Jump to content
ToxicBlitzX3

Recommended ideas for School's Computer Lab

Recommended Posts

Hi! first time posting, @Amaroq_Starwind suggested i sign up and make a post,

Curious mostly, to see if anyone has any ideas or recommendations, or any second opinions for when students use their flashdrives, I am having an issue right now where most students are using flashdrives with quick-access viruses that keep infecting the computers in the lab, I even offered help and tips to the students so they know what not to do and always scan their flashdrives, but they tend to forget and click on the quick-access files and infect the computer all over again, tad frustrating.

Thanks in advance

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab
    Repair menu_arrows.png
     
  7. Click the Gather Logs button
    Advanced_arrows.png
     
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    Advanced Gather Logs_arrows.png
     
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Advanced Gather Logs completed_arrows.png
     
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Share this post


Link to post
Share on other sites

Hello @ToxicBlitzX3 and :welcome:

Can you please provide more details on how many lab computers there are and what they're running? What specific infection are they getting or having?

Are the computers running a licensed version of Malwarebytes 3
What if any antivirus are the Lab computers running?

If you like, the following tool will provide details on what is running on the system

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

 

Thanks

Ron

 

Share this post


Link to post
Share on other sites

The computers in question would be best served instituting a Local Policy ( GPEdit.msc ) disabling the use of USB Mass Storage Devices.

Image.thumb.jpg.a7ad69d68865f08e5f96fa65e336a5a9.jpg

Reference:
http://woshub.com/how-to-disable-usb-drives-using-group-policy/
http://ena.support.keysight.com/e5071c/manuals/webhelp/eng/using_windows_xp/disabling_usb_mass_storage_device.htm

 

Share this post


Link to post
Share on other sites

Or at the very least, disabling the execution of files on USB mass storage devices. Since you told me earlier that they should all be running Win10 Pro, x64, that means there's a lot you can do to keep unsafe, untrusted or otherwise unauthorized software from running. You can also try installing VoodooShield.

Share this post


Link to post
Share on other sites
2 hours ago, AdvancedSetup said:

Hello @ToxicBlitzX3 and :welcome:

Can you please provide more details on how many lab computers there are and what they're running? What specific infection are they getting or having?

Are the computers running a licensed version of Malwarebytes 3
What if any antivirus are the Lab computers running?

If you like, the following tool will provide details on what is running on the system

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

 

Thanks

Ron

 

32 on use ATM, Windows OS but it varies on 7, 8, 10 (it was a mess when i first arrived, not too long) all of them are 64-bit, it creates shortcuts of every file and folder inside the flashdrive and hides the real files in a hidden folder, the students click on the quick-access files, they are rather naive and uninformed about these things, so when they click on them, the virus creates a script as a process and sets itselt on startup boots, any flashdrive that you put in that is not infected, will repeat the method of creating the quick-access files.

The computer were using the ESET NOD32 antivirus but the main office hasn't renewed the license yet so i have to look for alternatives before all the computers become infected

@David H. Lipman I can't lock the use of the flashdrives because the students use them to take their work home, the issue mostly happens during the CompSci classes.

Share this post


Link to post
Share on other sites
7 minutes ago, ToxicBlitzX3 said:

@David H. Lipman I can't lock the use of the flashdrives because the students use them to take their work home, the issue mostly happens during the CompSci classes.

Create another methodology for them to take their work home like a school hosted file service.

Share this post


Link to post
Share on other sites

The Windows 7, 8 and Windows 10 can all run Windows Defender or Security Essentials. Windows 7 & 8 are not robust but it's free and should be able to stop many auto-run infections. It depends on what it is. The Windows 10 computers can run Windows Defender and it's actually a pretty good antivirus.

If these are all School owned then I assuming all are legal versions of Windows and depending on licensing they may all be able to be upgraded to Windows 10.

If all were Windows 10 you'd have a better chance of protecting them for free. Windows 7 & 8 would probably require some type of paid antivirus.

Personally, if I were running the Lab with 32 computers I would look at automating automatic imaging on demand. Place the image to use on a hidden partition. Then run it on a scheduled basis or between classes. I'm assuming nothing needs to be saved on any computer for the next student and all can start with a clean slate each class. 

You could also look at using VirtualBox on all of them. Locking out all features of physical Windows except the virtual machine. Then using Snapshots you could revert those in quite literally seconds and have them back to the way they were even if they were infected.

Many options one can do. You would need appropriate licensing from Microsoft though in order to upgrade or install new Windows installations on virtual machines.

Depending on what the Students really need access to in the Lab you might also consider a Linux virtual machine which is completely free.

 

 

Share this post


Link to post
Share on other sites

Here we go. Autorun Exterminator:

https://ccm.net/download/download-11613-autorun-exterminator

It isn't perfect, but even with all the grammatical errors, it seems pretty legit. Maybe it can solve some of your problems, or at the very least maybe a modification of it can find its way into Malwarebytes.

By the way, if you have the .NET Framework 4.8 installed, Windows Defender will proactively scan removable media for malicious executables.

Share this post


Link to post
Share on other sites

Just thinking out loud here.

You could try MCSheild, it hasn't been updated for a while but still works well on W10.

Use a sandbox such as Sandboxie, its free and nothing will get by it if set up properly, however if the students need to save any work it will need to be committed to the disc which will just infect the computer anyways I believe.

LIght virtulization tools such as Toolwiz Time Freeze (free) or Rollback RX (paid).

Lastly. Shadow Defender, probably too costly for a school setting but it also works very well, basically anything done to the computer can be un-done with a reboot. 

You would have to research these to see if any may work for you under the conditions in which the computers are used, alternatively, a good anti-virus may do the trick as well.

If it was my class I just wouldn't let them use the computers until they were educated and informed in safe computer practises. Maybe you could use just one computer that would only be used to scan their flashdrives, set up a couple programs such as Eset Online Scanner and Emsisoft Emergency kit and just let them know that no flashdrives go into the regular computers until they are scanned first.

Edited by digmorcrusher

Share this post


Link to post
Share on other sites

All good, just think we might even detect Rollback

 

I think all of it can be done with Free tools, ideas. But will take a certain amount of physical time and effort to get set up in place.

 

Share this post


Link to post
Share on other sites

Thanks for the ideas ^^

Yeah, i will have to start setting up a computer to scan any flashdrives that the students want to bring with them if this issue keeps on, and more important, update them all to W10 to be safer, will keep the other options in mind of course.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.