No matter how "secure" the system is, users are always the weak point. -t On Jun 26, 2008, at 9:05 AM, Lee Duynslager wrote: > I’ve seen the ravages of this ransomware ./ malware on a couple of > peoples systems. I’ve always asked what preceded the infection. > You know ….. So then I could tell other users to avoid that. I’ve > not been able to pin point exactly what happened maybe the users are > so embarrassed that they’ve been had? > > Does anybody know how this gets installed? Is it a popup that tells > the user that their computer is infected with Viruses or Trojans? > Is it a supposed video codec that contains the malware? > > Once I know I am going to tell my users about it. > > LD > > > > Lee Duynslager > Information Technology Professional > Michigan State University > 517-432-5296 > > From: MSU Network Administrators Group [mailto:[log in to unmask]] > On Behalf Of Skutt, Tim > Sent: Thursday, June 26, 2008 6:46 AM > To: [log in to unmask] > Subject: Re: [MSUNAG] Removing Vista Antivirus 2008? > > Al, > I came across a system with this last week. It was quite a pain, > but I did notice that I could get most of the stuff removed if I > logged into the machine with a different profile. I then used > superantispyware to scan and delete the malware. I finally had to > delete the users profile as there were still reminants of this > running to reinstall it from there. > > Symantec Antivirus 10.2 didn’t detect anything either. > > > From: MSU Network Administrators Group [mailto:[log in to unmask]] > On Behalf Of Al Puzzuoli > Sent: Wednesday, June 25, 2008 10:15 PM > To: [log in to unmask] > Subject: [MSUNAG] Removing Vista Antivirus 2008? > > I'm working on a pC that has this malware. It's one of those > programs that pop up a fake antivirus dialog and try to scare the > user into either installing something, or buying something that they > shouldn't. Has anyone seen this particular variant before? Nod32 > isn't detecting it at all. I've seen similar trojans in the past, > and I was able to remove those using a little utility called > SmitfraudFix.exe; However, SmitfraudFix isn't detecting this > particular worm. The issue is further complicated by the fact that > this machine is offsite, and I'm trying to talk a user through > fixing this over the phone. I therefore really want to stay away > from solutions that require hand editing the registry if at all > possible. > > Thanks, > > > > > Al Puzzuoli > > Michigan State University > > Information Technologist > http://www.rcpd.msu.edu > > Resource Center for Persons with Disabilities > > 120 Bessey Hall East Lansing, MI 48824-1033 > > 517-884-1915 > -- Troy Murray Systems Administrator Michigan State University Biomedical Research and Informatics Center (BRIC) 100 Conrad Hall East Lansing, MI 48824 Phone: 517-432-4248 Fax: 517-353-9420 E-mail: [log in to unmask] Calendar HTML - http://www.icalx.com/html/troymurray72/month.php?cal=Work iCalendar - http://www.icalx.com/public/troymurray72/Work.ics