"Antivirus Suite" malware
in [Anti-Virus]
|
From: AndyHancock on 8 Apr 2010 01:42 On Apr 8, 1:14 am, AndyHancock <andymhanc...(a)gmail.com> wrote: > On Apr 7, 10:28 pm, AndyHancock <andymhanc...(a)gmail.com> wrote: > > > > > > > On Apr 7, 6:21 pm, "David H. Lipman" <DLipman~nosp...(a)Verizon.Net> > > wrote: > > > > From: "AndyHancock" <andymhanc...(a)gmail.com> > > > > | I picked up the (seemingly new) "Antivirus Suite" malware, > > > |http://www.spywareremove.com/removeAntivirusSuite.html. Every time I > > > | tried to launch any exe, I got a bogus infection message and denial of > > > | execution. This includes any indirect launching of "C:\Program Files > > > | \Symantec AntiVirus\VPC32.exe" by right-clicking Symantec on the > > > | system tray and choosing "Open Symantec Antivirus". No scanning was > > > | possible. > > > > | I was followed step 1 in the above URL to kill the offending process. > > > | I could then run Symantec AV, but initiating a scan caused the error > > > | in > > > |http://service1.symantec.com/SUPPORT/ent-security.nsf/dbe87fe9662c16e... > > > | 5bfc1a720f52435988256fb9007a3a9e. > > > | Restarting the service solved that problem. The scan did not find > > > | anything. I noted that Tamper Protection was turned off (not sure if > > > | it was before) and turned it on. (1) Would this have prevented the > > > | interruption of the Symantec AV service? (2) Would it have prevented > > > | the malware executable that was removed in Step 1? > > > > | I am now following through with the remainder of the steps. I am not > > > | whether the null hits from scanning is due to removal of all vestiges > > > | of the malware or because the Symantec AV database does not recognize > > > | this malware. The AV database was up to date as of this morning. (3) > > > | Is there a way to determine whether this malware is in the AV > > > | database? > > > > | Thanks. > > > > | P.S. A different cleanup routine found at > > > |http://www.bleepingcomputer.com/virus-removal/remove-antivirus-suite.. > > > > Follow the directions noted at BleepingComputer.Com including > > > the use of Malwarebytes' anti malware > > The mbam installation requires login as administrator. I'm trying to > avoid logging in as admin until I've gone through all possible steps > as nonadmin (which is that state under which the infection occurred). > Is there a way to obtain a similar level of assurance before switching > to an administrator account? I've followed the procedure at both > URL's. I know that Symantec AV *doesn't* catch this malware as of > today. I bit the bullet and installed mbam as admin. Currently scanning. Would you (or anyone else) know if scanning under an admin account allows the AV to scan user account files? This is something I've always wondered about antimalware and defrag apps. > > > Why didn't you add alt.comp.virus to this post since you knew to Cross-Post ? > > > Afterthought maybe ? > > > I didn't know it existed when I made the initial post. It seems to > > target the same audience as a.c.av, so it seems to makes sense to > > combine them all. > > > I was going to follow both cleanup procedures, but I was wondering if > > those more experienced than I (and maybe those who have seen this > > malware before) could shed some light on questions (1) to (3). |