Had very good luck so far using combofix, Malwarebytes, and viper. Although 1 computer running XPsp3 is now very slow and the user does not want a wipe. I found combofix http://www.bleepingcomputer.com/combofix/how-to-use-combofix here. I do not follow the directions completely; I don't post the log file to any forum. I do, disable AV, run updated combofix, enable AV, run malwarebytes. If there is anything still going on, I'll do a quick scan with superantispyware then investigate manually (registry, running processes, files).
Gene Giannamore -----Original Message----- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, June 03, 2011 7:26 AM To: NT System Admin Issues Subject: Fake antivirus I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin