If it is the fake AV/HDD tool that hides all the files/folders & moves the shortcuts to %temp% combofix is not recommended because one of the things combofix does is empty out all temp folders which is where the start menu icons are.
Regards, Tammy _____ From: David [mailto:blazer...@gmail.com] Sent: Friday, June 03, 2011 1:50 PM To: NT System Admin Issues Subject: Re: Fake antivirus +2, either at home or at the office. Combofix (be careful where you get it -- the BleepingComputer site is the most reliable), Malwarebytes, and Vipre. Vipre seems to take the longest to run. David On Fri, Jun 3, 2011 at 10:23 AM, Maglinger, Paul <pmaglin...@scvl.com> wrote: +1 for combofix at home. -----Original Message----- From: Gene Giannamore [mailto:gene.giannam...@abideinternational.com] Sent: Friday, June 03, 2011 12:05 PM To: NT System Admin Issues Subject: RE: Fake antivirus Had very good luck so far using combofix, Malwarebytes, and viper. Although 1 computer running XPsp3 is now very slow and the user does not want a wipe. I found combofix http://www.bleepingcomputer.com/combofix/how-to-use-combofix here. I do not follow the directions completely; I don't post the log file to any forum. I do, disable AV, run updated combofix, enable AV, run malwarebytes. If there is anything still going on, I'll do a quick scan with superantispyware then investigate manually (registry, running processes, files). Gene Giannamore -----Original Message----- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, June 03, 2011 7:26 AM To: NT System Admin Issues Subject: Fake antivirus I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- David _____________________ "The right to be let alone - the most comprehensive of rights and the right most valued by civilized men." - Supreme Court Justice Louis Brandeis, Olmstead v. U.S., 277 U.S. 438 (1928) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin