speckytecky (2nd March 2011)
As per the BBC story:
BBC News - Britons caught out by booby-trapped web ads
We have two laptops with this swine of an infection. All were fully patched and the latest av defs installed. So far MalwareBytes and the AV programs haven't found anything to delete in safemode.
Anyone else tackling them atm?
speckytecky (2nd March 2011)
we've not had those, but we've been hit by google images. if someone goes on to google images and gets the results page, click on a result which loads up the page and the image above it, a lot of these are now redirecting to the fake AV pages. We've had about 10 students get this in the past week so far and all panic.
Does anyone know of a manual removal walkthrough? Nothing we've got has picked it up on the infected machines yet. PITA
Not hit by that but like above the fake AV warnings are coming thick and fast :/
I had this infection on a staff laptop the other day, followed the instructions from Bleeping Computer which worked a treat.
Had one of the teachers get this on a laptop at one of my sites. According to them they came back to their pc and it was like that.
Can't be much help on removal though as this was the new school with XP, out of date av and everything so the solution I picked was simply to nuke it and put Windows 7 on it as it was about a week off happening anyway.
Last edited by SYNACK; 2nd March 2011 at 10:30 AM.
got one here not a school laptop but one of the teacher home laptop. we have also seen an increasing number of laptop infected with the fake av over the last few weeks.
We had this after 3 users visited the Easyjet website. Safe mode and Malwarebytes fixed the issue but it seems to be spreading like wildfire.
We've had it on two PCs. After doing a full AV scan (MS Forefront Endpoint Essentials) that couldn't get rid of it we decided to just reimage.
Seems to be various versions of it about. Some get removed by Malwarebytes but some don't. The malware only sits in the profile of the affected user - so if push comes to shove, removing that profile fixes the issue from what I've found.
On my third infected user now. CA eTrust doesn't find it.
Just cleaning the 10th laptop so far this week. Have found the quickest solution is to remove the HDD, stick it an a caddy and then run a full scan with MSE.
SimpleSi (5th March 2011)
I had one Monday morning, same message exactly. Much trickier to remove than the normal stuff, i struggled to find it. Sophos and Malwarebytes failed to find it. Superantisypware did the trick.
Thanks for the heads-up - email sent to staff - whether they will take any notice is a different matter
THe version that I had walked right past Symantec Endpoint Protection (older version that may have had outdated defs) and killed taskmanager and sep itself, on XP though. ANyone had this affect WIndows 7?
There are currently 1 users browsing this thread. (0 members and 1 guests)