Could very well be the infection vector. I didn't have time to check on those, however I'll suggest that he double-check those things to make sure he's up-to-date. IIRC, his Acrobat Reader may have popped up a note about needing to get updated.
-----Original Message----- From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, December 15, 2010 8:50 AM To: NT System Admin Issues Subject: RE: System Tool 2011 malware I wonder the status of patching on his system, not just Microsoft but Adobe and other applications. I've seen a bit of these fake av type malware gems arrive via suspected 'drive by' website visits, possibly from hitting flash/shockwave vulnerabilities on linked animated advertisements. Erik Goldoff IT Consultant Systems, Networks, & Security ' Security is an ongoing process, not a one time event ! ' -----Original Message----- From: James Kerr [mailto:cluster...@gmail.com] Sent: Wednesday, December 15, 2010 8:42 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I had a user get that crap on his PC on Tuesday and it disabled Vipre Enterprise also. The user swears he didn't click on anything and was on MSNBCs site. He was about to get a new PC anyway so I'm not bothering to clean. Its not the first time that user got one of those fake AVs, or the second for that matter. James ----- Original Message ----- From: "John Aldrich" <jaldr...@blueridgecarpet.com> To: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com> Sent: Wednesday, December 15, 2010 5:21 AM Subject: Re: System Tool 2011 malware > On Tue December 14 2010, you wrote: >> Hi John, >> >> User know where they were surfing when it hit? >> >> Samples can be submitted here: >> >> http://www.sunbeltsecurity.com/threat >> >> If you want assistance with removal check the box that says "I need help >> ....." Someone will be happy to help. >> >> We're releasing defs something like 13x/day now so shouldn't be too long >> to get updates for that critter. >> > Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre > Home caught it...what's more, it disabled Vipre Home. I'll see if I can > get > access to the zipped sample so I can resubmit. > > Thanks! > > -- > Thanks, > John Aldrich > Blueridge Industries > IT Manager > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin