Re: Antivirus 2008/2009
- From: "Gregg Hill" <greggmhill at please do not spam me at yahoo dot com>
- Date: Tue, 26 Aug 2008 10:21:11 -0700
The last system I saw had been hit by Antivirus 2008 and was a pain to
clean. It even ran in Safe Mode, actively combating my efforts to kill its
processes.
I thought this type of thing was not supposed to run in Safe Mode. Go
figure.
Gregg Hill
"John" <a> wrote in message news:%235ZUJr5BJHA.4932@xxxxxxxxxxxxxxxxxxxxxxx
Thanks for taking the time to post an update.
"Gregg Hill" <greggmhill at please do not spam me at yahoo dot com> wrote
in message news:%231GdAmyBJHA.3200@xxxxxxxxxxxxxxxxxxxxxxx
Well, I have the laptop. It is XP Pro SP2 with all critical updates done
and "Trend Micro PC-cillin 12" from Dell is current. His account is in
the Administrators and Debugger Users groups.
Sun Java was 1.4.2_03, which I updated to latest.
In "Trend Micro PC-cillin 12" from Dell, all of the spyware categories
were checked except for Other.
Trend's URL filtering is enabled with predefined categories.
Trend realtime scan popped a warning about catching ADW_ZANGO.BK in
SeekmoUnInstaller.exe and ADW.SEEKMO in SeekmoSA.exe under C:\Program
Files\Seekmo folder structure. Action was Deny Access. On 8/7/8, it
quarantined TROJ_RENOS.ACG file named scui.cpl, which shows as one of
Antivirus 2009's files in Google searches.
A deeper look and multiple scans later with MBAM, etc, and it appears
that this laptop got "half hit" with Antivirus 2009. As far as I can
tell, the only file that made it onto the system is av2009.exe.
Anyway, it's clean now. Thank you for your input.
Gregg Hill
"John" <a> wrote in message news:ekgm$NtBJHA.2712@xxxxxxxxxxxxxxxxxxxxxxx
Are you saing a this rogue AV infects fully patched PCs and users with
no administrative permissions?
"Gregg Hill" <greggmhill at please do not spam me at yahoo dot com>
wrote in message news:%23ihQfMiBJHA.2056@xxxxxxxxxxxxxxxxxxxxxxx
Hello!
I just ran into my third new client with "Antivirus 2008" or "Antivirus
2009" rogue malware infection on an XP computer. The first to get hit
had Symantec Antivirus Corporate Edition 9.x on it, the second had
McAfee that came with the computer, the third has Dell's Trend Micro
PC-Cillin 2008. All three had the latest antivirus definitions. I can
see the SAVCE system and McAfee getting hit, as neither blocks
malware/spyware, but Trend PC-Cillin Internet Security 2008 is supposed
to block it.
What is its attack vector?
Does anyone know of consumer AV software that actually prevents this
thing from installing?
Thank you!
Gregg Hill
.
- Follow-Ups:
- Re: Antivirus 2008/2009
- From: John
- Re: Antivirus 2008/2009
- References:
- Antivirus 2008/2009
- From: Gregg Hill
- Re: Antivirus 2008/2009
- From: Gregg Hill
- Re: Antivirus 2008/2009
- From: John
- Antivirus 2008/2009
- Prev by Date: Re: Antivirus 2008/2009
- Next by Date: Re: Antivirus 2008/2009
- Previous by thread: Re: Antivirus 2008/2009
- Next by thread: Re: Antivirus 2008/2009
- Index(es):
Relevant Pages
|
