Malwarebytes program seemed to help out the person who call me last night about this. He said it's off his computer now.
-- Mike Gill From: Roger Wright [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2008 1:39 PM To: NT System Admin Issues Subject: RE: "Vista Antivirus 2008" malware removal Don't know if the Vista version is the same or not, but I just cleaned up XP Antivirus 2008 on a machine. Nasty piece of crap to eradicate, though. Had to stop some weird file from auto-starting, manually delete a folder of the same name from C:\Program Files\ and used Malwarebytes to remove the Registry entries. Then manually combed through the Registry and found a couple remains. Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _____ From: Durf [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2008 2:26 PM To: NT System Admin Issues Subject: "Vista Antivirus 2008" malware removal Hey guys; I was called in to look over another tech's customer who had a system where they had (mostly) removed the "Vista Antivirus 2008" fake AV malware. The only issue still remaining was what we thought at first was a simple browser redirection issue - visting a huge number of security-related sites resulted in a 404. Well, it wasn't a BHO, and it wasn't a redirect, and it's not a HOSTS file. It's something screwed in the TCP/IP stack. NSLOOKUP returns the proper DNS result for a site, but when you send any traffic to it at all - ping, let's say - it's redirected to localhost. Anyone seen this before and fixed it by means other than burning down the system, which is what I'm going to recommend otherwise? -- Durf -- -------------- Give a man a fish, and he'll eat for a day. Give a fish a man, and he'll eat for weeks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
