Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 1 subscriber
  • Views 15232 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Fake AV Malware Not Stopped

Stony

Why doesn't Sophos stop Malware, especially Fake AV malware, like it does viruses? We have a corporate license and all machines are up-to-date with Sophos AV but more & more we spend too much time removing malware & tracking down other changes that were made by the malware that have disabled programs.

:3565


This thread was automatically locked due to age.
Parents
  • 0

    I have to chime in here,

    I've been using Sophos at a number of client sites for ~5years. (roughly 800 computers all in all)

    I've generaly been very happy with the product.

    This year I have had computers in every site contract some type of malware.

    99% of those were FakeAV of a few flavors.

    In every case the Server/Client were up to date.

    Sophos support always helps in the removal, but often can't provide an explaination of what went wrong.

    I've even asked "what am I doing wrong / look at my policy"

    My policy apparently looks fine (Pretty much default)

    Usualy the removal process is long and arduous. Often with full CD/offline scans leaving things behind.

    I've found the quickest resolution is usualy:

    reboot, kill any processes with obviously bogus names.  (otherwise you'll get in the loop of the FakeAV windows)

    Run the free Malwarebytes AntiMalware.  (Hey I know this is a Sophos forum but this seems to do the trick when I need it)

    reboot. (sometimes fix .exe file association)

    I'm getting sick of giving clients the "Some Malware will always find a way / They come up with new IDEs every day" lines

    ps. I've never heard back from SophosLabs after submitting samples.  

    :7205
Reply
  • 0

    I have to chime in here,

    I've been using Sophos at a number of client sites for ~5years. (roughly 800 computers all in all)

    I've generaly been very happy with the product.

    This year I have had computers in every site contract some type of malware.

    99% of those were FakeAV of a few flavors.

    In every case the Server/Client were up to date.

    Sophos support always helps in the removal, but often can't provide an explaination of what went wrong.

    I've even asked "what am I doing wrong / look at my policy"

    My policy apparently looks fine (Pretty much default)

    Usualy the removal process is long and arduous. Often with full CD/offline scans leaving things behind.

    I've found the quickest resolution is usualy:

    reboot, kill any processes with obviously bogus names.  (otherwise you'll get in the loop of the FakeAV windows)

    Run the free Malwarebytes AntiMalware.  (Hey I know this is a Sophos forum but this seems to do the trick when I need it)

    reboot. (sometimes fix .exe file association)

    I'm getting sick of giving clients the "Some Malware will always find a way / They come up with new IDEs every day" lines

    ps. I've never heard back from SophosLabs after submitting samples.  

    :7205
Children
No Data