Bubba17
Less is More
Premium
join:2006-09-21
1 edit | Thank you SuperAntiSpyware!!
On a shared (20+ users) work machine "protected" by Symantec Antivirus v10.1.7.7000 in a galaxy far, far away.
An email attachment was clicked by a user. Immediate messages appeared stating the machine was infected. Click here to download the (fake) tool for removal. The user complies. Course, the user is taken to a site where -lot's- of malware is downloaded. Prior to my involvement, a total of three users login to the machine, each account is infected. Asked to help fix things, mine is the 4th affected account.
Ignoring all the numerous fake pop-up screens the malware was throwing, I began by running a full scan using Symantec. It ran for 2 hours and 45+ minutes and found nothing out of the ordinary .. reporting the machine was clean.
I then ran a full scan with SuperAntiSpyware (SAS), free edition (I own SAS Pro at home). It found:
Adware.VideoAccessCodec/Gen - Detected Items = 2
Adware.Vundo-Variant/J - Detected Items = 2
Trojan.Net-MSV/VPS-Variant - Detected Items = 10
Trojan.Unclassified/GTS - Detected Items = 18
Browser Hijacker.AboutYourPrivacy - Detected Items = 13
Trojan.Net-MU/GEN - Detected Items = 3
Rogue.WinSpywareProtect - Detected Items = 1
and .. AdwareTrackingCookie - Detected Items = 237
SAS free completely cleaned the machine of any/all infection. All four of our accounts were "fried" by the malware, requiring default file replacement to correct.
Heathens subdued, victory declared, the galaxy returns to normal.
Thanks (YET AGAIN) SAS!
--
"Fast is fine, but accuracy is everything" --Wyatt Earp |
|
Cabal
Premium
join:2007-01-21
Boston, MA
| said by Bubba17  :Heathens subdued, victory declared, the galaxy returns to normal. With administrator access for all, no doubt.
--
Would you trust a brain surgeon with two years' experience? |
|
Bubba17
Less is More
Premium
join:2006-09-21 | Yep. That is how "they've" configured the machines. |
|
Blue2
Premium
join:2004-04-14
France | May the force be with them. (They'll need it.) |
|
FiOS Dan
Premium
join:2001-07-06
Redondo Beach, CA | reply to Bubba17
Yikes, that is quite a black eye for Symantec. Gotta run, off to update SAS. Thanks for the info Bubba1.
--
Courage is being scared to death but saddling up anyway.
|
|
danny9
Go Ahead, Make My Day
Premium
join:2002-07-14
Clinton Township, MI
clubs: 
 ·VoicePulse
 ·Comcast
| reply to Bubba17
Nice to hear a success story.
Glad to hear SAS worked so well for you and the "galaxy returns to normal." 
As FiOS Dan said, "...off to update SAS." 
--
VoicePulse 07/29/04 |
|
jbob
Reach Out and Touch Someone
Premium
join:2004-04-26
Little Rock, AR
·Comcast
 ·AT&T Southwest
| reply to Bubba17
I'm kinda curious as to how SAV was setup? What were the settings used? Was it current? Generally speaking Symantec products have a good track record with scoring high in tests. Not saying it catches everything of course.
If indeed SAV truly missed the infection this just goes to show that one cannot depend on an AV alone to catch everything. |
|
Kiwi
Premium
join:2003-05-26
USA
·Comcast
·Aristotle Internet
| reply to Bubba17
It's always prudent to run various tools, the mistake many people make is putting all their eggs in one basket. Anti Virus is good, sometimes, but they are easily navigated by those who wish to. A multi layer approach is the sensible way to go to protect those who know no better. |
|
Oleg
Bellsouth Fastaccess
Premium
join:2003-12-08
Birmingham, AL | reply to Bubba17
Re: Thank you SuperAntiSpyware!!
It's impossible to get so many infections using Norton products if it's the best Anti-Virus and it offers the best protection  |
|
strait shoot
@netserviceteam.com | reply to Bubba17
Sounds like an ad for Superantispyware.  |
|
Dr Tweak
join:2004-09-23
Chesapeake, VA
| said by strait shoot :Sounds like an ad for Superantispyware. No, it's just someone sharing their experience with a very good product. Obviously you don't do IT work for a living and have to clean up infected computers. The vundo variants are some of the worst out there and SUPERAntiSpyware does the best job of any at cleaning this infection. |
|
hayc59
VoodooChild
Premium
join:2001-02-26
David R.I.P.
| reply to strait shoot
said by strait shoot :Sounds like an ad for Superantispyware. Now that was a smart comment...SAS is what it is
awesome program!! |
|
hayc59
VoodooChild
Premium
join:2001-02-26
David R.I.P.
| reply to Bubba17
Re: Thank you SuperAntiSpyware!!
Oleg, You can't please everyone and it it is so bad for
you STOP using it and or maybe go to Nicks forum
and post your problems publicly...so maybe you can work it
out and use the best damn program around...!!!!
I would like to see what you post as your latest greatest
program you can find that can even come close to it my friend!!!
--
ãrê ¥Øu êxpêriêncêD
Microsoft MVP-Windows Security 2007
9/11/01 Never Forget |
|
Oleg
Bellsouth Fastaccess
Premium
join:2003-12-08
Birmingham, AL
| said by hayc59 :Oleg, You can't please everyone and it it is so bad for you STOP using it and or maybe go to Nicks forum and post your problems publicly...so maybe you can work it out and use the best damn program around...!!!! I would like to see what you post as your latest greatest program you can find that can even come close to it my friend!!! OK problem is low detection rate and Norton still did not fixed the problem and it's eating a lot of resources NOD32 and KAV much better than Norton. |
|
DrModem
Premium
join:2006-10-19
USA | reply to Bubba17
Who dares wins. |
|
dvd536
as Mr. Pink as they come
Premium
join:2001-04-27
Phoenix, AZ
| reply to Anon
said by Oleg :Get real browser it's called Firefox with Adblock Plus and EasyList I don't use any adblockers. there are a few sites i visit that don't work right when the ads are blocked.
--
When I gez aju zavateh na nalechoo more new yonooz tonigh molinigh - Ken Lee |
|
Bubba17
Less is More
Premium
join:2006-09-21
1 edit | reply to jbob
said by jbob :I'm kinda curious as to how SAV was setup? What were the settings used? Was it current? Well, it's resident and self/auto update enabled. Machines on-site (though it's a global company w/all sites (I believe) employing SAV), I'd estimate at between 100-150 units (a guess).
Some few years ago, they also utilized webroot .. choosing to discontinue it's use for, to me, unknown reason(s). Too, why they chose not to replace webroot with another AS tool is unknown to me.
If indeed SAV truly missed the infection this just goes to show that one cannot depend on an AV alone to catch everything.
Complete agreement. As Kiwi said, they're better served using a layered defense.
edit: changed that SAV was "auto update capable" to enabled.
--
"Fast is fine, but accuracy is everything" --Wyatt Earp |
|
Bubba17
Less is More
Premium
join:2006-09-21
| reply to Dr Tweak
said by Dr Tweak :The vundo variants are some of the worst out there and SUPERAntiSpyware does the best job of any at cleaning this infection. Too, as has been demonstrated numerous times in this forum by fcukdat ..
examples: »Spyware,rootkits,malware,dialers,keyloggers .. and »One in Five PC's Infected With Rootkits
.. for a couple, SAS is a very formidable anti-rootkit tool also.
--
"Fast is fine, but accuracy is everything" --Wyatt Earp |
|
