Yeah...but don't you have to know how far back to restore to??? :D Plus, there's the whole problem of *getting* to System Restore...a lot of these fake antivirus apps will block most of your system tools. For example, I know this one won't let you add/remove programs. You can open add/remove programs (according to the user) but it won't let you *do* anything, because it doesn't display anything.
From: Jeff Brown [mailto:[email protected]] Sent: Friday, June 03, 2011 10:38 AM To: NT System Admin Issues Subject: Re: Fake antivirus We have had a LOT of success simply using Sys Restore to remove these programs... On Fri, Jun 3, 2011 at 9:34 AM, Ziots, Edward <[email protected]> wrote: John, A lot of this Fake AV is also coming from "legitmate" but hacked websites, and drive-by malware. There has been more and more sites hit with Web application attacks, which are imbedding malicious Iframe, and other goodies which are making links going to their malware sites and not the link they thought they was going too. Been seeing Fake-AV popping up as well, along with Target Phishing attacks, and the big fun of seeing the Military and Govt Entities being phished by the Chinese ( or so the US Govt says) just underlies how sensitive and secret information and communications are being sent over public email, which is pretty silly IMHO... Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 -----Original Message----- From: John Aldrich [mailto:[email protected]] Sent: Friday, June 03, 2011 10:26 AM To: NT System Admin Issues Subject: Fake antivirus I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
