Message Image

Skip main navigation (Press Enter).

Endpoint Protection

View Only

Back to discussions

Expand all | Collapse all

trojan.fakeav again

Migration UserMay 10, 2010 10:06 AM

One of our workstations was infected with trojan.av. SEP detected the program, bot only after it was ...

Thomas KMay 10, 2010 10:23 AM

Please submit the files to Security Response at http://www.symantec.com/business/security_response/submitsamples.jsp ...

Migration UserMay 10, 2010 10:45 AM

I was missing the contact ID, but the samples are submitted. I zipped up the malwarebytes quarantine ...

1. trojan.fakeav again

0 Recommend
Migration User
Posted May 10, 2010 10:06 AM

Reply Reply Privately
One of our workstations was infected with trojan.av. SEP detected the program, bot only after it was already running and could not be deleted by the scan. I ended the process manually and deleted the file detected by SEP. I then ran malwarebytes which found other files and registry entries related to this infection. I have the malwarebytes quarantine ready to submit to symantec and am waiting for the web address for submission. I realize that I could use application control to prevent this type of infection, but that is not available on 64 bit windows.
2. RE: trojan.fakeav again

0 Recommend
Thomas K
Posted May 10, 2010 10:23 AM

Reply Reply Privately
Please submit the files to Security Response at http://www.symantec.com/business/security_response/submitsamples.jsp

Or Threat Expert at - http://www.threatexpert.com/submit.aspx

Thanks,
Thomas
3. RE: trojan.fakeav again

0 Recommend
Migration User
Posted May 10, 2010 10:45 AM

Reply Reply Privately
I was missing the contact ID, but the samples are submitted. I zipped up the malwarebytes quarantine directory, so I hope they can read whatever format Malwarebytes is using.

Copyright 2019. All rights reserved.

Powered by Higher Logic