Tuesday, 16 October 2012

How to troubleshoot FakeAV if it is not detected


  • FakeAV is a detection for Trojan horse programs that intentionally misrepresent the security status of a computer. These programs attempt to convince the user to purchase software in order to remove non-existent malware or security risks from the computer. The user is continually prompted to pay for the software using a credit card. Some programs employ tactics designed to annoy or disrupt the activities of the user until the software is purchased.

Normal case: FakeAV was detected
Symptoms:
  1. Cannot open SEP or any other program.
  2. System utilities like Cmd, Taskmgr, Regedit are disabled.
  3. Receiving Pop-up from another Rogue Antivirus stating there are Virus in the machine and the machine is infected.
Solution:
1. Boot the computer in safe mode.
2. Browse to C:\Documents and Settings\%userprofile%\Local Settings\Application Data\
3. There would be a folder or a .bat file or an .exe with a random name like VRQWSDJFGK.
4. This folder contains the Fake AV file.
5. If you don't find the folder in above mentioned location, try looking for it in C:\Documents and Settings\All Users\Application Data
6. Once the folder and file are traced, submit the file to Symantec Security Response using the appropriate entitlement.
7. Once the file is submitted successfully, the file can be deleted.
8. Boot the computer in normal mode.
9. If you are not able to access Internet, Correct the proxy settings in Tools > Internet Options > Connections > LAN Settings. Most of the times the Fake AV changes the setting to 'Automatically detect settings'. If there is no proxy server, you may uncheck this setting.

Ref: Symentac -Norton Antivirus-How to troubleshoot FakeAV if it is not detected-

PakarPC No 23-1, Block A, No 2 Jalan Langkawi 53300 Setapak Kuala Lumpur FB:facebook.com/thepakarpc Hotline:1800-88-7508

0 comments:

Post a Comment