My parents dont`s use their pc very much, only visit a few websites a day. Nevertheless the regularly have rootkits on their pc. They only visit websites such as newspapers and a known dutch trade site. Is it possible that someone sends them these rootkits as they have a fixed ip? What can I do to prevent it? The pc is protected with a known free av and firewall. They are up to date and I asked them to use Firefox . Thank you.
If they are running as administrator, create a limited account for them to use instead for their surfing and other online use. How are these "regular" rootkits being removed? BTW, Securing you PC and Data... is an excellent read.
Why Admin? Try to give them LUA with SRP implemented. I am sure they'll get 99.9% protection from getting infected. Try to tell your dad that they should run LUA all the time unless and until they want to install anything.
May be the news paper website is infected one...Yesterday i saw an Indian Newspaper website infected with Rootkit.Win32.Agent.ey. This Rootkit have Stealth-mode characteristics which is common to Rootkits. And i wonder that their IT Admins are very much unaware of the same. What a shame on them !!!
Thanks for all your answers, I will study the solutions. At first I thought about that the ads of the newspaper or fleemarket/trade site might be infected. I scanned it (with a freeware rootkit scanner) and there was nothing today, deleted most items from a local settings/temp folder. Hope this helps too.
I found one today, it was a swf file so maybe from a flash ad. But if its from an ad many people would have this rootkit. Maybe its better to use linux
Uninstall Flash and Java? Or: uninstall Java (too insecure) and use the mvps HOSTS file ? That will cut down on the ads. If it's too slow, disable the Windows DNS client. Maybe Returnil ?
Install MBRGuard to protect MBR from Rootkits. http://www.blueridgenetworks.com/support/mbguard/mbguard.php Limited User Account. Dont install JAVA.
I can't live without Flash lol. If you want Flash, go install Chrome and run it with the command: -incognito --safer-plugins so the Flash plugin are locked in a sandboxed. or you could just use sandboxie to run your browser.
You don't mention email. Could that be a means of infections too? I also recommend Sandboxie. I just recently started using it and it's pretty simple to use. The only change I made to the defaults was to delete the sandbox when the last program in it ends. I think it would make a big improvement for them.
First is to make sure all the rootkits, etc. are gone. -http://www.youtube.com/user/mrizos#p/u/144/nWfWJmB2kJc- for ideas. You may have to run from a bootable CD with A-Squared or Dr. Web Cureit. Worse case scenario is to reformat hard drive. Next run Secunia inspector: http://secunia.com/vulnerability_scanning/online/ to make sure everything is update, not only Windows but also Adobe Reader, Apple Quicktime, etc. Once computer is clean in addition to an Anti-Virus and firewall I would install either DefenseWall HIPS, Shadow Defender or Sandboxie (if they want something that is more configurable).