Anyone run across the POS fake antivirus called Security Antivirus?
I'm working on cleaning someones computer that has it on right now. It looks similar to AV360, and it's just as persistent. I'm looking around and trying some stuff, but if anyone has experience with it I'd love some tips.
And no, formatting isn't an option right now. I'll probably have them do soon, but I'd like to get it working again so they can have time to figure out what all needs backed up, and that everything that is being backed up doesn't contain the install files for this.
#2
sixpackshaker
Pop it off the network, back their stuff up, and image/reload. I spent too many hours working on those. The first time one of my users had it I removed it in 30 min to an hour. The next mutation I spent about 5 hours over 2 days on it. Now it is another mutation, KILL IT WITH FIRE.
#3
GasBandit
Try malwarebytes, that usually does the trick for most of these sort of things.
I'm trying MB now, but it doesn't seem to cut it for these fake antivirus programs. They always either pop up right on the next reboot or when you connect to the internet.
If I can't get it figured out today, I'll do a format. I hate having to do that though. I feel... defeated.
#5
Shakey
I think I have it cleaned out. Malwarebytes cleaned most of it out. You still have to get access to the hosts file again, since it takes ownership of it and doesn't allow you to change/delete it, and replace it with a new one. After a few reboots and some internet browsing it's still clean. Easier to get rid of than the AV 360 variants.
#6
PatrThom
I swear I clean those things off somebody's computer at least once a month, and I don't even do PC tech support for a living. It's gotten to where I just keep the most recent version of MalwareBytes in my pocket at all times. "Here, boot to safe mode and run this, then call me in the morning."
