Bubba17
Less is More
Premium
join:2006-09-21
1 edit | Thank you SuperAntiSpyware!! On a shared (20+ users) work machine "protected" by Symantec Antivirus v10.1.7.7000 in a galaxy far, far away.
An email attachment was clicked by a user. Immediate messages appeared stating the machine was infected. Click here to download the (fake) tool for removal. The user complies. Course, the user is taken to a site where -lot's- of malware is downloaded. Prior to my involvement, a total of three users login to the machine, each account is infected. Asked to help fix things, mine is the 4th affected account.
Ignoring all the numerous fake pop-up screens the malware was throwing, I began by running a full scan using Symantec. It ran for 2 hours and 45+ minutes and found nothing out of the ordinary .. reporting the machine was clean.
I then ran a full scan with SuperAntiSpyware (SAS), free edition (I own SAS Pro at home). It found:
Adware.VideoAccessCodec/Gen - Detected Items = 2
Adware.Vundo-Variant/J - Detected Items = 2
Trojan.Net-MSV/VPS-Variant - Detected Items = 10
Trojan.Unclassified/GTS - Detected Items = 18
Browser Hijacker.AboutYourPrivacy - Detected Items = 13
Trojan.Net-MU/GEN - Detected Items = 3
Rogue.WinSpywareProtect - Detected Items = 1
and .. AdwareTrackingCookie - Detected Items = 237
SAS free completely cleaned the machine of any/all infection. All four of our accounts were "fried" by the malware, requiring default file replacement to correct.
Heathens subdued, victory declared, the galaxy returns to normal.
Thanks (YET AGAIN) SAS!
--
"Fast is fine, but accuracy is everything" --Wyatt Earp | |
|
 
Cabal
Premium
join:2007-01-21
Boston, MA
| Re: Thank you SuperAntiSpyware!! said by Bubba17  :Heathens subdued, victory declared, the galaxy returns to normal. With administrator access for all, no doubt.
--
Would you trust a brain surgeon with two years' experience? | |
|
 |
Bubba17
Less is More
Premium
join:2006-09-21 | Re: Thank you SuperAntiSpyware!! Yep. That is how "they've" configured the machines. | |
|
| | 
Blue2
Premium
join:2004-04-14
France | Re: Thank you SuperAntiSpyware!! May the force be with them. (They'll need it.) | |
|
| | |
Bubba17
Less is More
Premium
join:2006-09-21
| Re: Thank you SuperAntiSpyware!! said by Blue2 :May the force be with them. (They'll need it.) Revisiting the admin issue .. obviously, they've serious deficiencies, however .. they do utilize user privileges/denial a great deal too. For instance, many settings in IE6 (they've made a corporate decision to not employ IE7 as yet) are ghosted. One may not install ActiveX .. flash is verboten, for example.
--
"Fast is fine, but accuracy is everything" --Wyatt Earp | |
|
FiOS Dan
Premium
join:2001-07-06
Redondo Beach, CA | Yikes, that is quite a black eye for Symantec. Gotta run, off to update SAS. Thanks for the info Bubba1.
--
Courage is being scared to death but saddling up anyway.
| |
|
|
|
|
Bubba17
Less is More
Premium
join:2006-09-21
1 edit | Re: Thank you SuperAntiSpyware!! said by jbob :I'm kinda curious as to how SAV was setup? What were the settings used? Was it current? Well, it's resident and self/auto update enabled. Machines on-site (though it's a global company w/all sites (I believe) employing SAV), I'd estimate at between 100-150 units (a guess).
Some few years ago, they also utilized webroot .. choosing to discontinue it's use for, to me, unknown reason(s). Too, why they chose not to replace webroot with another AS tool is unknown to me.
If indeed SAV truly missed the infection this just goes to show that one cannot depend on an AV alone to catch everything.
Complete agreement. As Kiwi said, they're better served using a layered defense.
edit: changed that SAV was "auto update capable" to enabled.
--
"Fast is fine, but accuracy is everything" --Wyatt Earp | |
|
Kiwi
Premium
join:2003-05-26
USA
 ·Comcast
 ·Aristotle Internet
| It's always prudent to run various tools, the mistake many people make is putting all their eggs in one basket. Anti Virus is good, sometimes, but they are easily navigated by those who wish to. A multi layer approach is the sensible way to go to protect those who know no better. | |
|
|
| 
dvd536
as Mr. Pink as they come
Premium
join:2001-04-27
Phoenix, AZ
| Re: Thank you SuperAntiSpyware!! said by Oleg :Get real browser it's called Firefox with Adblock Plus and EasyList  I don't use any adblockers. there are a few sites i visit that don't work right when the ads are blocked.
--
When I gez aju zavateh na nalechoo more new yonooz tonigh molinigh - Ken Lee | |
|
Oleg
Bellsouth Fastaccess
Premium
join:2003-12-08
Birmingham, AL | It's impossible to get so many infections using Norton products if it's the best Anti-Virus and it offers the best protection  | |
|
strait shoot
@netserviceteam.com | Sounds like an ad for Superantispyware.  | |
|
| 
Dr Tweak
join:2004-09-23
Chesapeake, VA
| Re: Thank you SuperAntiSpyware!! said by strait shoot :Sounds like an ad for Superantispyware. No, it's just someone sharing their experience with a very good product. Obviously you don't do IT work for a living and have to clean up infected computers. The vundo variants are some of the worst out there and SUPERAntiSpyware does the best job of any at cleaning this infection. | |
|
| |
Bubba17
Less is More
Premium
join:2006-09-21
| Re: Thank you SuperAntiSpyware!! said by Dr Tweak :The vundo variants are some of the worst out there and SUPERAntiSpyware does the best job of any at cleaning this infection. Too, as has been demonstrated numerous times in this forum by fcukdat ..
examples: »Spyware,rootkits,malware,dialers,keyloggers .. and »One in Five PC's Infected With Rootkits
.. for a couple, SAS is a very formidable anti-rootkit tool also.
--
"Fast is fine, but accuracy is everything" --Wyatt Earp | |
|
| 
hayc59
VoodooChild
Premium
join:2001-02-26
David R.I.P.
| said by strait shoot :Sounds like an ad for Superantispyware. Now that was a smart comment...SAS is what it is
awesome program!! | |
|
| | |
| | | |
| | | | |
| | | |
| | | | |
| | | | | |
hayc59
VoodooChild
Premium
join:2001-02-26
David R.I.P.
| Oleg, You can't please everyone and it it is so bad for
you STOP using it and or maybe go to Nicks forum
and post your problems publicly...so maybe you can work it
out and use the best damn program around...!!!!
I would like to see what you post as your latest greatest
program you can find that can even come close to it my friend!!!
--
ãrê ¥Øu êxpêriêncêD
Microsoft MVP-Windows Security 2007
9/11/01 Never Forget | |
|
|
Oleg
Bellsouth Fastaccess
Premium
join:2003-12-08
Birmingham, AL
| Re: Thank you SuperAntiSpyware!! said by hayc59 :Oleg, You can't please everyone and it it is so bad for you STOP using it and or maybe go to Nicks forum and post your problems publicly...so maybe you can work it out and use the best damn program around...!!!! I would like to see what you post as your latest greatest program you can find that can even come close to it my friend!!! OK problem is low detection rate and Norton still did not fixed the problem and it's eating a lot of resources NOD32 and KAV much better than Norton. | |
|
DrModem
Premium
join:2006-10-19
USA | Who dares wins. | |
|
Blue2
Premium
join:2004-04-14
France
1 edit | If you permit users without the appropriate proficiency to run as administrator, as far as I see it, it's "game over". It's only a matter of time.
Sure, many users on this forum run as admin, but the point is that they clearly know what they're doing, know the risks of each action, and know when something doesn't look right.
As an analogy, I remember a client in the automotive industry once arrranging for me to take a ride in a Lotus sportscar. The circuit driver was able to go 120 on local roads and take curves at full speed. I would have wrapped myself around the first tree going even half that speed.
So if these users don't have a clue about how to fix it, they shouldn't be running as admin.
[edited bad grammar] | |
|
tehflyintwat
join:2008-03-23
Richmond Hil
·Rogers Hi-Speed
| And unlike Webroot, SAS does not continuously spam my mailbox with its advertisements and discounts even though I unsubscribed from their mailing-list THREE times already. I keep finding their messages in the spam folder. For that reason alone I would never buy Webroot products. | |
|
|
| |
hayc59
VoodooChild
Premium
join:2001-02-26
David R.I.P.
1 edit | thanks Mod!! this thread has turned into a SAS bash and I
for one am not happy!! we fighting the fight have better things to do, than this!!
If I recall correctly this has nothing to do with Norton what so ever!! | |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
·RoadRunner Cable
 ·Clearwire Wireless
| said by Bubba17 :On a shared (20+ users) work machine "protected" by Symantec Antivirus v10.1.7.7000 in a galaxy far, far away. I then ran a full scan with SuperAntiSpyware (SAS), free edition (I own SAS Pro at home). Thanks (YET AGAIN) SAS! It took me a few minutes to figure out what "(I own SAS Pro at home)" was all about.
What would happen if all of SAS's Corporate clients decided that they no longer needed to begin or renew an SAS subscription service because Bubba has an SAS Pro subscription on his home machine?
If the "Home Users Free Version, Free for Home Use" is also legally licensed for Corporate use I know a few IT departments that would appreciate eliminating the SAS line items from their budget.
»www.superantispyware.com/index.html | |
|
|
See 10 replies to this post |
|
SipSizzurp
Fo' Shizzle
Premium
join:2005-12-28
Hilo, HI
·RoadRunner Cable
3 edits | I just got a new call about what sounds like a smitfaud/panicware/vundo infection. I had to format a real nasty one last month which had ESET installed. When I arrived onsite, there were black beetles crawling on the desktop, eating everything. The desktop had been replaced by an overlay graphic that the virus controls. I rebooted in safe mode. Poor NOD would only run in command line mode and even still was finding loads of stuff and qauratining it as fast as it could. This was while the virus and it's beetles were still eating up the desktop and popping up warnings and sales pitches for a removal tool, In safe mode. Nod had a real flimsy feeling to it under the circumstances. This new call I just received is for a NOD32 protected computer. User says he is getting virus pop-ups and the computer is real slow. I downloaded SuperAntiSpyware earlier this afternoon on your recommendation and I'm gonna take it with me on a CD to see what it can do. I'll post back in a few hours. | |
|
|
Bubba17
Less is More
Premium
join:2006-09-21 | Re: Thank you SuperAntiSpyware!! Good luck! | |
|
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
| You edited finer points of your story but 20 user accounts sharing one machine, all with admin permissions? All machines at that place set like that? I'm surprised there are no more support calls in general, either that or all other users expect for those using machine A know what not to do on a computer
Cudni
--
"Mercifully, he hit him with the soft end of the pistol."
Help yourself so God can help you.
Microsoft MVP, 2006 - 2008 | |
|
|
Bubba17
Less is More
Premium
join:2006-09-21
| Re: Thank you SuperAntiSpyware!! said by Cudni :You edited finer points of your story .. Just what the hell's that supposed to imply?!? That I went back, as this thread has progressed, and altered it?
I posted at 09:24:06 ..
Edited a spelling error at 09:25 ..
and, Cabal posted the first response at 09:30:09 ..
How many "finer points" do you figure I altered 54 seconds after the original post?!? 
--
"Fast is fine, but accuracy is everything" --Wyatt Earp | |
|
|
|
| (topic locked) |
|
·
