Recently, a co-worker went to a wikipedia page, and clicked a link. Seconds later, there was one of those antivirus pop ups asking for money, as well as a url redirector.
I am curious as to why Symantec Endpoint Protection Version 11.0.5002.333 wouldn't catch the program before it installed.
I ran a totally different malware program and here is a basic of what it found, and deleted:
REGISTRY KEYS INFECTED:
Trojan.BHO
Adware,MyWebSearch (this is listed three times)
FILES INFECTED:
c:\documents and settings\username\local settings\application data\mmxjttphq\naokxhitssed.exe (rogue.antivirussuite.gen
c:\documents and settings\shared\lib.sig (adware.deepdive
c:\documents and settings\username\local settings\temp\e.exe (trojan dropper)
The program i used reported that it quarantied and deleted those. I ran the program again, and it found:
REGISTRY KEYS INFECTED:
Trojan.BHO
Adware.MyWebSearch (this is listed 3 times)
Would anyone possibly know why these were not caught by the Symantec program?
Thanks in advance,
Bruce Zoldak