It takes oversight and administration to do this, though. You can also invest in a program like Deep Freeze, which restores a computer back to it's "clean" state on reboot. This can be done through AD or through addon programs. The only thing I could say from the information given is to institute a policy of blocking executables that aren't whitelisted. What thing work? You didn't give details on the executable, where it was found, what Malwarebytes called it?.Are you in a managed environment with AD or workgroup? Some more details on our setup, our client machines are Win XP boxes, connecting to a win server 2003 AD domain We can clean it off with malwarebytes, (and are more than a little outraged that windows doesn't prevent these things from installing control panels, interrupting ctrl-alt-del/ctrl-alt-esc etc etc), but we're reluctant to shell out for a Malwarebytes site license if there is a free way of blocking it, but to do that we need to know how it works (and if MBam will keep us safe from this in future) So my question is, how does FakeAlert work?!.I can find nothing on the internet explaining in detail how it's getting in and executing, it seems to be embedded in webpages and then gets automatically download and run? I have managed to clean it off by logging in as an admin, removing the file remotely before it starts up and getting malwarebytes to scan and remove it. It manages to kill our antivirus (nod 32), and then kill attempts to start the task manager or to install malwarebytes. We have just had our second outbreak of a variant of the Windows XP home security malware (malwarebytes called it Trojan.fakeAlert).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |