Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 796 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Fake AV running rampant need help on how to remove from network

RobM
We are a post-secondary institution and have a number of student and staff complaints about FakeAV and ransomware infections. Right now our only hope is to wipe and rebuild from scratch. I've looked at the Sophos Anti-rootkit software, but the documentation on network cleansing is not very intuitive. Does anyone have some suggestions on a better way to clean up this mess? Thanks, Rob
:11367


This thread was automatically locked due to age.
Parents
  • 0
    Thanks Christian, It most likely coming from the outside. Think students, free time and fast Internet connections. We run Sophos. We are currently upgrading everyone to 9.5, about half the machines have been upgraded. The ransomware is more rare and we our procedure is to wipe and reimage the machine. The students know not not keep any data on the laptop. I got the rootkit information from this Sophos KB http://www.sophos.com/support/knowledgebase/article/55430.html Looks like we'll be calling support on this. Thanks, Rob
    :11445
Reply
  • 0
    Thanks Christian, It most likely coming from the outside. Think students, free time and fast Internet connections. We run Sophos. We are currently upgrading everyone to 9.5, about half the machines have been upgraded. The ransomware is more rare and we our procedure is to wipe and reimage the machine. The students know not not keep any data on the laptop. I got the rootkit information from this Sophos KB http://www.sophos.com/support/knowledgebase/article/55430.html Looks like we'll be calling support on this. Thanks, Rob
    :11445
Children
No Data