HELP: AVASoft Antivirus Professional Fake Software Infection
Hello:
I have a client who appears to be infected with the AVASoft Antivirus Professional rogue/fake anti-virus software. The SEP client's definitions were updated, today, prior to the infection, as they are dated March 19, 2013. I cannot find information about this, within the Symantec website; so, is there any information relating to the detection, cleanup, etc. of this infection, using a Symantec Endpoint Protection 11.x, unmanaged client?
When the system is booted up, the infection disables SEP from the system tray, as the user can see the SEP system tray icon disappear, upon system start; then, the AVASoft Antivirus Professional system tray icon appears. I have instructed the person to boot into SAFE MODE and run a full system scan. So far, the unmanaged SEP 11.x client can start in SAFE MODE and is scanning, which is good, because the SEP 11.x client cannot start when the person boots, normally.
Therefore, any KB, technical notes, tool, etc,. would be greated appreciated; thank you.
Comments 4 Comments • Jump to latest comment
Run Load Point Analysis and submit any suspicious files to security response. You can also run Power Eraser which should help to remove some of the more persistent malware as well as malware without a signature.
Using SymHelp, how to collect the Load Point Analysis Logs and Submit the same to Symantec Technical Support Team.
Download SymHelp from this link
Symantec Help (SymHelp)
SEP Knowledge Base
Endpoint SWAT
Hi Volron,
These may help:
Putting IPS into place on SEP is very effective against FakeAV. AV alone is not enough for complete protection.
Hope this helps!
With thanks and best regards,
Mick
Hello,
Consider Using Symantec Power Eraser when:
An outbreak on a small number of workstations or windows servers
I would suggest you to work on the below Articles:
Using Symantec Help (SymHelp) Tool, how to Collect the Suspicious Files and Submit the same to Symantec Security Response Team.
http://www.symantec.com/docs/TECH203027
Symantec Power Eraser using Symantec Help (SymHelp) Tool.
http://www.symantec.com/docs/TECH203683
How to troubleshoot FakeAV if it is not detected
http://www.symantec.com/docs/TECH157781
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Hello, everyone:
I want to thank everyone for their valuable assistance. I plan to follow the strategies outlined above, along with a few others, geared toward this specific "infection." The KB articles pointed to in this posting have been valuable and will help me in this instance and I am certain will be helpful, in the future. Once again, thank you, everyone.
Would you like to reply?
Login or Register to post your comment.