Man, these malware creators are evil! I vote we bring back public hangings!
On Fri, Dec 4, 2009 at 6:39 AM, John Aldrich <[email protected]>wrote: > I was at a seminar yesterday put on by Sunbelt and during a break I had a > chance to talk to one of the presenters and told him of a recent malware > incident I’d cleaned up. He’d never heard of such a trick before so I > thought I’d bring it to y’all’s attention so you can be on the lookout for > it. Basically it was the same old malware that’s been going around with the > Antivirus Pro sort of stuff, but the twist was that even using Malware Bytes > we were not able to get rid of it. After I was poking around a bit, (I don’t > recall why I was looking at the root of C:, but I was) I noticed a batch > file in the root of the C: drive that, when I opened it and looked at it, it > created a bunch of scheduled tasks to re-download the malware/adware. I > wised up and deleted that file, then went into the Scheduled Tasks and > deleted all the malware-created scheduled tasks. Then I was able to > successfully clean the stuff out! > > What really got us was that Malware Bytes would clean it, then say it > needed to reboot to finish, and then as soon as we came back, the fake > antivirus was right back there. What I believe it was doing was > re-downloading itself from the internet each time we cleaned it. So, anyway, > if you guys ever have a problem like this, it wouldn’t hurt to check the > scheduled tasks! > > > > [image: John-Aldrich][image: Tile-Tools] > > > > > > > > -- Mike Sullivan [email protected] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
<<image002.jpg>>
<<image001.jpg>>
