ok I am an IT pro, in the past DOS and early NT4 days I was invovled in the AV industry (to give context)
the kids home PC (laptop) has a virus
specifically it looks like a varriant of FakeAlert -Antivir
not one to give up the fight, I am trying to remove it (I should point out I am not at home ATM, so not at the machine)
the payload is consistent with FakeAlert so far (warning messages all over the shop, blocked access to executables, blocked access to internet using local proxy)
Sooo gone down the usual route (process kill, registry edit, file removal)
The processes, files and reg entries are not showing. The existing documentation on this variant states filenames are based on Antivir, however, no sign of such files in a search of the hard drive, these fiendishly clever virus chaps must have hit on the cunning plan of renaming the damn exes and registry entries.
The internet block is preventing from downloading any utilities that would help with removal
only other machine is PGP encrypted so cant connect and copy
sooo later today I am going to try and find the overide for proxy in the registry which must, I gues, be there, and hope I can reload the registry hive and access some utilities before the Virus closes the hole I create
however, any ideals/suggest would be welcome
ok forgot, Windows XP, latest updates
and having discussed the problem with my 12YO in front of the offending hardware, it would appeaer to be Antivir Solution Pro, which at the moment seems a very popular search!
additional edit: eep, looks like the malware took out the safe boot registry entries
Edited by Cheredanine, 13 July 2010 - 09:57 AM.