Journal Chacham's Journal: Chronicle: Reoved virii from local organization's computer
While supporting a local organization's computers, i remove the offending winsock entries. Lo and behold, they belonged to B-Secure. Things worked a lot better without it (remove the entries, have IE's wizard "fix" the connection) but it noticed it was gone on reboot. So, i killed it again, removed it from startup and things were moving along.
Then came Defense Center. It puts nasty icons on the desktop and wants you to buy into its scam. It runs one process, cleverly disguised as the Windows remote executable (wau something, i forget) and places itself in
Took the hard drive out and connected it to another computer and did a full scan. It cleaned the virii, and i put it back. Still there, but Security Essentials started realizing there was a threat, but failed to remove the actual executable. Even a full scan didn't seem to remove Program Files\Defense Center (i deleted it myself after it *seemed* to have past it in the alphabetical order). But, it did ask to send a copy of it to them, which i did (twice).
I changed the
All in all there were three virii. One master that wasn't really detected, and two children that it caught after the other computer scanned it.
Windows Update installed a few items,
Chronicle: Reoved virii from local organization's computer More Login
Chronicle: Reoved virii from local organization's computer
Slashdot Top Deals