How to prevent rootkits.

Discussion in 'privacy problems' started by RTKNM, Apr 25, 2010.

Thread Status:
Not open for further replies.
  1. RTKNM

    RTKNM Registered Member

    Joined:
    Apr 25, 2010
    Posts:
    3
    My parents dont`s use their pc very much, only visit a few websites a day. Nevertheless the regularly have rootkits on their pc. They only visit websites such as newspapers and a known dutch trade site.
    Is it possible that someone sends them these rootkits as they have a fixed ip?
    What can I do to prevent it?
    The pc is protected with a known free av and firewall. They are up to date and I asked them to use Firefox .
    Thank you.
     
  2. ploder

    ploder Registered Member

    Joined:
    Apr 11, 2009
    Posts:
    38
  3. wat0114

    wat0114 Guest

    If they are running as administrator, create a limited account for them to use instead for their surfing and other online use. How are these "regular" rootkits being removed? BTW, Securing you PC and Data... is an excellent read.
     
  4. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    Perhaps they're playing Sony CDs ;)
     
  5. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    11,180
    Location:
    Ontario, Canada
    LOL Sony BMG :argh:

    TH
     
  6. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    Why Admin? Try to give them LUA with SRP implemented. I am sure they'll get 99.9% protection from getting infected. Try to tell your dad that they should run LUA all the time unless and until they want to install anything.
     
  7. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    May be the news paper website is infected one...Yesterday i saw an Indian Newspaper website infected with Rootkit.Win32.Agent.ey. This Rootkit have Stealth-mode characteristics which is common to Rootkits. And i wonder that their IT Admins are very much unaware of the same. What a shame on them !!!
     
  8. RTKNM

    RTKNM Registered Member

    Joined:
    Apr 25, 2010
    Posts:
    3
    Thanks for all your answers, I will study the solutions.
    At first I thought about that the ads of the newspaper or fleemarket/trade site might be infected.
    I scanned it (with a freeware rootkit scanner) and there was nothing today, deleted most items from a local settings/temp folder. Hope this helps too.
     
  9. RTKNM

    RTKNM Registered Member

    Joined:
    Apr 25, 2010
    Posts:
    3
    I found one today, it was a swf file so maybe from a flash ad. But if its from an ad many people would have this rootkit.

    Maybe its better to use linux :D
     
  10. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    1,995
    Uninstall Flash and Java?

    Or: uninstall Java (too insecure) and use the mvps HOSTS file ?
    That will cut down on the ads.
    If it's too slow, disable the Windows DNS client.

    Maybe Returnil ?
     
  11. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,264
    Bingo!
     
  12. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
  13. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    I can't live without Flash lol.
    If you want Flash, go install Chrome and run it with the command:
    -incognito --safer-plugins

    so the Flash plugin are locked in a sandboxed.

    or you could just use sandboxie to run your browser. :thumb:
     
  14. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,007
    Location:
    USA
    You don't mention email. Could that be a means of infections too?

    I also recommend Sandboxie. I just recently started using it and it's pretty simple to use. The only change I made to the defaults was to delete the sandbox when the last program in it ends. I think it would make a big improvement for them.
     
  15. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    Is windows up to date would be a good first question :)
     
  16. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,034
    Location:
    USA
    First is to make sure all the rootkits, etc. are gone. -http://www.youtube.com/user/mrizos#p/u/144/nWfWJmB2kJc- for ideas. You may have to run from a bootable CD with A-Squared or Dr. Web Cureit. Worse case scenario is to reformat hard drive. Next run Secunia inspector: http://secunia.com/vulnerability_scanning/online/ to make sure everything is update, not only Windows but also Adobe Reader, Apple Quicktime, etc. Once computer is clean in addition to an Anti-Virus and firewall I would install either DefenseWall HIPS, Shadow Defender or Sandboxie (if they want something that is more configurable).
     
    Last edited by a moderator: May 3, 2010
Thread Status:
Not open for further replies.