LISTSERV 16.0 - MSUNAG Archives

I've seen the ravages of this ransomware ./ malware on a couple of peoples
systems.  I've always asked what preceded the infection.  You know ... So
then I could tell other users to avoid that.  I've not been able to pin
point exactly what happened maybe the users are so embarrassed that they've
been had?

 

Does anybody know how this gets installed?  Is it a popup that tells the
user that their computer is infected with Viruses or Trojans?  Is it a
supposed video codec that contains the malware? 

 

Once I know I am going to tell my users about it.

 

LD

 

 

 

Lee Duynslager

Information Technology Professional

Michigan State University

517-432-5296

 

  _____  

From: MSU Network Administrators Group [mailto:[log in to unmask]] On
Behalf Of Skutt, Tim
Sent: Thursday, June 26, 2008 6:46 AM
To: [log in to unmask]
Subject: Re: [MSUNAG] Removing Vista Antivirus 2008?

 

Al,

I came across a system with this last week.  It was quite a pain, but I did
notice that I could get most of the stuff removed if I logged into the
machine with a different profile.  I then used superantispyware to scan and
delete the malware.  I finally had to delete the users profile as there were
still reminants of this running to reinstall it from there.

 

Symantec Antivirus 10.2 didn't detect anything either.

 

 

  _____  

From: MSU Network Administrators Group [mailto:[log in to unmask]] On
Behalf Of Al Puzzuoli
Sent: Wednesday, June 25, 2008 10:15 PM
To: [log in to unmask]
Subject: [MSUNAG] Removing Vista Antivirus 2008?

 

I'm working on a pC that has this malware.  It's one of those programs that
pop up a fake  antivirus dialog and try to scare the user into either
installing something, or buying something that they shouldn't.  Has anyone
seen this particular variant before?  Nod32  isn't detecting it at all.
I've seen similar trojans in the past, and I was able to remove those using
a little utility called SmitfraudFix.exe; However, SmitfraudFix isn't
detecting this particular worm.  The issue is further complicated by the
fact that this machine is offsite, and I'm trying to talk a user through
fixing this over the phone.  I therefore really want to stay away from
solutions that require hand editing the registry if at all possible.

 

Thanks,

 

 

 

 

 Al Puzzuoli                              

 

Michigan State University

 

Information Technologist                                       
http://www.rcpd.msu.edu <http://www.rcpd.msu.edu/> 

 

Resource Center for Persons with Disabilities

 

120 Bessey Hall East Lansing, MI  48824-1033

 

517-884-1915