So my dad's laptop got, for the second time, got some "Win 7 Antivirus 2012" virus, one of those that keeps popping up a fake antivirus window, etc. It was even popping up in safe mode. The laptop was running Windows 7 Home Premium, his user was the only user and was the set as the admin user. It was the stock Win 7 install from Toshiba that came with the laptop.
I've had him using Firefox with Adblock installed, and when he got the virus the first time Microsoft Security Essentials was installed. After the infection, when I took a look at it, MSSE had been disabled (I'm assuming by the virus). It took a lot of work but eventually I was able to disable the virus from starting up, run MSSE and AdAware and clean things up.
So this latest infection appeared to be the same thing. Same type of virus, same symptoms. MSSE was disabled, AdAware's resident monitor had been installed earlier but the service was being hijacked or something by the virus. On top of all that the virus would run in safe mode even, I couldn't find anything to disable in hijackthis, and it wouldn't establish a network connection over either wired or wireless. It would connect but not get an IP address from my router. Sigh.... and all of this was still with them using Firefox for their browsing.
So my question is, what else can I do to prevent this from happening? I'm really close to suggesting they get a Mac, or installing Linux and forcing them to use that. I couldn't repair the laptop this time so I've wiped it clean and put Win 7 Pro on it. I set up their user as a "normal" non-admin user. I set up MS Security Essentials again on it. I've been using Chrome as my main browser just because it seems to respond better, so I was thinking of pushing them toward that. But really it doesn't seem like it should matter; either alternative browser should be fine.
Bottom line is I don't know how the heck he keeps getting this thing, and it annoys me to no end that I can't seem to prevent it. He just goes to a bunch of old antique tractor sites and stuff, and Yahoo email. My mom uses it pretty much only for email and Facebook. What else can I do to keep my sanity?
Answer
This can certainly be frustrating. I have seen this in different variants for a couple years now. The developers are getting more sophisticated each time they deploy this junk. One thing I have noticed is the people who have gotten hit with it repeatedly are not always heavy users, rather ones who aren't as savvy. I know one person who kept clicking "OK" on every window that popped up while another opens every single attachment she gets in her email. Both have been infected multiple times.
The best defense I have been able to come up with so far is education. Maybe your parents are clicking something or opening something they think is normal. Warn them of the types of things they might see and how to save and scan email attachments rather than opening them within the email.
No anti-virus/spyware/malware programs catch 100%, so I would suggest making sure the MSE is updating regularly and possibly adding a malware scanner to run at startup.
No comments:
Post a Comment