I haven’t seen this one before – but apparently it’s not really new.
Generally it’s possible to sneak in a Ctrl-Alt-Del in order to launch a task manager in order to kill fake antivirus processes and then run cleanup progs. This one has the task manager disabled from the get-go, giving an error saying the administrator has blocked it. Either that’s a fake message or they’ve implemented some sort of group policy. According to MS it’s either a group policy or a registry hack.
Even after “fixing” the disabled task manager it would not run, which is typical malware behavior even though it was no longer GP’d out. Rebooting the comp re-disabled the taskman.
This was a much tougher fake A/V, this comp had a cocktail of malware that was blocking updates from the various cleaning app websites even though I was able to go to the respective websites. Got it out though.
Leave a comment
No comments yet.