+100 for Tammy's instructions! JR
On Thu, Jun 16, 2011 at 10:11 AM, Mike Sullivan <neog...@gmail.com> wrote: > I ran into this on Monday, at least I have my users locked down and they > only saw the message that the hard drive was failing and their shortcuts > disappeared. I followed Tammy's instructions and had it cleaned up pronto! > > > On Thu, Jun 16, 2011 at 6:53 AM, Jonathan <ncm...@gmail.com> wrote: > >> I've run into a nice variant of this just this morning....the window is >> titled, "Windows Vista Restore" and the caption at the top of the window >> says, "PC Performance & Stability analysis report". It is telling me hat the >> hard drive is failing and that private data is at risk. >> >> When I went into the root of C:. it only showed one file, named >> bootsect.bak. After I chose to display all hidden and os files, >> viola,everything in C: and on the desktop appeared. >> >> What a way to start a Thursday - at least it isn't Monday! >> >> JR >> >> On Mon, Jun 6, 2011 at 11:56 AM, Roger Wright <rhw...@gmail.com> wrote: >> >>> Try setting him up with ClearCloudDNS - might help prevent future >>> infections. >>> >>> >>> Roger Wright >>> ___ >>> >>> "Formula for success: rise early, work hard, strike oil." - J. Paul Getty >>> >>> >>> >>> >>> >>> On Fri, Jun 3, 2011 at 10:34 AM, John Aldrich >>> <jaldr...@blueridgecarpet.com> wrote: >>> > Thanks... This particular user is unlucky enough to have teenagers who >>> use >>> > his computer. My guess is they are visiting infected/hostile/0wned >>> sites and >>> > that's how he's getting infected. Never really had a problem when he >>> was >>> > working here, so I'm suspecting it's some of his grandkids that are >>> causing >>> > the problem. >>> > >>> > As I have not yet seen the problem, I don't know if it's going to be >>> easy or >>> > difficult. Hopefully MBAM and Vipre won't have any problem with it. :D >>> > >>> > Thanks again! >>> > >>> > >>> > >>> > From: James Rankin [mailto:kz2...@googlemail.com] >>> > Sent: Friday, June 03, 2011 10:31 AM >>> > To: NT System Admin Issues >>> > Subject: Re: Fake antivirus >>> > >>> > May be time to invest in some UAT (user awareness training). Continual >>> > re-infestation either means he is unlucky, or gung-ho in his browsing. >>> > >>> > I've had some fake AVs recently which were ridiculously easy to get rid >>> of >>> > (kill process, delete files, remove autorun entry). Others have been >>> more >>> > stealthy - such as killing targeted windows like Task Manager. Booting >>> into >>> > safe mode usually prevents these extra "features" from bothering you. >>> > >>> > But as with everything - a reimage may be the only way to be sure. >>> > On 3 June 2011 15:26, John Aldrich <jaldr...@blueridgecarpet.com> >>> wrote: >>> > I'm going to go to a former co-worker's this afternoon to clean his >>> system >>> > (again) from another fake antivirus infestation. I've already got Vipre >>> > Rescue and Malware Bytes on a memory stick. I've also got RKILL. I >>> haven't >>> > had to deal with any fake antivirus in a few weeks. Just wondering if >>> they >>> > have developed any new tricks recently that I should be aware of? >>> > >>> > Oh, this user had Vipre Home on his PC, and got infested anyway. Should >>> I >>> > submit samples to Sunbelt (assuming I can find where they're >>> quarantined)??? >>> > >>> > Thanks! >>> > >>> > >>> > >>> > >>> > >>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> > >>> > --- >>> > To manage subscriptions click here: >>> > http://lyris.sunbelt-software.com/read/my_forums/ >>> > or send an email to listmana...@lyris.sunbeltsoftware.com >>> > with the body: unsubscribe ntsysadmin >>> > >>> > >>> > >>> > -- >>> > "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put >>> into >>> > the machine wrong figures, will the right answers come out?' I am not >>> able >>> > rightly to apprehend the kind of confusion of ideas that could provoke >>> such >>> > a question." >>> > >>> > IMPORTANT: The information in this email is CONFIDENTIAL. If its >>> contents >>> > are disclosed in any way my lawyers will swoop down from black >>> helicopters >>> > like Seal Team Six and drag you away with a black bag over your head. >>> They >>> > will then take you to a secret prison and make you fight to the death >>> with >>> > other people who dared to share this email. You will be given a large >>> bowie >>> > knife and a supply of methamphetamines while I watch the said >>> deathmatch and >>> > wager vast sums of money on who will be the winner. If the fight >>> becomes >>> > boring or there is a stalemate, I will release rabid dogs and my >>> two-stone >>> > cat into the arena to liven things up a bit. If these animals become in >>> any >>> > way docile, I will squirt them with water pistols until they become a >>> bit >>> > more temperamental. >>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> > >>> > --- >>> > To manage subscriptions click here: >>> > http://lyris.sunbelt-software.com/read/my_forums/ >>> > or send an email to listmana...@lyris.sunbeltsoftware.com >>> > with the body: unsubscribe ntsysadmin >>> > >>> > >>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> > >>> > --- >>> > To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> > or send an email to listmana...@lyris.sunbeltsoftware.com >>> > with the body: unsubscribe ntsysadmin >>> > >>> > >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to listmana...@lyris.sunbeltsoftware.com >>> with the body: unsubscribe ntsysadmin >>> >>> >> >> >> -- >> Jonathan, A+, MCSA, MCSE >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin >> > > > > -- > Thank you, > Mike Sullivan > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > -- Jonathan, A+, MCSA, MCSE ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin