Repair Technicians

[DBB2010]

online scanners such as trend micros housecall and symantec or pandas might be able to detect rootkits. this would need to be confirmed.

can we update malwarebytes without attaching it to a network / internet connection?

edit - itil is a best practices framework that may help you form good processes

ITIL Knowledge Accelerator: Improving IT Services with ITIL Best Practices and Policies

here is a link to download the definitions alone, but they say that these offline definitions aren't updated daily like they are when you update through the update tab. they may help should your internet connection be compromised by an infection or you if can't access the internet for some other reason though.

thank you for the link, by the description at the top of the page alone, i'm really interested. i'll be doing some reading now...

 

[Lexluethar]

No you can't update malwarebytes without a network connection (but you can with Spybot S&D, you download the update file and point the program to that file).

I've also found that programs are getting nastier by the month, there are a lot of them out there what once you actually install malwarbytes (even in safemode) it will rename the .exe.

HAHA FUNNIEST POST OF THE MONTH!! "used for business purposed instead of porn and music downloads." I love it - it is the truth though.

We don't really lock much down with AD at your company though, although they are thinking about making it more difficult for end users to do stuff because we are spending a lot of resources fixing things that people shouldn't be doing.

 

[DBB2010]

No you can't update malwarebytes without a network connection (but you can with Spybot S&D, you download the update file and point the program to that file).

I've also found that programs are getting nastier by the month, there are a lot of them out there what once you actually install malwarbytes (even in safemode) it will rename the .exe.

HAHA FUNNIEST POST OF THE MONTH!! "used for business purposed instead of porn and music downloads." I love it - it is the truth though.

We don't really lock much down with AD at your company though, although they are thinking about making it more difficult for end users to do stuff because we are spending a lot of resources fixing things that people shouldn't be doing.

haha, i'm glad someone found that amusing. i meant to type purposes* though.

you could make it more difficult to get into trouble for the users but really, where there's a will, there's a way around. it might be better to implement a policy where if an employee damages their system by doing something not authorized by the company, your repair costs will be docked from their pay. that seems like a very serious incentive not to play around at work...

 

[Lexluethar]

Or possibly make the repairs have to be paid by their department.

I realize that people will always find ways to break stuff - which is why i believe they've really implimented a 'hands off' policy because as you said, if there is a computer - someone will break it

 

[office politics]

one thing i was thinking about implementing was installing windows steadystate on machines at the office. this way if a user has a malware or repair issue that is software related, they can reboot their machine and it should fix the problem. question is, how will it affect their day to day?

Windows SteadyState

 

[Lexluethar]

one thing i was thinking about implementing was installing windows steadystate on machines at the office. this way if a user has a malware or repair issue that is software related, they can reboot their machine and it should fix the problem. question is, how will it affect their day to day?

Windows SteadyState

Good idea!

WOuld need to ensure that the data files they use on a day to day basis and save are on your network or a server that doesn't have that software installed though.

 

[DBB2010]

i've never heard of steadystate, but i can imagine what it would do. if it is what i think, that would be a great idea.

 

[DBB2010]

back to the original post...
so i looked into the spyware asylum site and i like the idea behind it. i use combofix and mbam daily and hijackthis on occasion, when the system calls for it. this is kinda geared toward osiris, mak and trotter because they seem to handle the site, but anyone would be more than welcome to add their input.
i breezed over the pages and saw the order suggested to run the programs in, which makes sense considering what each one does, but i didn't see any mention of what modes to run the programs in or that hijackthis and mbam should be run on each profile. is this something that isn't necessary to do? mbam scans the ntuser.dat that's currently loaded, doesn't it? and combofix should be run in safe mode for optimum results, right?