tech blog » Threats http://www.chrismadge.com/tech Mon, 21 Jun 2010 19:15:19 +0000 http://wordpress.org/?v=abc en hourly 1 FakeAV makes a comeback http://www.chrismadge.com/tech/fakeav-makes-a-comeback http://www.chrismadge.com/tech/fakeav-makes-a-comeback#comments Tue, 01 Dec 2009 23:48:29 +0000 chris http://www.chrismadge.com/tech/?p=94 In 2008, across my clients I saw a lot of cases of Windows Antvirus Pro 2008 variants… Towards the end of the year and through most of 2009 I didn’t see a lot of infections. However, it looks like it has regrouped and come back in full force. I’m seeing an escalating number of FAKEAV infections with my clients. I’m still investigating on how the infections got there because the users stretch across a lot of different roles … developers, merchandisers and accountants. Unfortunately, Web history and Installed Application hasn’t been a help.

I do know however have a remediation plan.

Step 1. Download Combofix from a reputable source on a clean working workstation

Step 2.  Copy the combofix executable to a USB drive.

Step 3.  Reboot the workstation and load Windows in Safe Command Prompt Mode

Step 4. Run the Combofix Executable off the USB drive

Step 5. Let the Computer reboot and Combofix to complete.

Step 6. Use an Antivirus client other than TrendMicro (as it won’t see the virus… it’s useless I know) to complete a scan on the remdiated workstation. It should come up with an all clear.

Step 7. Return the workstation back to the enduser.

On the variant that is out right now this remediation path has been very successful for me. I hope it is for you..

]]> http://www.chrismadge.com/tech/fakeav-makes-a-comeback/feed 0