I’ve seen a few cases lately in the last couple weeks. I remotely kill the process and delete it when someone calls about it. It’s almost always a single executable in c:\D&S\username\Application Data folder,
but it’s hidden/system. Then I check the other profiles to make sure they’re clean. I upload the executable to virustotal.com to make sure it wasn’t a slip up by VIPRE. It seems they’re slow to update the definitions for those things and apparently they’ve
eliminated the option to download a missed detection so it gets into the definitions faster
L
Jon Galbreath,
MCSE
Systems Administrator
International Studies and Programs
Helpdesk: 517-884-2148
Ph: 517-884-2144
From: Al Puzzuoli [mailto:[log in to unmask]]
Sent: Wednesday, June 01, 2011 3:40 PM
To: [log in to unmask]
Subject: [MSUNAG] Fake Alert malware getting past AV Software?
Over the past few months, I have seen a number of instances of machines getting infected with variants of this Fake Alert bug. It has happened to several users in the office; but I have also seen it on friend’s machines as well. Some users
were running XP, others were on Windows 7.Some had admin rights, others didn’t. It’s gotten past Nod32, VIPRE, and Security Essentials. Bottom line is, I have no idea what to do to keep this bloody thing out! Are others having similar problems? If so, why
hasn’t there been more of a general outcry to the AV companies? They all seem to be virtually useless when it comes to this sort of attack. If AV isn’t the answer, then what is?
Totally frustrated,
Al