Looking around for something that can block malware from getting in ie. rootkits,rogue anti-spyware/malware stuff.

I have tried many anti-virus software none seem to really block that kind of stuff.

So far i have not seen anything other than blocking IP's using hosts or alternate dns servers.

I have this one customer that goes to bad sites even though his machine has every new update, newest kaspersky AV and yet he gets infected by rogue malware software every single time.

Most of the better AV apps have an internet security suite which the betters ones often stop the apps from being installed to infect the PC. You can look at the AV favorites thread to see who reccomends what. Beyond that there are some stand alone apps too but for anything you can really depend on your gunna end up paying.

I use SpywareBlaster -- It works and it's free.

http://www.javacoolsoftware.com/spywareblaster.html

he has spywareblaster installed he updates every day it still gets in so i have tried on this guys machine:

spybot- w/teatimer+immunize
threatfire
avg 8.0
antivir
avast
spywareblaster

paid:
zonealarm+av
panda internet security
nod32 internet security
kaspersy internet security
f-secure internet security
nortons newest version
on this guys machine and still he gets infected.

Actually what happens is an exploit is used to install a rootkit then injects the malware thus NO anti-virus can stop it they really need a way to detect rootkits installing and prevent it but AV companies don't do that 99% malware i see everyday has some variant of TDSS rootkit.

MBAM pro has real time protection

There is no patch for human error. NO matter what the protection is, if the guy is still downloading and watching porn, surfing porn sites, opening every signle email and their attachments, clicking download or install on everything that pops up, then he will get infected. What good does the protection do when it warns "This file / site / what ever may contain malicious software that can harm your PC." and he closes it out or ignored it?

I agree, there's not much you can do for someone that continues with the same "habits".

This new rogue anti-malware program is not detected by anti-vir off the ubcd4win 3.50 with current updates.

While this is running you cannot run ANY malware cleaning software or antivirus you cannot go to ANY websites such as housecall or any malware/av sites.

Prevents combofix and smitfraudfix from even running or any script for that matter.

It's a nightmare to remove i have tried almost every rootkit scanner it will not remove or detect the new rootkit.

The author of this rogue anti-malware software updates rootkit often.

Even malwarebytes, spybot and superantispyware will not detect it run off of ubcd4win.

Only way i can think of is log all ip's he connects to find which ones have spyware block ip using hosts file and opendns.

Set him up with www.sandboxie.com (http://www.sandboxie.com) or Windows Steady State (http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx) or Virtual Box (http://www.virtualbox.org/). Those will keep threats from being able to infect the system in the first place. These systems give the programs a virtual place to play, but keep them from affecting the real programs and OS.

Of course, if he had a rootkit, how do you know he no longer has a rootkit? The rootkit testers are not definitive. The rootkit must be gone or all bets are off.

-- Patrick B.

The power button will keep it out. :D

I second the Windows Steady State or some kind of virtual environment for this guy.

Call it terrible customer service on my part, but I find the best way to deal with these situations is...


Punt.

Most of these customers aren't worth the hassle of keeping. Oh sure, they give you lots of work early on, but eventually, they get frustrated with you, thinking it's your fault as the tech for not keeping their computer from getting infected!

Time to fold that 2-9 offsuit.

wow i gave that steadystate a try its pretty good stuff did not even know microsoft was in to making that kind of software.

I gave unhackme a try and hypersight a try both picked up the rootkits all others ie free ones missed it.

Now i am installing steadystate on there machine they have a lot of kids so its a good thing to have.

You can also try Returnil (http://www.returnilvirtualsystem.com/). It's kinda like SteadyState. Ther's a free version of Returnil.

I have this one customer that goes to bad sites even though . . .

Looks like you have a steady stream of business from the customer. :D Be thankful. Just explain to him that going to these sites involves the cost of removing infections.

I once built a cheap Internet browsing PC for someone to use just for such a purpose. He had no data on the little 20-GB hard drive and could live without it when it got infected. I set it up so that his other computers did not share files with that one.

UAC and windows defender stops all malware before it infects the pc!!!... jokes ofc lol :P

spybot has the teatimer which stops registry changes im sure that can help but its also very anoying.

and a program called watchdog i belive does the same kinda thing.

:eek:I'd like recommend Registry easy to u.
it is powerful.
do a free scan