As to "tricks"... Often there is something hidden somewhere that downloads something else. It is this second download that gets flagged. Meanwhile, the original whatever is still there, so it continues to download the same thing (or a variant).
Since this person is a VIPRE customer, be prepared to call their support. Not that you can't handle it yourself with the advice given in the string, but they may save considerable time (and may be aware of some of these hidden process which are continuing to download infections). ps - perhaps a long wait time for the call, but they are very very good! -- richard "John Aldrich" <jaldr...@blueridgecarpet.com> 06/03/2011 09:27 AM Please respond to "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com> To "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com> Press this button if the "To" is a fax number. Enter in the fax number like 123-456-7890. cc Subject Fake antivirus I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin