Fortunately my blocks and protections at work seem to keep our malware to a very low minimum. However, as a "perk" we work on employee PCs. We see plenty of infected machines and our standard answer is "I will format it and re-install it, but I won't try to clean it".
Once a PC is compromised, I have no trust in it. I pull the drive, copy documents, etc to another source, then re-install. Many times this is quicker than trying to "clean" it. Bob From: Len Hammond [mailto:[email protected]] Sent: Thursday, October 08, 2009 12:13 PM To: NT System Admin Issues Subject: infected box Hi people, I have a client with an infected box. It seems to have the "SafeFighter" trojan. Vipre says that it blocked the installation of it but it has pop-ups wanting you to register the SafeFighter product to clean it out. It also puts up a false "Microsoft Security Center" window telling you that your firewall is ON and your virus protection is OFF or non-existent. When viewing the 'real' Security Center you find that Vipre is listed and running and the firewall is off as the settings dictate as the unit is behind a network firewall. And when you visit Vipre it is scanning with no items listed,n and it has two items in the blocked area but nothing in the Quarantine or any where else. These pop-ups come every few minutes. I would like to stop the pop-ups long enough to back up data and flatten the box and install Win7 in a couple of weeks when Win7 is released. Does anyone have a manual method of removing this rascal? Everything I've found on the web is wanting you to buy their product to do it. I may have to call Sunbelt to get their method? But Vipre says that it blocked it but something is still running. Maybe I'll just reboot and see if it is only in memory and the pop-ups go away. Anyone with thoughts for temp help. I know that a rebuild is the only sure way to cleanliness - just not today. Len Hammond CSI:Hartland [email protected]<mailto:[email protected]> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
