Don't consider what I am going to say as OT. I noticed that Symantec ,every day, with new definitions detected submit to us tenth or hundreds of "old malware modified definitions". This authorize me to think that other vendors do the same . Conclusion: every day you don't know if your product will detect a malware because may be it is changhed and need modified definitions to be detected. GuidoElia HELPPC
_____ Da: Jonathan Link [mailto:[EMAIL PROTECTED] Inviato: sabato 16 agosto 2008 1.38 A: NT System Admin Issues Oggetto: Re: "Vista Antivirus 2008" malware removal I had a client who was infested with this, I installed Vipre. Vipre appeared to have removed it, but must've left enough behind to call home. We restarted the computer, and I had an odd blue screen, at the time, it flashed by too quickly but it was similar to the check disk screen, but stated something to the effect that antivirus software was updating. I noticed it too late to yank the network cable, and by the time we logged in, AV 2008 was back, and was undetectable by Vipre. I had to resort to a manual removal with some support from Malware bytes. This thing is pernicious. -Jonathan On 8/15/08, Alex Eckelberry <[EMAIL PROTECTED]> wrote: Yes, that is correct, most infestations are through spams. _____ From: James Kerr [mailto:[EMAIL PROTECTED] Sent: Friday, August 15, 2008 4:40 PM To: NT System Admin Issues Subject: Re: "Vista Antivirus 2008" malware removal I think, though I am not sure, that the users are getting this crap through email. I even got one that was supposedly an MSNBC news alert that lead me to a site that was already down. No PC has been infected as of yet. I ran malwarebytes on a couple and they are clean. ----- Original Message ----- From: Alex Eckelberry <mailto:[EMAIL PROTECTED]> To: NT System <mailto:[email protected]> Admin Issues Sent: Friday, August 15, 2008 4:31 PM Subject: RE: "Vista Antivirus 2008" malware removal Get the free Vipre trial, it both scans and removes at no charge. http://www.sunbeltsoftware.com/Home-Home-Office/VIPRE/ If you really have trouble, call us and we have specialists who can get rid of it. Alex Alex Eckelberry, CEO Sunbelt Software, Inc. 33 N. Garden Avenue, Clearwater, FL 33755 727.562.0101 x220 <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED] <http://www.sunbeltsoftware.com/> www.sunbeltsoftware.com www.sunbeltblog.com <http://www.sunbeltblog.com/> _____ From: Anthony [mailto:[EMAIL PROTECTED] Sent: Friday, August 15, 2008 4:08 PM To: NT System Admin Issues Subject: Re: "Vista Antivirus 2008" malware removal I'll second that. I've recently added Malwarebytes to my arsenal, they are pretty good at removing these rouge anti virus packages. These malware packages get there hooks in your system baaaad. Anthony ----- Original Message ----- From: Mike Gill <mailto:[EMAIL PROTECTED]> Sent: Thursday, August 14, 2008 4:17 PM Subject: RE: "Vista Antivirus 2008" malware removal Malwarebytes program seemed to help out the person who call me last night about this. He said it's off his computer now. -- Mike Gill From: Roger Wright [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2008 1:39 PM To: NT System Admin Issues Subject: RE: "Vista Antivirus 2008" malware removal Don't know if the Vista version is the same or not, but I just cleaned up XP Antivirus 2008 on a machine. Nasty piece of crap to eradicate, though. Had to stop some weird file from auto-starting, manually delete a folder of the same name from C:\Program Files\ and used Malwarebytes to remove the Registry entries. Then manually combed through the Registry and found a couple remains. Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _____ From: Durf [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2008 2:26 PM To: NT System Admin Issues Subject: "Vista Antivirus 2008" malware removal Hey guys; I was called in to look over another tech's customer who had a system where they had (mostly) removed the "Vista Antivirus 2008" fake AV malware. The only issue still remaining was what we thought at first was a simple browser redirection issue - visting a huge number of security-related sites resulted in a 404. Well, it wasn't a BHO, and it wasn't a redirect, and it's not a HOSTS file. It's something screwed in the TCP/IP stack. NSLOOKUP returns the proper DNS result for a site, but when you send any traffic to it at all - ping, let's say - it's redirected to localhost. Anyone seen this before and fixed it by means other than burning down the system, which is what I'm going to recommend otherwise? -- Durf -- -------------- Give a man a fish, and he'll eat for a day. Give a fish a man, and he'll eat for weeks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
