I'm still in favor of the "Ball-peen hammer to fingers" method of behavioral modification used in the movie Casino...
From: Lee Douglas [mailto:[email protected]] Sent: Friday, December 04, 2009 8:52 AM To: NT System Admin Issues Subject: Re: New virus trick Or at least public flogging! On Fri, Dec 4, 2009 at 9:46 AM, Mike Sullivan <[email protected]> wrote: Man, these malware creators are evil! I vote we bring back public hangings! On Fri, Dec 4, 2009 at 6:39 AM, John Aldrich < [email protected]> wrote: I was at a seminar yesterday put on by Sunbelt and during a break I had a chance to talk to one of the presenters and told him of a recent malware incident I'd cleaned up. He'd never heard of such a trick before so I thought I'd bring it to y'all's attention so you can be on the lookout for it. Basically it was the same old malware that's been going around with the Antivirus Pro sort of stuff, but the twist was that even using Malware Bytes we were not able to get rid of it. After I was poking around a bit, (I don't recall why I was looking at the root of C:, but I was) I noticed a batch file in the root of the C: drive that, when I opened it and looked at it, it created a bunch of scheduled tasks to re-download the malware/adware. I wised up and deleted that file, then went into the Scheduled Tasks and deleted all the malware-created scheduled tasks. Then I was able to successfully clean the stuff out! What really got us was that Malware Bytes would clean it, then say it needed to reboot to finish, and then as soon as we came back, the fake antivirus was right back there. What I believe it was doing was re-downloading itself from the internet each time we cleaned it. So, anyway, if you guys ever have a problem like this, it wouldn't hurt to check the scheduled tasks! -- Mike Sullivan [email protected] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
<<image001.jpg>>
<<image002.jpg>>
