Antivirus Pro 2010
This is starting to be a pain.
I would love to know how this is getting on our PCs - [ ok only 2 at the moment ] as they all have to go through the firewall [ Navaho ] first. And how the hell did one even install the .exe into program files etc when it was all up to date with IE8, patches & Trend AV !!!
Anyone else seen it worm it's way in ?
What does your navaho do (assuming it scans files on the gateway) when under heavy load? Block or stop scanning files?
you might find this useful.
Remove Fake Antivirus 1.34
I can get rid of it, I just want to know why I have two cases of it getting through !!
I shall investigate further.
Getting absolutely shedloads of this and similar infections. Gets past symantec and mcafee alike, and although there's no other protection like firewalls etc, it's still annoying. Removal is easy armed with Malwarebytes Anti Malware, but I tend to do a full scan as well with the relevant AV packages.
I wouldn't even mind knowing where they actually come from in the first place - very few people use our LEA's filtering system (via EMBC) therefore are automatically filtered to the highest level, which suggests drive-by infections from banners/adverts etc on legitimate sites. Or course ruddy USB pens :)
What gets me is that today [ after clearing down 4 PCs ] is how they hell it got through our Firewall - [ E-mail sent to Navaho but I was NOT impressed with their reply ] and also why the hell is Trend AV not detecting it ? [ Not the main fake front end as it does but the fake system tray message ]
On running Malwarebytes it sees a load of wpv[load of numbers].exe files in the windows temp dir which get cleared so how the hell did they get there ?
I cleared down a portable drive today a kid had which had a load of infections, and I get flagged everyday USB pen alerts. I'm wondering like synaesthesia if this is being spread via USB devices now.....
Also I think it's spread via Spam messages too.
I only have one school left that no longer has daily messages from Symantec with infected pen drives - and thats because we banned them. I'm more than happy that the infection stays exactly there, the infection will only get across to the main system if someone copies it there and then it's dealt with quickly. But thats just the usual autorun.inf - these fakeAV ones are getting far more virilant. I'm starting to think about mass-anti spyware solutions but these are ruddy expensive, especially for site licenses. However, when your anti-virus package deals with viruses only and specifically, we appear to be left with little choice. And even then what would people suggest? No one package on it's own is capable enough as it stands and I can't see that improving :| The only thing I can think of, and suggest, is a change in how the machines are used, which murders convenience and raises calls logged for our attention |: