Endpoint Protection

 View Only

  • 1.  Fake AV - Virus problem that needs to be addressed

    Posted Jan 29, 2010 07:29 AM
    My wife's laptop was hit with a fake AV alert virus.

    Norton seems to have cleaned the virus (but may not have), but .... there continues to be a red shield with a white X on the status bar that say NAV is out of date.  This has never been true on her computer.

    When I look at the NAV history I find these:
    Unauthorized access block (Open Process Token)        Blocked        1/26/2010 9:38:48 AM
    Trojan.FakeAV detected by Auto-Protect            Removed        1/26/2010 7:30:08 AM
    Statistical Submission: Trojan.FakeAV            Submitted    1/26/2010 7:26:06 AM
    AntivirusSystemPro detected by Virus scanner        Removed        1/25/2010 5:57:15 PM
    Statistical Submission: AntivirusSystemPro        Submitted    1/26/2010 5:52:43 PM
    vxcjsysguard.exe accessed your network resources    Detected    1/24/2010 5:17:35 AM
    tvcp.exe made 5 modifications to your System Config.    Detected    1/24/2010 5:17:20 AM
    IPS Detection Statistical Submission            Submitted    1/24/2010 5:16:55 AM

    It's seems clear that the infection occurred around 1/24/2010 5:16:55 AM

    On the 26th is when all the fake AV message appeared (because my wife closed the laptop right around the time of infection).

    The Norton Alert shield has been red ever since and it's never been out of date.  It prompts to click to correct the problem, but I suspect it has been compromised and will infect the computer again if I click on it.

    I believe something is still not cleaned on this computer.

    If you need access to the computer just shoot me an email.




  • 2.  RE: Fake AV - Virus problem that needs to be addressed

    Posted Jan 29, 2010 07:37 AM
    Pls post it in the right form .This form is for SEP11.
    COMMUNITY


  • 3.  RE: Fake AV - Virus problem that needs to be addressed

    Posted Jan 29, 2010 07:42 AM
    One more piece of info.

    On my netbook (NOT the infected computer above), I had not turned it on in 34 days so I had the red alert shield on the status bar but ... after running live updates from NAV and clicking on the "fix" button (IN NAV not the shield application) which ran a quick scan the shield went away. 

    On my wife's laptop (the infected computer), Norton detects no problems and about a dozen full scans have been run since the 26th and many quick scans have run.  This is what has I believe the red shield program may be infected.



  • 4.  RE: Fake AV - Virus problem that needs to be addressed

    Posted Jan 29, 2010 07:43 AM
    Huh?

    forum says:
    Security > Endpoint Protection (AntiVirus) Forum

    I don't see anything about Sep 11.


  • 5.  RE: Fake AV - Virus problem that needs to be addressed

    Posted Jan 29, 2010 07:44 AM
    Scan it in safe mode and try... 


  • 6.  RE: Fake AV - Virus problem that needs to be addressed

    Posted Jan 29, 2010 07:46 AM
    Yes it means that...
    This form is for SEP 11
    Endpoint protection (AntiVirus) means SEP 11 


  • 7.  RE: Fake AV - Virus problem that needs to be addressed

    Posted Jan 29, 2010 07:48 AM
    What is the correct forum for AV issues?  Please post to the correct forum provides no useful info.  Thanks


  • 8.  RE: Fake AV - Virus problem that needs to be addressed

    Posted Jan 29, 2010 08:01 AM
    OK ... I reposted this topic here:
    https://www-secure.symantec.com/connect/forums/fake-av-virus-problem-needs-be-addressed-0

    So if an admin would like to delete this thread to keep forum thread on topic, please do so.

    FYI:  Endpoint protection to me means on your computer.  You may want to clarify it somehow.

    Thanks.