Protection against Antivirus 2009

Discussion in 'Malware Help (A Specialist Will Reply)' started by Droiyan3, Sep 4, 2009.

  1. Droiyan3

    Droiyan3 Private E-2

    Good morning all,

    this is my first post so dont be hard on me.

    I have about 100 machines in the domain. Most of them XPSP3 with about 54 of MS critical updates. One of them has been infected with Antivirus 2009 ( http://www.bleepingcomputer.com/virus-remo...antivirus-2009) after that it started to jump over the network to other users . I can remove it , but then it pops out in another PC. After a while the PC that i have cleaned get it again.

    How do i protect the PC actually against it ?

    Anti-virus software is McAfee 8.5 to 8.7 which detects the virus but cant remove it.

    please let me know if you need any more information .

    Thanks a lot

    Diego
     
    Droiyan3, Sep 4, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to check all PCs to see if they have any of the below files corrupted:

    c:\windows\system32\eventlog.dll << proper size for SP3 is 56,320 bytes
    c:\windows\system32\netlogon.dll << proper size for SP3 is 407,040 bytes
    c:\windows\system32\scecli.dll << proper size for SP3 is 181,248 bytes

    Also check to make sure that the below file size is correct.
    c:\windows\system32\drivers\beep.sys << proper size for SP3 is 4,224 bytes

    If any PCs have the wrong size for these files then they are infected and need to be removed from the network (especially if file sharing is in use) until they have been fully cleaned. I assume you are part of IT Support of have IT Support. They will have to properly clean these PCs for you and this can be quite time consuming and you have to know what you are doing in as far as malware removal and special tools are concerned. You may find that it would be more expedient to just reinstall since there is not quick fix and each case can be some what different even though they will be similar.

    There is no known real protection for actually blocking this. In most cases it is due to someone downloading/installing something they should not. Properly protected PCs will have a good antivirus, good antispyware protection, and a good 3rd party firewall (i.e, not the Window firewall) installed.

    If you have purchased a site license for this software, you should be screaming at them right now. Why is it that a major security company like this does not block it to begin with, and why can they find and remove the malware that free programs can? What exactly is it that you are paying for?
     
    chaslang, Sep 8, 2009
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds