Al,
I came across a system with this last
week. It was quite a pain, but I did notice that I could get most of the stuff
removed if I logged into the machine with a different profile. I then used
superantispyware to scan and delete the malware. I finally had to delete the
users profile as there were still reminants of this running to reinstall it
from there.
Symantec Antivirus 10.2 didn’t
detect anything either.
From: MSU Network
Administrators Group [mailto:[log in to unmask]] On Behalf Of Al Puzzuoli
Sent: Wednesday, June 25, 2008
10:15 PM
To: [log in to unmask]
Subject: [MSUNAG] Removing
I'm working on a pC that has this malware. It's one of
those programs that pop up a fake antivirus dialog and try to scare the
user into either installing something, or buying something that they
shouldn't. Has anyone seen this particular variant before?
Nod32 isn't detecting it at all. I've seen similar trojans in the
past, and I was able to remove those using a little utility called
SmitfraudFix.exe; However, SmitfraudFix isn't detecting this particular
worm. The issue is further complicated by the fact that this machine is
offsite, and I'm trying to talk a user through fixing this over the
phone. I therefore really want to stay away from solutions that require
hand editing the registry if at all possible.
Thanks,
Al
Puzzuoli
Information
Technologist
http://www.rcpd.msu.edu
120 Bessey Hall
517-884-1915