| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 117064 | 2011-03-31 22:29:00 | The fake AV epidemic | linw (53) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1190984 | 2011-04-01 04:10:00 | Use rkill. If nothing else works. Or search for whatever it is, And follow the instructions. Use ccleaner and remove the temp files etc Yeah, done that. Rkill was not much use this time as all progs were able to run. Bit of a puzzle, this one. All I can do is scan with several progs and then send it home. |
linw (53) | ||
| 1190985 | 2011-04-01 04:13:00 | Thats no excuse. Most AV's claim to scan for spyware. they just arnt very good at it. Its now hard to justify the cost of pay AV products to customers (even NOD) as they just really dont work. But, given the rate that new spyware is written, no AV EVER will be able to keep up. they have to wait for the infections to spread & be known before they can write them into the sig updates. No software will protect from user idiocy, i thinks perhaps thats the real problem :badpc: Pretty much sums it up for me. Polymorphism makes it impossible for signature detection to prevent infections. |
linw (53) | ||
| 1190986 | 2011-04-01 04:13:00 | Does it have a name? | Speedy Gonzales (78) | ||
| 1190987 | 2011-04-01 05:09:00 | Surprising as it may seem, I suspect many people install them voluntarily thinking they're the real thing. One time a friend called me to their computer saying "what's this", while I was reading the scam website in bemusement and fascination, my friend had already dismissed the AV pop-up and was going for the install button! It's as though it's a reflex. cheers W |
waldok (15185) | ||
| 1190988 | 2011-04-01 05:23:00 | a few of those "scan your computer..." ones (like system Tool 2011) etc have their executable in C:\Documents and Settings\All Users\Application Data\strange_random_name_or_digits\SAME_strange_ra ndom_name_or_digits.exe navigate there in safe mode - change the name of the folder, and you can then boot normally and clean it up without it blocking you etc |
bevy121 (117) | ||
| 1190989 | 2011-04-01 06:18:00 | Yeah I've found that most are easily "beaten" by booting into Safe Mode then clearing out the registry. I'm yet to find one that's so nasty I can't do that... | Chilling_Silence (9) | ||
| 1190990 | 2011-04-01 06:29:00 | You have now, the one I posted. It still ran after deleting the registry entries it creates | Speedy Gonzales (78) | ||
| 1190991 | 2011-04-01 06:55:00 | Yeah I've found that most are easily "beaten" by booting into Safe Mode then clearing out the registry. I'm yet to find one that's so nasty I can't do that... I saw a variant on a XP machine that deleted the Safeboot reg keys, so any attempt to start Safe Mode was met with a BSOD! Required a bootable offline reg editor and a (lucky) backup of the System Hive to fix it. |
fred_fish (15241) | ||
| 1 2 3 | |||||