“New” Malware Behavior

I haven’t seen this one before – but apparently it’s not really new.

Generally it’s possible to sneak in a Ctrl-Alt-Del in order to launch a task manager in order to kill fake antivirus processes and then run cleanup progs.  This one has the task manager disabled from the get-go, giving an error saying the administrator has blocked it.  Either that’s a fake message or they’ve implemented some sort of group policy.  According to MS it’s either a group policy or a registry hack.

Even after “fixing” the disabled task manager it would not run, which is typical malware behavior even though it was no longer GP’d out.  Rebooting the comp re-disabled the taskman.

Update:

This was a much tougher fake A/V, this comp had a cocktail of malware that was blocking updates from the various cleaning app websites even though I was able to go to the respective websites.  Got it out though.

Advertisements

Leave a comment

No comments yet.

Comments RSS TrackBack Identifier URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

  • Calendar

    • January 2010
      M T W T F S S
      « Dec   Feb »
       123
      45678910
      11121314151617
      18192021222324
      25262728293031
  • Search