We have had a LOT of success simply using Sys Restore to remove these programs...
On Fri, Jun 3, 2011 at 9:34 AM, Ziots, Edward <[email protected]> wrote: > John, > > A lot of this Fake AV is also coming from "legitmate" but hacked > websites, and drive-by malware. There has been more and more sites hit > with Web application attacks, which are imbedding malicious Iframe, and > other goodies which are making links going to their malware sites and > not the link they thought they was going too. > > Been seeing Fake-AV popping up as well, along with Target Phishing > attacks, and the big fun of seeing the Military and Govt Entities being > phished by the Chinese ( or so the US Govt says) just underlies how > sensitive and secret information and communications are being sent over > public email, which is pretty silly IMHO... > Z > > Edward E. Ziots > CISSP, Network +, Security + > Security Engineer > Lifespan Organization > Email:[email protected] > Cell:401-639-3505 > > > -----Original Message----- > From: John Aldrich [mailto:[email protected]] > Sent: Friday, June 03, 2011 10:26 AM > To: NT System Admin Issues > Subject: Fake antivirus > > I'm going to go to a former co-worker's this afternoon to clean his > system > (again) from another fake antivirus infestation. I've already got Vipre > Rescue and Malware Bytes on a memory stick. I've also got RKILL. I > haven't > had to deal with any fake antivirus in a few weeks. Just wondering if > they > have developed any new tricks recently that I should be aware of? > > Oh, this user had Vipre Home on his PC, and got infested anyway. Should > I > submit samples to Sunbelt (assuming I can find where they're > quarantined)??? > > Thanks! > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
