Re: Antivirus 2008/2009

Well, I have the laptop. It is XP Pro SP2 with all critical updates done and
"Trend Micro PC-cillin 12" from Dell is current. His account is in the
Administrators and Debugger Users groups.

Sun Java was 1.4.2_03, which I updated to latest.

In "Trend Micro PC-cillin 12" from Dell, all of the spyware categories were
checked except for Other.

Trend's URL filtering is enabled with predefined categories.

Trend realtime scan popped a warning about catching ADW_ZANGO.BK in
SeekmoUnInstaller.exe and ADW.SEEKMO in SeekmoSA.exe under C:\Program
Files\Seekmo folder structure. Action was Deny Access. On 8/7/8, it
quarantined TROJ_RENOS.ACG file named scui.cpl, which shows as one of
Antivirus 2009's files in Google searches.

A deeper look and multiple scans later with MBAM, etc, and it appears that
this laptop got "half hit" with Antivirus 2009. As far as I can tell, the
only file that made it onto the system is av2009.exe.

Anyway, it's clean now. Thank you for your input.

Gregg Hill

"John" <a> wrote in message news:ekgm$NtBJHA.2712@xxxxxxxxxxxxxxxxxxxxxxx
Are you saing a this rogue AV infects fully patched PCs and users with no
administrative permissions?

"Gregg Hill" <greggmhill at please do not spam me at yahoo dot com> wrote
in message news:%23ihQfMiBJHA.2056@xxxxxxxxxxxxxxxxxxxxxxx

I just ran into my third new client with "Antivirus 2008" or "Antivirus
2009" rogue malware infection on an XP computer. The first to get hit had
Symantec Antivirus Corporate Edition 9.x on it, the second had McAfee
that came with the computer, the third has Dell's Trend Micro PC-Cillin
2008. All three had the latest antivirus definitions. I can see the SAVCE
system and McAfee getting hit, as neither blocks malware/spyware, but
Trend PC-Cillin Internet Security 2008 is supposed to block it.

What is its attack vector?

Does anyone know of consumer AV software that actually prevents this
thing from installing?

Thank you!

Gregg Hill