OK, here is where I am. And I'll try to answer all posts up to now. Data is copied to an external hard disk and external disk powered down and parked. As for machine configuration - the OS and the data are on two separate disks in the machine anyway so I can just remove the data drive and hold it until the rebuild is complete. So my original build took this possibility into account from way back when. Bottom line here is two complete copies of data files on two different pieces of hardware. I should be good from that perspective.
Second: I used MSconfig to not load some things on startup. Didn't seem to help as the fake Security Center still comes up with erroneous info. Third. This is the second item that Vipre has let inside in a month. I never had this issue with AVG free over the last several years. The first item that came in has hosed .NET stuff so that IE8 doesn't work well and it prevents Viper Enterprise - the server side - from functioning at all. Sunbelt support helped me get a new instance of Viper enterprise running on another box but was unable to get it to run here as we were unable to fix .NET at all. (that other server is now almost sold so I have to move things again.) Another client had a similar problem and I just gave him an SD card with AVG free on it and he ran that and took care of his problem. I may try that myself later. Fourth: MalwareBytes. Downloading free version as I type. In the first 21 seconds of scanning it found 3 infected items with the quick scan. 5 infected items in the first 50 seconds. By 2 minutes it had 11 infected objects. Several minutes in I get a message from Vipre - (yes, I probably should have shut down Vipre before starting MalwareBytes - oops) anyway Vipre calls it a know bad file and appears to not let MalwareBytes remove it. However following the file name & location, the file does not exist - so maybe something took it out or the malware renemed itself. I'm gonna send this off as I guess that it will be another 20 or more minutes before it is done scanning & I need to get something to eat before running my daughter to soccer practice. I may let it run a deep scan over the 2+ hours I'm gone. OK it just finished with 16 bad items. I'm gonna tell it to get rid of them. Says it successfully got rid of them. Now to reboot and find out. More later and thanks for the good ideas. That seems to have done it. No more popups. Len Hammond CSI:Hartland [email protected] On Thu, Oct 8, 2009 at 12:35 PM, Erik Goldoff <[email protected]> wrote: > good advice already, but if all you really want is to save data off the > drive before nuking to install win7, why not just remove the drive and > install it as a slave on a known protected system ? Then you can copy the > data from the slave to a backup destination without any 'quirks' from the > operating system on the slave in the running processes > > On Thu, Oct 8, 2009 at 12:12 PM, Len Hammond <[email protected]>wrote: > >> Hi people, >> I have a client with an infected box. It seems to have the "SafeFighter" >> trojan. Vipre says that it blocked the installation of it but it has pop-ups >> wanting you to register the SafeFighter product to clean it out. It also >> puts up a false "Microsoft Security Center" window telling you that your >> firewall is ON and your virus protection is OFF or non-existent. When >> viewing the 'real' Security Center you find that Vipre is listed and running >> and the firewall is off as the settings dictate as the unit is behind a >> network firewall. And when you visit Vipre it is scanning with no items >> listed,n and it has two items in the blocked area but nothing in the >> Quarantine or any where else. These pop-ups come every few minutes. I would >> like to stop the pop-ups long enough to back up data and flatten the box and >> install Win7 in a couple of weeks when Win7 is released. >> >> Does anyone have a manual method of removing this rascal? Everything I've >> found on the web is wanting you to buy their product to do it. I may have to >> call Sunbelt to get their method? But Vipre says that it blocked it but >> something is still running. Maybe I'll just reboot and see if it is only in >> memory and the pop-ups go away. >> >> Anyone with thoughts for temp help. I know that a rebuild is the only sure >> way to cleanliness - just not today. >> >> Len Hammond >> CSI:Hartland >> [email protected] >> >> >> >> >> >> > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
