Endpoint Protection

 View Only
  • 1.  Any one has experience with "Security Master AV"?

    Posted Aug 06, 2010 07:34 AM
    Hi All:

    Has any other SEP user out there had experience with "Security Master AV"?

    We had this situation today. A user laptop was infected with this fake AV. The SEP agent was not running anymore.
    Now we are at a point where 'preventive' measures failed and start to think how to remove this virus.
    I checked
    http://www.symantec.com/business/security_response/landing/azlisting.jsp?azid=S
    Security Master AV is not listed in the Threats list.
    A search does not show any relevant results.

    A google search reveals bleepingcomputer had an uninstall guide since 26May2010.
    http://www.bleepingcomputer.com/virus-removal/remove-security-master-av
    I know not all AV are 100% and its a mouse and cat catch up game.
    But between 26May and today 8Aug, sounds like a very long time for a reputable Security company to catch up.

    I have opened a case to Symantec to tackle this virus. And help to install SEP (we can't install after trying so many things).

    I'm just thinking why there is no 'self-help' info on the virus on the security response site and forum. A removal tool sounds necessary.

    I tried to run a removal tool from Norton but it asks to be connected to the internet. Of course at this point we have isolated the infected laptop from the network.

    Hope somebody shares.





  • 2.  RE: Any one has experience with "Security Master AV"?



  • 3.  RE: Any one has experience with "Security Master AV"?

    Posted Aug 06, 2010 08:04 AM
    Have you tried using the Symantec Endpoint Recovery tool. This video explains how to use it. As you do not have internet access on that machine this tool should help.
    https://www-secure.symantec.com/connect/videos/symantec-endpoint-recovery-tool-sert


  • 4.  RE: Any one has experience with "Security Master AV"?

    Posted Aug 07, 2010 03:18 AM
    Hi Sandip

    Thanks for the tip. I watched your video.

    The problem with booting from a recover CD is the infected computer has SafeBoot installed.
    We tried using the Avira Rescue CD but the encrypted HDD cannot be seen.
    I believe using this SEP Recovery Tool would encounter the same problem.