cool. best bet is to reformat / reinstall. on boxes like this I am disabling all web access. if they need something, they can remote desktop or map a drive.
At 01:13 PM 10/8/2009, David W. McSpadden wrote: >I really like the slave the drive and scan from a clean machine. > >From: <mailto:[email protected]>wjh >Sent: Thursday, October 08, 2009 1:05 PM >To: <mailto:[email protected]>NT System Admin Issues >Subject: Re: infected box > >I've got a user's box now that has "securitytools" fake a/v >virus. It deleted malwarebytes from his machine. booted into safe >mode to reinstall malwarebytes. After installation the mbam.exe >file was missing again. I also ran Avast's bart CD and it only >found two items, which did nothing to rmeove the virus. uggh. and >this is a machine used for animation and video work so days of work >to rebuild it with all the software apps. > >Bill >>I use a three-pronged approach that I keep stored on a small USB >>thumb drive that is labeled VIRUS CLEANER... >> >>First, I run Malwarebytes. After Malwarebytes, I run Combofix >>(download from <http://bleepingcomputers.com>bleepingcomputers.com, >>NOT <http://combofix.org>combofix.org). After that, I install >>Avast and have it run a boot-time scan. After it has booted up >>again, I run Malwarebytes again. >> >>9 times out of 10, my work is done at this point.... >> >> >>-- >>Matt Cross >>mailto:[email protected] >> >> >>On Thu, Oct 8, 2009 at 12:31 PM, James Kerr >><<mailto:[email protected]>[email protected]> wrote: >>+1 but run it with the box in safe mode. >> >>James >>----- Original Message ----- >>From: <mailto:[email protected]>John Aldrich >>To: <mailto:[email protected]>NT System Admin Issues >>Sent: Thursday, October 08, 2009 12:24 PM >>Subject: RE: infected box >> >>Malwarebytes.com is your friend. If that doesn't do it, I don't >>know what else to suggest. You could always try booting off a >>VipreRescue disk and see if that cleans it. >> >> >> >>John-Aldrich >>Tile-Tools >> >> >> >> >>From: Len Hammond [mailto:[email protected]] >>Sent: Thursday, October 08, 2009 12:13 PM >>To: NT System Admin Issues >>Subject: infected box >> >> >> >>Hi people, >> >> >> >>I have a client with an infected box. It seems to have the >>"SafeFighter" trojan. Vipre says that it blocked the installation >>of it but it has pop-ups wanting you to register the SafeFighter >>product to clean it out. It also puts up a false "Microsoft >>Security Center" window telling you that your firewall is ON and >>your virus protection is OFF or non-existent. When viewing the >>'real' Security Center you find that Vipre is listed and running >>and the firewall is off as the settings dictate as the unit is >>behind a network firewall. And when you visit Vipre it is scanning >>with no items listed,n and it has two items in the blocked area but >>nothing in the Quarantine or any where else. These pop-ups come >>every few minutes. I would like to stop the pop-ups long enough to >>back up data and flatten the box and install Win7 in a couple of >>weeks when Win7 is released. >> >> >> >>Does anyone have a manual method of removing this rascal? >>Everything I've found on the web is wanting you to buy their >>product to do it. I may have to call Sunbelt to get their method? >>But Vipre says that it blocked it but something is still running. >>Maybe I'll just reboot and see if it is only in memory and the pop-ups go >>away. >> >> >> >>Anyone with thoughts for temp help. I know that a rebuild is the >>only sure way to cleanliness - just not today. >> >> >>Len Hammond >>CSI:Hartland >><mailto:[email protected]>[email protected] >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > > > > > > > > > --------Andy-Ofalt---863-3449------405-Ag-Admin-Bldg------for more information go to http://ict.cas.psu.edu/Contacts.html ---------- My little blurb to eat up bandwidth and make your mail box even larger +++++++++++++++++++++++++++++++++++++++++++++++++++ The real problem is that IP, a connectionless protocol, was never developed to be the universal protocol. ATM was developed to serve that purpose and failed. +++++++++++++++++++++++++++++++++++++++++++++++++++ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
<<inline: 2005dd2c.jpg>>
<<inline: 2005dd8a.jpg>>
