Win 7 Antispyware

I just had a grandson call me about his computer. These bogus anti-spyware and anti-virus programs are bad news. He now has a problem. They scare people into clicking and then they have you. Will something like Threatfire catch it? Of course the main thing is don't panic (don't click).

 

Here are the Win 7 Antispyware removal instructions:

http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2011

 

Also ask at one of the volunteer malware removal sites listed
https://www.wilderssecurity.com/showpost.php?p=1533481&postcount=3

 

His computer has Trend Micro and it said there was no problems. It has control of the computer and won't let him do anything.

 

Will, your grandson's how old?

 

As i have stated in previous post; most of these cases would be prevented through education alone.

 

He is in his twenty's ,married with two children. And he had been warned. The people who created this thing are smart. It is a sophisticated program that takes over the computer. It can panic a person in a hurry. It tried to get on my wife's computer twice. Once with my wife and once with my granddaughter. But they got me to deal with it.

 

Threatfire would likely catch threats like these, but it would make no difference because if you are willing to allow a rogue like this to install you would be just as likely to dismiss it being flagged as a threat by a Behavior Blocker. Using a behavior blocker like Threatfire or Mamutu require more knowledge on the users part to be affective. Like i stated above; education would mean a world of difference in this case. Making the wrong choice in this case does not show a lack of intelligence, but a lack of knowledge. That's what the malware writers are relying / banking on.

 

How do you get caught? What I mean is that they were not at any questionable web sites. Is it a hacked site or was it redirected.

 

your family seems being plagued by this a lot. also your last question was reflected upon in that thread.

 

I would advise the following: A total re-design of the security you have in place. And, this re-designing should have in consideration prevention in first place, rather than detection.

You're right about one thing, if you enter a deemed safe site that has been hacked (You wouldn't know, of course.), and it would redirect you to a website that would exploit your browser to attack your system, then there isn't much education, as in avoiding bad websites, that will save your back. So, you need to take care about all attacking vectors as possible.

Regarding tools like Threat Fire, which seems to be abandon-ware anyway, unless your relatives can handle them, stay away from them.

 

vtol,I appreciate your explanation, but I didn't understand what you were talking about. That is my fault.

 

I should have mentioned above that a BB would have been more useful in an incident where the rogue tried to install silently in the background without the user's knowledge. Drive by downloads try to silently install in the background when the user clicks on an infected link or object. They usually use an I-frame or java script to deliver the infected payload. A BB would have been more useful in this scenario.

 

the question seems how computer literate your folks are, just putting an OS with an anti-virus on a machine does not do the trick anymore, basically due to the circumstance that black hat has been growing extremely sophisticated, got cloud structured, setup as an industry and deploying social engineering skills.

that is a lot to cope with on the users end and thus require to spend a bit more time on maintaining and securing the computer, notwithstanding literacy about a few basics.

 

I would recommend the use of an AE (anti-executable) over a BB since they use a deny by default approach, and I believe they are less likely to let anything slip through. If you want a really solid layer of protection i recommend the use an AE with virtualiztion software like Shadow Defender or Returnil. Returnil already comes with a light version of an AE. Faronic's anti-executable, and BlueRidge Network's Appguard are 2 excellent choices. Appguard is scheduled to be released in 64 bit compatibility next month. If your family or friends do not want to bother with virtualization software because they find it too big of a burden to set exceptions to save their work then they should be fine with an AE. You could also look at using sandboxie.
http://www.faronics.com/en/Products/AntiExecutable/AntiExecutableCorporate.aspx
http://www.blueridgenetworks.com/products/appguard.php
I can't wait until Appguard is released in 64bit compatibility next month. Here are some screen shots on the beta thread of whats to come. https://www.wilderssecurity.com/showthread.php?t=276677&page=12&highlight=appguard

 

When I go on the internet on my computer I am on Firefox with NoScript in Sandboxie and DefenseWall. So far the bogus av hasn't tried to get to mine.

 

that makes quite a difference. for a lot of users that would be already too much of a hassle and an inconvenience, understandably when all one want is use the computer and roam the web without being permanently on the lookout for the next sniper or to learn their tactics first and start wearing protection, for that matter

basically the browsers should be developed (hardened) at the pace those threats are emerging, ideally staying ahead. than most of this extra protection would be obsolete and one could enjoy a peace of mind

 

If people won't use decent security apps why not just put that line in the reg where no exe can be downloaded even from those fake scan sites?

am.exe - 20/39 (51.3%) - Rogue:Win32/FakeRean

Same exe run on 7 and XP and I think it can use several different skins for each operating system?

 

Hey Will ... your g-son too busy to administer family-wide security? Simple yes'er no'll do.

 

No. Just not computer savy.

 

Then an *instant recovery* setup would be best, hmm?

 

On my computers I have First Defense ISR on the two with XP and Rollback Rx on the laptop with 7. I would guess that a large percentage of the people would panic and click on the bogus program. They make it look so official.

 

I have a backup of all my machines on an external drive. Some of my machines are even backed up on more than 1 drive in the event that 1 drive fails. My biggest worry is fire or natural disaster. The only thing else i could really do is off site or online backup. I may even start doing that in the future. Global force is right. Keep regular backups, and if you do get infected you can just roll back your machine to an earlier time. Its a minor inconvenience when it comes to loosing all your data. I always recommend you keep a backup on a drive other than the drive that contains your system partition. Its much more reliable in the event that your OS becomes unbootable to the point you can not access the recovery prompt. It also works well when you have a drive that fails. You can just copy the image over to the new drive.

 

I find it more convenient to use throw-away VM clones based on linux for websurfing and separate subnet, less probable to get infected and even if so just deleted it and start with a new clone. that way the production environment stays sane - until the day VM environment gets compromised and leaks into the host...

 

As you are knowledgeable but your family members are not so much, you can either try to elevate their knowledge (and/or change behaviour), make an OS partition and image and learn them how to restore it or...let them try a very user friendly linux distro as Linux Mint, that is if they don't use much needed Windows programs.
Or is linux a no-go?
Perhaps an ad-blocker (I prefer AdBlock+ for FF) can be a start if they want to stick to Windows. It can at least prevent infections from compromised ad-servers.