This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FakeAV - Microsoft Security Essentials

I'm just curious if anybody else is getting hit pretty hard by this one? For us it's showing up as mstsc.exe and hotfix.exe. Sophos takes care of it but the delay between detection and cleanup allows the Fake Microsoft Security Essentials window to pop up.

This thread was automatically locked due to age.

Parents

0 ianmcaldwell over 14 years ago

Our organization just got the same virus/trojan on a laptop, seemingly after visiting rouge website in IE8... however, on further investigation, there may even have been a previous issue with a fake windows update. The concern here is that sophos did not stop the virus/trojan from running and the virus/trojan was able to turn sophos protection off and shut it down. We are in the process of cleaning the machine as the virus seems specific to a user account, so running sophos in safe mode under the admin account is working.
Since sophos did not catch this upfront, are there additional manual steps that need to be taken to ensure the virus is completely removed?
:5316
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 ianmcaldwell over 14 years ago

Our organization just got the same virus/trojan on a laptop, seemingly after visiting rouge website in IE8... however, on further investigation, there may even have been a previous issue with a fake windows update. The concern here is that sophos did not stop the virus/trojan from running and the virus/trojan was able to turn sophos protection off and shut it down. We are in the process of cleaning the machine as the virus seems specific to a user account, so running sophos in safe mode under the admin account is working.
Since sophos did not catch this upfront, are there additional manual steps that need to be taken to ensure the virus is completely removed?
:5316
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data