Wednesday, 3 February 2010

FAke AV on windows

Another PC infected with Fake AV!  The machine was running windows xp fully patched and with Mcafee security suite installed.

I have taken some screen shots.I manged to boot with only essential drivers and services (msconfig) I found a process called "av.exe" once this was stopped the Fake AV stopped appearing. I then removed entries from registry (Deleting keys etc from the registry can kill your system).

Reset ie8 to defaults and deleted all temp files etc.

Ran spybot search and destroy, which found a few trojans and registry keys which had been adjusted, I just accepted the fix for all items (some probably had been changed by Mcafee).

Not to sure what Mcafee does, but there are a few obvious flaws!!

The AV.EXE had placed itself in "C:\Documents and Settings\user\Local Settings\Application Data\av.exe"

Screen Shots:-

Bleeping Computers have a good article on this problem

Key words on screen shots to bring on panic and a want to get the card out and pay for these software vendors to fix your none existant problem.
Attention danger
Detected 25 critical system objects
Alert system scans for spyware, adware,trojans.
XP Internet security
Activate your copy right now and get full real-time protection with internet security
xp internet security - unregistred version

No comments:

Post a Comment