I just had the third user report that he ended up at one of those antivirus 2008 sites. It was my boss and he said he clicked on a link in MSN news. We tried to duplicate but this time the link went to the right place. Trend isnt reporting any issues so far. I am going to run a manual scan anyway just to be sure. ----- Original Message ----- From: Benjamin Zachary - Lists To: NT System Admin Issues Sent: Friday, August 15, 2008 11:17 AM Subject: RE: "Vista Antivirus 2008" malware removal
Yeah, I think I ran the same thing, where it had VIRUS ALERT! listed in the systray next to the clock, ran AVG/Spybot and they cleaned most of it, but I had to goto safe mode run that little dos app and then I ended up also wiping the profile just in case and making a new one, problem appears gone. ------------------------------------------------------------------------------ From: Mike Gill [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2008 6:17 PM To: NT System Admin Issues Subject: RE: "Vista Antivirus 2008" malware removal Malwarebytes program seemed to help out the person who call me last night about this. He said it's off his computer now. -- Mike Gill From: Roger Wright [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2008 1:39 PM To: NT System Admin Issues Subject: RE: "Vista Antivirus 2008" malware removal Don't know if the Vista version is the same or not, but I just cleaned up XP Antivirus 2008 on a machine. Nasty piece of crap to eradicate, though. Had to stop some weird file from auto-starting, manually delete a folder of the same name from C:\Program Files\ and used Malwarebytes to remove the Registry entries. Then manually combed through the Registry and found a couple remains. Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _____ From: Durf [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2008 2:26 PM To: NT System Admin Issues Subject: "Vista Antivirus 2008" malware removal Hey guys; I was called in to look over another tech's customer who had a system where they had (mostly) removed the "Vista Antivirus 2008" fake AV malware. The only issue still remaining was what we thought at first was a simple browser redirection issue - visting a huge number of security-related sites resulted in a 404. Well, it wasn't a BHO, and it wasn't a redirect, and it's not a HOSTS file. It's something screwed in the TCP/IP stack. NSLOOKUP returns the proper DNS result for a site, but when you send any traffic to it at all - ping, let's say - it's redirected to localhost. Anyone seen this before and fixed it by means other than burning down the system, which is what I'm going to recommend otherwise? -- Durf -- -------------- Give a man a fish, and he'll eat for a day. Give a fish a man, and he'll eat for weeks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
