What's your standard security loadout for a new windows PC?

[Ns1]

uuuuuuuuugh he got this too. https://malwaretips.com/blogs/remove-loading-urls-com/

it's an admin account - I tried doing the limited user account thing for him in a previous setup but the user resistance is strong.

 

[John Connor]

You want a sandbox environment. Consider Sandboxie for the browser or VooDoo Shield which protects the whole computer. If you use Sandboxie you have to configure things so that addons, cookies, etc can stay stored when the browser shuts down. I never store cookies though. Also, updating the browser has to be done WITHOUT using Sandboxie otherwise it won't stick.

 

[John Connor]

uuuuuuuuugh he got this too. https://malwaretips.com/blogs/remove-loading-urls-com/

it's an admin account - I tried doing the limited user account thing for him in a previous setup but the user resistance is strong.

I would nuke it from orbit if it will be a PITA to clean things up. It probably can be cleaned up, but you're talking about hours worth of looking at the last modified files, registry, scanning the crap out of the Comp with various scanners both in Windows and using a LIve CD like Bitdefender Rescue disk.

After you either nuke or clean up the machine. Throw Teamviewer on there and whenever he wants to install something remote in and see if it's safe. Or at least have him scan the download at virus total before that double click of the executable. Better than nothing.

VooDoo Shield will help, but it won't stop the stupid. I think the paid version can be locked down using a password. But this will greatly limit what can be installed and ran.

 

[VirtualLarry]

I've picked up what Malwarebytes thought was some sort of PUP/Trojan, just on a fresh install of Win7 64-bit, Waterfox, ImgBurn, CPU-Z, and CrystalDiskMark. Oh, and the AMD drivers.

It was in the temp directory. I'm not 100% sure it was actually malware, it could have been a FP somehow. Or I got it as drive-by malware by surfing this forum while installing.

 

[Ns1]

After you either nuke or clean up the machine. Throw Teamviewer on there and whenever he wants to install something remote in and see if it's safe. Or at least have him scan the download at virus total before that double click of the executable. Better than nothing.

The problem with this is that it's a family computer used by multiple people.

Asshole won't just buy a mac.

 

[John Connor]

Asshole won't just buy a mac

Or just use Linux? Do they game?

 

[Ns1]

Or just use Linux? Do they game?

Guy can barely unzip a file, there's no way we're going to try Linux.

 

[Ns1]

So I got my Uncle's computer back for some additional work. To recap, it currently runs BitDefender and I run adwcleaner as needed.

BitDefender seems to be doing it's job as anti-virus, but not sure if it's doing anything at all re: malware/ransomwhere. Using adwcleaner, I cleaned up whatever shit was left. This time, however, I went ahead and installed MBAM, which came with a free trial of MBAM premium or whatever. Ran a full scan, came up with some new shit that adwcleaner didn't catch. Removed all that shit as well. Uninstalled MBAM as I don't want to deal with my uncle calling me when MBAM asks for him to purchase a subscription.

Naturally, during my tests I encounter no issues. I fully expect this machine to be fucked up again in a few weeks.


So...do I try to get him to upgrade BitDefender from the free product to one of the more "all inclusive" products, do I subscribe to MBAM premium, or do I kill this shit with fire?

 

[John Connor]

Bitdefender Free will be just as adequate. I would also run Junkware Removal Tool from Bleeping Computer which in some cases can be more powerful than ADwcleaner.

There's also Super antispyware.

 

[Rifter]

Guy can barely unzip a file, there's no way we're going to try Linux.

You might be surprised, i set my mother in law up on linux because she refused a limited user account in windows and kept getting malware. she took to it right away has been using it for 6 years now no issues. says she prefers it to windows.

 

[sourceninja]

So I got my Uncle's computer back for some additional work. To recap, it currently runs BitDefender and I run adwcleaner as needed.

BitDefender seems to be doing it's job as anti-virus, but not sure if it's doing anything at all re: malware/ransomwhere. Using adwcleaner, I cleaned up whatever shit was left. This time, however, I went ahead and installed MBAM, which came with a free trial of MBAM premium or whatever. Ran a full scan, came up with some new shit that adwcleaner didn't catch. Removed all that shit as well. Uninstalled MBAM as I don't want to deal with my uncle calling me when MBAM asks for him to purchase a subscription.

Naturally, during my tests I encounter no issues. I fully expect this machine to be fucked up again in a few weeks.


So...do I try to get him to upgrade BitDefender from the free product to one of the more "all inclusive" products, do I subscribe to MBAM premium, or do I kill this shit with fire?

The one thing the paid BD does over free is the ransomware protection. Anything that tries to modify files in a way that feels like ransomware will be blocked and you will be alerted.

 

[xgsound]

Mbam is more thorough and also takes ~5 times longer than AdwCleaner. I printout any part of the AdwCleaner summary that a layman might understand in case the relatives might want to avoid repeating the same problems. Eventually the do pay some attention to it.
Last I used Mbam it still had an actual free version without nags and I don't usually update until there is a need. The relatives machines have been quiet lately, maybe they're all using phones now.

Jim

 

[mikeymikec]

it's an admin account - I tried doing the limited user account thing for him in a previous setup but the user resistance is strong.

I encountered a customer the other day who had this setup. The reason why he was ringing me was because he had let a scammer remote control his computer and he also had three scammy "speed up your PC, all we need are your credit card details" apps installed.