Thanks! Will do! 'Preciate it, Tammy! :D
-----Original Message----- From: Tammy Stewart [mailto:copper...@personainternet.com] Sent: Wednesday, May 04, 2011 3:23 PM To: NT System Admin Issues Subject: RE: Antivirus Center Hi John, Log onto a different account -- that one is normally profile specific. Log off first user though or you risk infecting the next account. If only one account on the machine -- try safe mode admin account or safe mode user account (threat shouldn't run in safe mode) Decent writeup on this one.. http://www.bleepingcomputer.com/virus-removal/remove-antivirus-center Can omit MBAM though if desired. I use "autoruns" from sysinternals -- I LOVE that tool! http://technet.microsoft.com/en-us/sysinternals/bb963902 Once you grab that app & initial scan is done hit the "users" menu at top> choose infected user. Reg path & file path should be there. (either a user run key or runonce under the logon tab in autoruns) Since Rescue didn't nail it -- found samples can be uploaded here: http://www.sunbeltsecurity.com/threat We'll be sure to get it in the defs. Cheers! Tammy -----Original Message----- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Wednesday, May 04, 2011 2:56 PM To: NT System Admin Issues Subject: RE: Antivirus Center No, Vipre is NOT installed. User has McAfee AND AVG on there... I know that McAfee gets installed by default with Acrobat Reader and other Adobe products... From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Wednesday, May 04, 2011 2:42 PM To: NT System Admin Issues Subject: Re: Antivirus Center If VIPRE is installed, then call! Tammy knows the entire boot process, and she can probably figure out what is loading what. Some bugs disable the task manager, the CLI, and the ability to boot into SafeMode. Note that some of these bugs will scamble the registry, so no applications can run anymore. She has fixed that one as well. -- richard "John Aldrich" <jaldr...@blueridgecarpet.com> 05/04/2011 01:22 PM Please respond to "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com> To "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com> Press this button if the "To" is a fax number. Enter in the fax number like 123-456-7890. cc Subject Antivirus Center I just had a remote user infected with Antivirus Center fake antivirus. I had him try to run Vipre Rescue, but it didnt find anything. Any idea why VR didnt find it? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin