWall HIPS, Shadow Defender or Sandboxie (if they want something that is more configurable).
    Last edited by a moderator: May 3, 2010
Thread Status:
Not open for further replies.