Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 2203 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mal/FakeAvHm-A infection

smith497

Dear Sophos people,

my sophos anti-virus tells me I've been infected with the Mal/FakeAvHm-A. It was last updated the last time about two weeks ago and the reported malware is from March 2009. Nevertheless spam pages and unwanted dialogs are opening. In addition I am not able to open sophos, regedit, msconfig or any other program useful to get rid of this. so what can I do?

:3223


This thread was automatically locked due to age.
Parents
  • 0

    We have been hit by FakeAV and we have found changing our protection settings it enable HIPS has greatly reduced our cleanup and prevented infections. Read the details and know what you are getting by enabling HIPS. Also SESC 9.5 will be providing Sophos white listing of HIPS from Sophos Labs to help make this even better.  There will even be tamper protection option included in SESC 9.5 which should reduce some of these attacks that are disabling Sophos. 

    The days have gone when anti-virus vendors could protect systems by providing definitions for known threats.  Today malware is being used to attack systems for money, more often then to do harm or play jokes on people. The new easy job is to trick people into paying for fake products or to steal a person's data. This new approach to malware is being done in large numbers and the codes are being changed daily, sometimes within hours of a release.

    Here is an article covering the life of malware in Aug 2009:  http://www.scmagazineus.com/most-malware-dies-within-24-hours/article/146384/ (2009)

    Here is an article covering fake AV from Sophos:
    http://www.sophos.com/support/knowledgebase/article/110379.html (2010)

     SophosLabs explains HIPS in detail:
    http://www.sophos.com/security/sophoslabs/sophos-hips/index.html (2010)

    :3346
Reply
  • 0

    We have been hit by FakeAV and we have found changing our protection settings it enable HIPS has greatly reduced our cleanup and prevented infections. Read the details and know what you are getting by enabling HIPS. Also SESC 9.5 will be providing Sophos white listing of HIPS from Sophos Labs to help make this even better.  There will even be tamper protection option included in SESC 9.5 which should reduce some of these attacks that are disabling Sophos. 

    The days have gone when anti-virus vendors could protect systems by providing definitions for known threats.  Today malware is being used to attack systems for money, more often then to do harm or play jokes on people. The new easy job is to trick people into paying for fake products or to steal a person's data. This new approach to malware is being done in large numbers and the codes are being changed daily, sometimes within hours of a release.

    Here is an article covering the life of malware in Aug 2009:  http://www.scmagazineus.com/most-malware-dies-within-24-hours/article/146384/ (2009)

    Here is an article covering fake AV from Sophos:
    http://www.sophos.com/support/knowledgebase/article/110379.html (2010)

     SophosLabs explains HIPS in detail:
    http://www.sophos.com/security/sophoslabs/sophos-hips/index.html (2010)

    :3346
Children
No Data