Users in my company are getting hit by Fake.AV for a year. We run Win XP SP3 with SEPP ver.11 and Webroot AntiSpyware ver. 3.5.1 installed on each desktop. Sometimes I do get a message from either AV that Fake.AV was detected on a machine, but a few time those viruses went completely undetected and did the damage. The virus defs. on those machines are up-to-date.
Why Symantec is not able to detect those Fake.AV ? In all cases when the virus did infect a machine I used Malwarebytes to remove the threat. Why this free program is able to do the job and Symantec can't? I attached a screenshot of a scan that I ran just yesterday from one of the user's machine that got infected. It had a familiar Fake.AV popup message "You need to purchase this AV to remove the virus", several registry keys were modifyed and proxy setting in IE were changed. I booted into SafeMode with Networking, installed Malwarebytes, updated definitions, ran the scan, deleted infected files and machine is being working fine so far.
Symantec, I need your help to block those Fake.AV!
Thank you,
Paul Leskov,
Network Administrator