Well, sometimes it does, sometimes it does not... A short time ago I gave a couple of "problems". That is, the _real_ malware is hidden. Scans find the secondary downloaded malware but not the real culprit. It wasn't until I went looking for "new" files in the Windows directories that we finally stopped that.
Again, I do not believe this combination will find bad "registry entries" for an NTUSER.DAT file which is not a part of the active registry. What gets found when the scans (VIPRE + MBytes) are run when the afflicted user is still logged on and what is found the next day when another person is logged in differ. -- Richard D. McClary Systems Administrator, Information Technology Group ASPCA® 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 [email protected] P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.org The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA ®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. Alex Eckelberry <[email protected]> wrote on 09/15/2010 11:55:28 AM: > http://vipre.malwarebytes.org/ > > Free. And the combination really works. > > From: John Hornbuckle [mailto:[email protected]] > Sent: Wednesday, September 15, 2010 12:20 PM > To: NT System Admin Issues > Subject: #*&$&% "Security Tools" Malware > > The ?Security Tools? malware is about to drive me insane. My users > keep managing to infect themselves with it, and we?re having trouble > stopping it. > > They don?t run with admin rights, so there?s no real damage done to > their systems and we can clean it up in about two minutes. But the > time adds up, and I?m tired of my technicians having to waste time on it. > > Our antimalware software is Microsoft?s Forefront Client Security, > and it?s having a tough time catching this. Every time I get > infected, I send the EXE to Microsoft and they update their > definitions?but the EXE?s used by the malware apparently change > rapidly, and seem to constantly be a step ahead of FCS?s definitions. > > I can think of a couple of options that I know would stop it, like > blocking all EXE?s at our web filter or using group policy to limit > the running of EXE?s?but this would also prevent users from doing > things like installing safe plug-ins from websites, so it?s not a > first resort. > > Suggestions? > > > > John Hornbuckle > MIS Department > Taylor County School District > www.taylor.k12.fl.us > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: http://lyris.sunbelt-software. > com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > NOTICE: Florida has a broad public records law. Most written > communications to or from this entity are public records that will > be disclosed to the public and the media upon request. E-mail > communications may be subject to public disclosure. > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: http://lyris.sunbelt-software. > com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
