Try setting him up with ClearCloudDNS - might help prevent future infections.
Roger Wright ___ "Formula for success: rise early, work hard, strike oil." - J. Paul Getty On Fri, Jun 3, 2011 at 10:34 AM, John Aldrich <jaldr...@blueridgecarpet.com> wrote: > Thanks... This particular user is unlucky enough to have teenagers who use > his computer. My guess is they are visiting infected/hostile/0wned sites and > that's how he's getting infected. Never really had a problem when he was > working here, so I'm suspecting it's some of his grandkids that are causing > the problem. > > As I have not yet seen the problem, I don't know if it's going to be easy or > difficult. Hopefully MBAM and Vipre won't have any problem with it. :D > > Thanks again! > > > > From: James Rankin [mailto:kz2...@googlemail.com] > Sent: Friday, June 03, 2011 10:31 AM > To: NT System Admin Issues > Subject: Re: Fake antivirus > > May be time to invest in some UAT (user awareness training). Continual > re-infestation either means he is unlucky, or gung-ho in his browsing. > > I've had some fake AVs recently which were ridiculously easy to get rid of > (kill process, delete files, remove autorun entry). Others have been more > stealthy - such as killing targeted windows like Task Manager. Booting into > safe mode usually prevents these extra "features" from bothering you. > > But as with everything - a reimage may be the only way to be sure. > On 3 June 2011 15:26, John Aldrich <jaldr...@blueridgecarpet.com> wrote: > I'm going to go to a former co-worker's this afternoon to clean his system > (again) from another fake antivirus infestation. I've already got Vipre > Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't > had to deal with any fake antivirus in a few weeks. Just wondering if they > have developed any new tricks recently that I should be aware of? > > Oh, this user had Vipre Home on his PC, and got infested anyway. Should I > submit samples to Sunbelt (assuming I can find where they're quarantined)??? > > Thanks! > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > > -- > "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into > the machine wrong figures, will the right answers come out?' I am not able > rightly to apprehend the kind of confusion of ideas that could provoke such > a question." > > IMPORTANT: The information in this email is CONFIDENTIAL. If its contents > are disclosed in any way my lawyers will swoop down from black helicopters > like Seal Team Six and drag you away with a black bag over your head. They > will then take you to a secret prison and make you fight to the death with > other people who dared to share this email. You will be given a large bowie > knife and a supply of methamphetamines while I watch the said deathmatch and > wager vast sums of money on who will be the winner. If the fight becomes > boring or there is a stalemate, I will release rabid dogs and my two-stone > cat into the arena to liven things up a bit. If these animals become in any > way docile, I will squirt them with water pistols until they become a bit > more temperamental. > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin