cancel
Showing results for 
Search instead for 
Did you mean: 

Malware protection

tstaddon
Rising Star
Posts: 175
Thanks: 27
Registered: ‎01-08-2007

Malware protection

Hi

Is there any DNS blacklist service PN can offer to mitigate against malware exploits particularly with online games, or are there any recommended solutions? The reason I ask is because I am getting seriously fed up of all manner of unrelated junk, adware etc just appearing at random on some machines but not others despite no obvious triggers. I've already tried using adwcleaner, decr@pifier, antivirus, malwarebytes etc as well as a mix of different antivirus products running. After some significant effort using ALL these products I can get a machine looking reasonably clean, but all I have to do is leave the machine for a day or two and the same infections come back. This has even happened after performing a full clean reinstall of the OS from official Microsoft media.


For example: Yesterday, one machine started popping up messages saying Flash needed updating. Problem was, I wasn't using any browsers at the time, Flash doesn't need updating, the popup was skinned to look exactly like legit Adobe messages but is in fact a link to a particularly nasty ad engine. No idea what triggered it, because at the time the machine was simply sat idle at the desktop with hardly any non-MS software installed. That machine is only used for file & print access, and STEAM library backup, and the STEAM library checks out, and all Microsoft files pass a file system check.The accumulation of removal tools removes the stuff, but if I reboot the machine and leave it for a few hours, that Flash update message comes back.

6 REPLIES 6
rongtw
Seasoned Hero
Posts: 6,973
Thanks: 1,540
Fixes: 12
Registered: ‎01-12-2010

Re: Malware protection

I would suggest that you have some nasties lurking on your HD Knuppel

When you reinstalled your OS did you wipe the drive first ?  , or you have a program that is calling home , i generally find Malwarebytes to be excellent a finding unwanted items .

https://technet.microsoft.com/en-us/sysinternals/bb842062.aspx  , is very helpfull Autoruns , and process explorer should help you find whats causing your problem

Asus ROG Hero Vii Z97 , Intel i5 4690k ,ROG Asus Strix 1070,
samsung 850evo 250gig , WD black 2 TB . Asus Phoebus sound ,
16 gig Avexir ram 2400 , water cooling Corsair H100i gtx ,
Corsair 750HXI Psu , Phanteks Enthoo pro case .
w23
Community Veteran
Posts: 6,342
Thanks: 93
Fixes: 4
Registered: ‎08-01-2008

Re: Malware protection

Plusnet Safeguard: https://portal.plus.net/my-account/safeguard/ can block access to 'certain sites', my personal preference, however, is Open DNS: https://www.opendns.com/home-internet-security/ - other options also available.

Call me 'w23'
At any given moment in the universe many things happen. Coincidence is a matter of how close these events are in space, time and relationship.
Opinions expressed in forum posts are those of the poster, others may have different views.
tstaddon
Rising Star
Posts: 175
Thanks: 27
Registered: ‎01-08-2007

Re: Malware protection

Hi

I completely wiped all the disks before reinstalling Windows 10 from the November 2015 ISO obtained directly from Microsoft Techbench (https://www.microsoft.com/en-us/software-download/techbench).

I've been building Windows systems since the mid 90s and always use clean media on clean drives, and for Windows 7 I used official ISOs as the basis for creating my own OEM SLP media (in other words, if a machine arrived with a crud-ridden preactivated factory preinstall I'd blow it away and install a clean, fully updated vanilla Windows 7 that used the same preactivation).

Malwarebytes and ADWCleaner get rid of the software after it's appeared, but neither seem capable of blocking it from reappearing a few days later.

I also use Decr@pifier and other tools including manual inspection of the software build. I've use Process Explorer and even Wireshark monitoring. Dagnabbit, I can't find how this stuff is getting onto the machines.

rongtw
Seasoned Hero
Posts: 6,973
Thanks: 1,540
Fixes: 12
Registered: ‎01-12-2010

Re: Malware protection

Have you tried a reinstall via the windows media creation tool https://www.microsoft.com/en-gb/software-download/windows10

Your link to the ISO says page does not exist anymore

Asus ROG Hero Vii Z97 , Intel i5 4690k ,ROG Asus Strix 1070,
samsung 850evo 250gig , WD black 2 TB . Asus Phoebus sound ,
16 gig Avexir ram 2400 , water cooling Corsair H100i gtx ,
Corsair 750HXI Psu , Phanteks Enthoo pro case .
pvmb
Rising Star
Posts: 378
Thanks: 32
Fixes: 1
Registered: ‎12-02-2014

Re: Malware protection

Err... my out of date MacAfee has just flagged the Plusnet main web page - www.plus.net/home-broadband/about/ - as "Risky Connection Blocked" and shows a "Serious Website Risk" at the address. Never happened before.

tokey
Aspiring Pro
Posts: 178
Thanks: 41
Fixes: 2
Registered: ‎30-01-2013

Re: Malware protection

I just posted this in another thread as well, but I second the suggestion for OpenDNS