Security Community Blog

While searching the web for iPhones, a fake security malware infected my laptop. Although I use Firefox and Symantec Endpoint, the trojan slipped through my XP SP3 system. When I ran a full scan, the March 5 r of Symantec did not identify the problem.  After researching the web, I found a blog at "Bleepingcomputer.com," which fully described the problem and the solution. I used MalwareBytes' AntiMalware to remove the infected registries and files. Note that the rogue has other names, such as Vista Internet Security 2010, Win 7 Internet Security 2010, and several others.  This rogue must be disabled before it allows other executable files to run. I used FixExe.reg.

Variants of the files infected are as follows.

%UserProfile%\Local Settings\Application Data\av.exe

%UserProfile%\Local Settings\Application Data\WRblt8464P...