This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"Antivirus Disable Notfiy"

Greetings

A month ago, I helped a friend clean up his XP Pro computer. He had his own AV, and Windows kept pestering him to install an AV, so I disabled the anti-virus notify.

The other day, he was infected with the FBI MoneyPak ransomware. I got rid of it pretty easily by doing a system restore. Then I scanned with every tool I could find, including Sophos virsu removal tool, V 2.3, which found a few instances of "RansomWare" which I could only assume was the MoneyPak.

In the log, one instance was listed as in a restore folder, which is to be expected. But another instance was in a registry file. Sophos listed the ransomware "in" a file called "Antivirus Disable Notify". Is this possible?

This really confuses me; can anyone explain? It also makes me feel personally responsible for getting my friend infected.

Thanks.

This thread was automatically locked due to age.

Parents

0 QC over 12 years ago

Hello Linn10,

I might have misread you (maybe I shouldn't have made a guess without knowing the exact details). So without the exact sequence of events, the items (file, registry, ...) and detection name I can't offer a more precise explanation. One remark though - how should Sophos (some piece of software in general or even a human expert) be able to tell who made some change?

Christian
:40293
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 12 years ago

Hello Linn10,

I might have misread you (maybe I shouldn't have made a guess without knowing the exact details). So without the exact sequence of events, the items (file, registry, ...) and detection name I can't offer a more precise explanation. One remark though - how should Sophos (some piece of software in general or even a human expert) be able to tell who made some change?

Christian
:40293
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data