I've been able to cleanup a few machines with redirects using Kaspersky's TDSSKiller tool in safe mode . http://support.kaspersky.com/viruses/solutions?qid=208280684
Roger Wright ___ "Formula for success: rise early, work hard, strike oil." - J. Paul Getty On Fri, Jun 17, 2011 at 8:26 AM, Ziots, Edward <ezi...@lifespan.org> wrote: > Could be that IE is hooked with a BHO, or other malware, usually a lot > of attacks can utilize the BEEF ( Browser Exploitation Framework) > > Z > > Edward E. Ziots > CISSP, Network +, Security + > Security Engineer > Lifespan Organization > Email:ezi...@lifespan.org > Cell:401-639-3505 > > > > -----Original Message----- > From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] > Sent: Friday, June 17, 2011 8:23 AM > To: NT System Admin Issues > Subject: Re: Fake antivirus > > On Fri June 17 2011, you wrote: >> Get autoruns out and find out where the entry point is >> > Good idea...thanks for reminding me of this tool. Unfortunately nothing > jumps out at me regarding this... all I know is random IE windows pop up > on > this thing, going to Facebook and advertising websites. Fortunately no > pr0n. > > -- > Thanks, > John Aldrich > Blueridge Industries > IT Manager > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin