Options
Untangle & spyware blocking
Any Untangle users here using it to block spyware? I've had two machines in the last two weeks hit with "Antivirus Live", and I'm wondering if it will completely stop that. One of them was the CEO's, and I had to reinstall after Antivirus 2009 got its hooks in last year. There's a special place in hell reserved for malware creators & propagators. 
[size=-2]Started WGU - BS IT:NDM on 1/1/13, finished 12/31/14
Working on: Waiting on the mailman to bring me a diploma
What's left: Graduation![/size]
Working on: Waiting on the mailman to bring me a diploma
What's left: Graduation![/size]
Comments
-
Options
RobertKaucher
Member Posts: 4,299 ■■■■■■■■■■
I had considered deploying Untangle a while ago but I have not had the time. AV 2010 is really making some rounds. If you get the one that changes the EXE association I have a reg fix that thanges it back.
My general process is look in yask manager and find where AV.exe lives. Killit. Run the reg fix. Clean the system. Reboot.
I'm not sure who to credit the reg fix with as it was from a friend of a friend.Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\.exe] @="exefile" "Content Type"="application/x-msdownload" [HKEY_CLASSES_ROOT\.exe\PersistentHandler] @="{098f2470-bae0-11cd-b579-08002b30bfeb}" [HKEY_CLASSES_ROOT\exefile] @="Application" "EditFlags"=hex:38,07,00,00 "TileInfo"="prop:FileDescription;Company;FileVersion" "InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size" [HKEY_CLASSES_ROOT\exefile\DefaultIcon] @="%1" [HKEY_CLASSES_ROOT\exefile\shell] [HKEY_CLASSES_ROOT\exefile\shell\open] "EditFlags"=hex:00,00,00,00 [HKEY_CLASSES_ROOT\exefile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\exefile\shell\runas] [HKEY_CLASSES_ROOT\exefile\shell\runas\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\exefile\shellex] [HKEY_CLASSES_ROOT\exefile\shellex\DropHandler] @="{86C86720-42A0-1069-A2E8-08002B30309D}" [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers] [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser] @="{09A63660-16F9-11d0-B1DF-004F56001CA7}" [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps] @="{86F19A00-42A0-1069-A2E9-08002B30309D}" [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page] @="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" -
Options
arwes
Member Posts: 633 ■■■□□□□□□□
Thanks for that, I'm sure I'll be needing that fairly soon. Apparently some of our vendor sites that our users go to have 3rd party advertising loading and they aren't catching the malware installing stuff.
One thing I've noticed is that several of them try to serve up the stuff through a (ancient) javascript exploit in Adobe Reader. I think if you turn it off javascript, it only affects fillable forms. I'm going to test that out with a few of the repeat offenders and see if this takes care of it.[size=-2]Started WGU - BS IT:NDM on 1/1/13, finished 12/31/14
Working on: Waiting on the mailman to bring me a diploma
What's left: Graduation![/size] -
Options
OoteR
Member Posts: 65 ■■□□□□□□□□
RobertKaucher wrote: »I had considered deploying Untangle a while ago but I have not had the time. AV 2010 is really making some rounds. If you get the one that changes the EXE association I have a reg fix that thanges it back.
My general process is look in yask manager and find where AV.exe lives. Killit. Run the reg fix. Clean the system. Reboot.
I'm not sure who to credit the reg fix with as it was from a friend of a friend.
....
.. I could have used that a couple days ago.. Had to do that badboy by hand.
Blech.2k11 Goals:
VCP - Currently Studying
MCITP:EA - 620 (done) -
OptionsRobertKaucher
Member Posts: 4,299 ■■■■■■■■■■
Nice avatar, btw... I could have used that a couple days ago.. Had to do that badboy by hand.
Blech.
-
Options
Nuwin
Member Posts: 75 ■■□□□□□□□□
Any Untangle users here using it to block spyware? I've had two machines in the last two weeks hit with "Antivirus Live", and I'm wondering if it will completely stop that. One of them was the CEO's, and I had to reinstall after Antivirus 2009 got its hooks in last year. There's a special place in hell reserved for malware creators & propagators.
I don't know if I've seen it actively block things like Antivirus Live. I've only ever noticed the spyware blocker show up on questionable link redirects.
If you know an infected site, I can test it for you."By the power of Grayskull" -
OptionsOoteR
Member Posts: 65 ■■□□□□□□□□
RobertKaucher wrote: »Nice avatar, btw.
I'm so thankful for Cradle of Filth, they got me through some rough times. 2k11 Goals:
VCP - Currently Studying
MCITP:EA - 620 (done) -
Options
Obdurate
Member Posts: 108
Any Untangle users here using it to block spyware? I've had two machines in the last two weeks hit with "Antivirus Live", and I'm wondering if it will completely stop that. One of them was the CEO's, and I had to reinstall after Antivirus 2009 got its hooks in last year. There's a special place in hell reserved for malware creators & propagators.
I had that virus on two work computers and a neighbors; I had to nuke-and-pave the two work computers (got to love Ghost). My neighbor's computer I got lucky, each family member had their own account and only one account got infected; all I did was delete the infected user account completely.
Of course I ran malwarebytes and an anti-virus sweep after I was done, which found nothing.
On a side note -- the bad guys appear to be using myspace and facebook as a launching pad
~Obdurate~
