Jump to content

Recommended Posts

I manage IT systems for a large group of users in an Educational. I've recently started to see computers infected with variations of the FakeMS and Fake AV malware.

I can clean it with Malwarebytes, no problem. Except that now (in a total of 4 cases so far), there are no icons listed under All Programs on the start button! (WinXP and Win7).

Thinking (finally started that today!!) that the Icons had to be somewhere, or the Malware would be self defeating, I searched for "Word" and found the icons had been moved and hidden (not deleted thank goodness) to "C:\Documents and Settings\{username that got infected}\Local Settings\Temp\smtmp" under WinXP and "C:\Users\{username that got infected}\AppData\Local\Temp\smtmp" under Win7.

We run Active Directory here, and for security reasons, I do not know the users passwords, so the scans are usually run as an alternate user account (usually Local Administrator to prevent exposing my domain account).

Posting this in hopes that the Malwarebytes scanner/cleaner can be updated in some way to account for the icons being moved and hidden and correct it during the scan.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.