Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 6 subscribers
  • Views 12775 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"Antivirus Disable Notfiy"

Linn10

Greetings

A month ago, I helped a friend clean up his XP Pro computer. He had his own AV, and Windows kept pestering him to install an AV, so I disabled the anti-virus notify.

The other day, he was infected with the FBI MoneyPak ransomware. I got rid of it pretty easily by doing a system restore. Then I scanned with every tool  I could find, including Sophos virsu removal tool, V 2.3, which found a few instances of "RansomWare" which I could only assume was the MoneyPak.

In the log, one instance was listed as in a restore folder, which is to be expected. But another instance was in a registry file. Sophos listed the ransomware "in" a file called "Antivirus Disable Notify". Is this possible?

This really confuses me; can anyone explain?  It also makes me feel personally responsible for getting my friend infected.

Thanks.

:40227


This thread was automatically locked due to age.
Parents
  • 0

    LOL...we do have a communicaion problem, partly because I don't understand enough to ask coherently.

    The scan results showed something very much like this:


         "HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SECURITYCENTER\*\*anitvirusdisablenotify\ransomware

    IOW, it found ransomware IN the regsitry file. I edit the registry from time to time (after backing it up), but I don't really know how it works; I think I assumed it was more like "Settings" than "Files"..

    I imagine the confusion comes from Sophos' syntax in the scan results. Maybe littel people like me aren't SUPPOSED to know exactly what happened! ;-)

    :40309
Reply
  • 0

    LOL...we do have a communicaion problem, partly because I don't understand enough to ask coherently.

    The scan results showed something very much like this:


         "HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SECURITYCENTER\*\*anitvirusdisablenotify\ransomware

    IOW, it found ransomware IN the regsitry file. I edit the registry from time to time (after backing it up), but I don't really know how it works; I think I assumed it was more like "Settings" than "Files"..

    I imagine the confusion comes from Sophos' syntax in the scan results. Maybe littel people like me aren't SUPPOSED to know exactly what happened! ;-)

    :40309
Children
No Data