General discussion

Locked

How do you handle dimwitted users?

By normhaga ·
Today I had a computer return for service; last week I did a reinstall and malware removal on this computer, as I had the week before.

Today I went further than I usually do and tracked down how the user is constantly being infected with trojan rootkits and virus.

In the past, I thought I had the problem resolved by installing that nagware SpyBot with Tea Timer. This did not work because the user is an indiscriminate "Clicker."

Why do I say that the site is installing malware? Because as soon as the logon button is clicked Windows reports that IE7 is attempting to copy to the clipboard, all USB ports loose connectivity, the CD/DVD is no longer accessible, IE refuses to shutdown and you have to do a forced powerdown. When you come up after MSconfig starting only the services Windows needs you again find the same rootkit and 65 virus you just removed. On a clean install the same thing happens as soon as you log in to the site; it does not however happen when you login with a browser other than IE.

Well, I tracked the installation of the malware down to one website that appears to be rooted. The site is: www.esp-inc.com. The malware is installed only after the user logs in (verified three times in a V.M.).

I told the user not to log into the site because it was installing the malware. Well, right in front of me the user logged into the site and immediately reinfected the box, then had the audacity to blame me.

The user needs to access this site to take some ultrasound exams, but at the time the site is unsafe.

I sent email to the site administrator informing him/her that the site appeared to be rooted and was installing malware and included logs showing this along with my bill for having to redo work.

Short of refusing to work on the users computer because of stupidity, what can I do? Report the site to ICAAN and Google as a malware purveyor? I did argue with someone who insisted that there was something installed on the computer that was installing the malware. They could not answer "What part of fresh install do you not understand."

This conversation is currently closed to new comments.

21 total posts (Page 1 of 3)   01 | 02 | 03   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Submit a 'Projected' bill of forthcoming costs ...

by OldER Mycroft In reply to How do you handle dimwitt ...

Based on what it'll cost for the coming weeks / months, if this user continues to log in to the offending site.

THAT might register with the bean-counters, and have the desired result.

Or just set aside a certain amount of time every other day, for the work that you are certain will head your way! :)

Collapse -

What is the site Norm?

by ComputerCookie In reply to How do you handle dimwitt ...

As 'Old Mycroft' suggests there is a problem
and excessive billing might be the go!

However it would be better to look for alternative resouces!

Collapse -

Can you block it?

by CharlieSpencer In reply to How do you handle dimwitt ...

Can you block it at the client, maybe in the Hosts file? Depending on how often the user needs to access the site, it may be worth your trouble to block it for him and just pull the ultrasound results for him from a VM.

Collapse -

Block it at the firewall

by jdclyde In reply to Can you block it?

until they respond that their infection has been removed.

Collapse -

The problem with that

by CharlieSpencer In reply to Block it at the firewall

is that will also keep normhaga from accessing it for the user from the VM.

Collapse -

A decent firewall

by jdclyde In reply to The problem with that

allows for exceptions to the rules....

And am I really the only one with access to a connection outside of the firewall? :0

Collapse -

figures...

by jck In reply to A decent firewall

abusing your status...like a good right-winger lol

Collapse -

Actually, it is work related

by jdclyde In reply to figures...

When I need to download a disk image, I don't hurt the network performance.

The REAL reason I set it up for our department is so I have a connection outside the network so I can setup laptops with VPN. Can't tunnel in if you are already in, right?

And yes, it is openly available and well known. B-)

Collapse -

sad

by jck In reply to Actually, it is work rela ...

you take pride in having open access where others don't...and you could program those routers Mr. Cisco to restrict them to certain things they need outside.

no cookies for you, Mister!!!! :^0

(btw, did i mention i still have access to two county government networks? lol)

Collapse -

I think you missed the last line

by jdclyde In reply to Actually, it is work rela ...

about being openly available AND well known.

When a user has need, I set them up.

At any point, my co-workers have access for when they need to download something.

I also have an access point outside the network, so anyone with a laptop just has to select THAT one instead of the one inside the network. I teach them that is for when they need to work over the web, and don't need local access.

It has made a big difference in the hits to my LAN. B-)

Firewall is to keep people out, not to keep us in. ;\

Back to Malware Forum
21 total posts (Page 1 of 3)   01 | 02 | 03   Next

Security Forums