Jump to content
Sign in to follow this  
lex_o

Win 7 Antivirus 2011 - Trojan Not Detected

Recommended Posts

Hello,

 

We have a new deployment for Kaspersky Anti-Virus 6.0 to some Windows 7 systems.

 

A few days after deployment the workstations was infected with the Trojan "Win 7 Anti-Virus 2011". I have seen posts of this Trojan going back a couple of months.

 

I contacted support and they advised there was no reference to this Trojan in the Kaspersky knowledge base, however support did send me links about the trojan and this included details about Malwarebytes and includes posts that go back a couple of months at least.

 

Has anyone else had this Trojan bypass Kaspersky and infect there systems?

 

Shouldn't we expect Kaspersky to be up to date with threats that are 2 months old?

 

 

Share this post


Link to post

I agree. I am having the same problem. From what I have seen this is months old now. What the heck am I paying Kapersky for if they cant stop these or fix them. I have updated everything and run several scans. What a waste!....Im not sure what to do other than take my business elsewhere. What the hell KApersky!>?

 

does anyone have a solution for this? Buy a different anti-virus?

Share this post


Link to post
I agree. I am having the same problem. From what I have seen this is months old now. What the heck am I paying Kapersky for if they cant stop these or fix them. I have updated everything and run several scans. What a waste!....Im not sure what to do other than take my business elsewhere. What the hell KApersky!>?

 

does anyone have a solution for this? Buy a different anti-virus?

 

 

You can take your business anywhere you want but you'll end up with the same problem. I haven't used one AV solution that has been able to stop these Rogue Trojans from getting installed and have found the best method for these specific types is user education. Rogue Trojan software is installed because it tricks the user into installing it by clicking something on the screen. Rogue software looks generally the same other than the name of the fake AV solution that is supposed to help fix the problem. Tell your users that when the fake AV pops up to just hit ALT-F4 until their browser shuts down, if they can't handle that just tell them to turn off their computer then power it back up.

 

I've had these pop up from time to time even going to legitimate sites and I just use ALT-F4 and have never had one install.

Share this post


Link to post

Had one of the workstation PC infected today... Fake antivirus. Virus definitions updated and everything. Even ran a full scan didn't pick up anything..

 

Had to run combofix + malwarebytes + manual registry edits

 

c:\documents and settings\admin\WINDOWS

c:\documents and settings\All Users\Application Data\defender.exe

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\All Users\Desktop\Malware Protection.lnk

.

----- BITS: Possible infected sites -----

.

hxxp://server:8530

Share this post


Link to post
Another two machines infected today.. Antivirus 2011..

Is it possible to get samples?

Share this post


Link to post
Sign in to follow this  

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.