They mainly block windows by using the title of the window to decide what to kill
Just open the window on a separate desktop ( http://technet.microsoft.com/en-us/sysinternals/cc817881) or just boot to safe mode. Occasionally they will use the relevant group policy registry keys to block, but the window killing variants are more common, so they must have this functionality baked into a toolkit somewhere. On 3 June 2011 15:42, John Aldrich <jaldr...@blueridgecarpet.com> wrote: > Yeah...but don't you have to know how far back to restore to??? :D Plus, > there's the whole problem of *getting* to System Restore...a lot of these > fake antivirus apps will block most of your system tools. For example, I > know this one won't let you add/remove programs. You can open add/remove > programs (according to the user) but it won't let you *do* anything, > because > it doesn't display anything. > > > > From: Jeff Brown [mailto:2jbr...@gmail.com] > Sent: Friday, June 03, 2011 10:38 AM > To: NT System Admin Issues > Subject: Re: Fake antivirus > > We have had a LOT of success simply using Sys Restore to remove these > programs... > On Fri, Jun 3, 2011 at 9:34 AM, Ziots, Edward <ezi...@lifespan.org> wrote: > John, > > A lot of this Fake AV is also coming from "legitmate" but hacked > websites, and drive-by malware. There has been more and more sites hit > with Web application attacks, which are imbedding malicious Iframe, and > other goodies which are making links going to their malware sites and > not the link they thought they was going too. > > Been seeing Fake-AV popping up as well, along with Target Phishing > attacks, and the big fun of seeing the Military and Govt Entities being > phished by the Chinese ( or so the US Govt says) just underlies how > sensitive and secret information and communications are being sent over > public email, which is pretty silly IMHO... > Z > > Edward E. Ziots > CISSP, Network +, Security + > Security Engineer > Lifespan Organization > Email:ezi...@lifespan.org > Cell:401-639-3505 > > > -----Original Message----- > From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] > Sent: Friday, June 03, 2011 10:26 AM > To: NT System Admin Issues > Subject: Fake antivirus > > I'm going to go to a former co-worker's this afternoon to clean his > system > (again) from another fake antivirus infestation. I've already got Vipre > Rescue and Malware Bytes on a memory stick. I've also got RKILL. I > haven't > had to deal with any fake antivirus in a few weeks. Just wondering if > they > have developed any new tricks recently that I should be aware of? > > Oh, this user had Vipre Home on his PC, and got infested anyway. Should > I > submit samples to Sunbelt (assuming I can find where they're > quarantined)??? > > Thanks! > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." *IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
