I had a client who was infested with this, I installed Vipre. Vipre appeared to have removed it, but must've left enough behind to call home. We restarted the computer, and I had an odd blue screen, at the time, it flashed by too quickly but it was similar to the check disk screen, but stated something to the effect that antivirus software was updating. I noticed it too late to yank the network cable, and by the time we logged in, AV 2008 was back, and was undetectable by Vipre. I had to resort to a manual removal with some support from Malware bytes. This thing is pernicious.
-Jonathan On 8/15/08, Alex Eckelberry <[EMAIL PROTECTED]> wrote: > > Yes, that is correct, most infestations are through spams. > > ------------------------------ > *From:* James Kerr [mailto:[EMAIL PROTECTED] > *Sent:* Friday, August 15, 2008 4:40 PM > *To:* NT System Admin Issues > *Subject:* Re: "Vista Antivirus 2008" malware removal > > > I think, though I am not sure, that the users are getting this crap > through email. I even got one that was supposedly an MSNBC news alert that > lead me to a site that was already down. No PC has been infected as of yet. > I ran malwarebytes on a couple and they are clean. > > ----- Original Message ----- > *From:* Alex Eckelberry <[EMAIL PROTECTED]> > *To:* NT System Admin Issues <[email protected]> > *Sent:* Friday, August 15, 2008 4:31 PM > *Subject:* RE: "Vista Antivirus 2008" malware removal > > > Get the free Vipre trial, it both scans and removes at no charge. > > http://www.sunbeltsoftware.com/Home-Home-Office/VIPRE/ > > If you really have trouble, call us and we have specialists who can get rid > of it. > > Alex > Alex Eckelberry, CEO > Sunbelt Software, Inc. > 33 N. Garden Avenue, Clearwater, FL 33755 > 727.562.0101 x220 > [EMAIL PROTECTED] > www.sunbeltsoftware.com > www.sunbeltblog.com > > ------------------------------ > *From:* Anthony [mailto:[EMAIL PROTECTED] > *Sent:* Friday, August 15, 2008 4:08 PM > *To:* NT System Admin Issues > *Subject:* Re: "Vista Antivirus 2008" malware removal > > > I'll second that. > > I've recently added Malwarebytes to my arsenal, they are pretty good at > removing these rouge anti virus packages. These malware packages get there > hooks in your system baaaad. > > Anthony > > ----- Original Message ----- > *From:* Mike Gill <[EMAIL PROTECTED]> > *Sent:* Thursday, August 14, 2008 4:17 PM > *Subject:* RE: "Vista Antivirus 2008" malware removal > > > > Malwarebytes program seemed to help out the person who call me last night > about this. He said it's off his computer now. > > > > -- > Mike Gill > > > > *From:* Roger Wright [mailto:[EMAIL PROTECTED] > *Sent:* Thursday, August 14, 2008 1:39 PM > *To:* NT System Admin Issues > *Subject:* RE: "Vista Antivirus 2008" malware removal > > > > Don't know if the Vista version is the same or not, but I just cleaned up > XP Antivirus 2008 on a machine. Nasty piece of crap to eradicate, though. > > > > Had to stop some weird file from auto-starting, manually delete a folder of > the same name from C:\Program Files\ and used Malwarebytes to remove the > Registry entries. Then manually combed through the Registry and found a > couple remains. > > > > > > Roger Wright > > Network Administrator > > Evatone, Inc. > > 727.572.7076 x388 > > _____ > > > > > > *From:* Durf [mailto:[EMAIL PROTECTED] > *Sent:* Thursday, August 14, 2008 2:26 PM > *To:* NT System Admin Issues > *Subject:* "Vista Antivirus 2008" malware removal > > > > Hey guys; > > I was called in to look over another tech's customer who had a system where > they had (mostly) removed the "Vista Antivirus 2008" fake AV malware. The > only issue still remaining was what we thought at first was a simple browser > redirection issue - visting a huge number of security-related sites resulted > in a 404. > > Well, it wasn't a BHO, and it wasn't a redirect, and it's not a HOSTS > file. It's something screwed in the TCP/IP stack. NSLOOKUP returns the > proper DNS result for a site, but when you send any traffic to it at all - > ping, let's say - it's redirected to localhost. > > Anyone seen this before and fixed it by means other than burning down the > system, which is what I'm going to recommend otherwise? > > -- Durf > > -- > -------------- > Give a man a fish, and he'll eat for a day. > Give a fish a man, and he'll eat for weeks! > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
