PrexV not catching something?

Discussion in 'Prevx Releases' started by Tom98, Sep 14, 2009.

Thread Status:
Not open for further replies.
  1. Tom98

    Tom98 Registered Member

    Joined:
    Jan 7, 2005
    Posts:
    11
    My sister's PC has the paid version of PrevX. My brother went to some tourism Web site and clicked on a picture. Lo and behold, malware took over the machine. It was one of those fake "your machine is infected" things, along with references to a spambot that sends out e-mails.

    I managed to stop a couple of processes (start.exe was one, I forget the other.) One of the many symptoms was a large gay porn picture on the desktop!

    Anyway, I am going to attempt to clean this up. I might download Combofix, which has saved me on more than one occasion. What concerns me is that we ran a PrevX scan, and it found nothing. This surprised me, as I've had good results with PrevX thus far.
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
  3. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
  4. Tom98

    Tom98 Registered Member

    Joined:
    Jan 7, 2005
    Posts:
    11
    Thanks, I will do that. Won't be until this weekend, however. I managed to kill the process, but I don't want my sister to turn on her PC until I can do so in Safe Mode.
     
  5. Mosqu

    Mosqu Registered Member

    Joined:
    Nov 21, 2008
    Posts:
    69
    Location:
    Germany
    Could it be the timing-issue mentioned in the thread "Prevx Edge not detecting anything."?
     
  6. Tom98

    Tom98 Registered Member

    Joined:
    Jan 7, 2005
    Posts:
    11
    Update: I did clean up the PC, but did not get a chance to zip up the rogue program. However, I now know what it was: the malware called "Safety Center", which pops up a phony Windows-like "security center" window which tells you that you have all sorts of infections and that you need to click here or there to fix them.

    The main file that it installed was "start.exe", and it changed the startup config so that it would run when Windows loads. It actually created a "Safety Center" folder in "Program Files", so finding and deleting it wasn't very hard. Killing the process stopped it, and then I used ComboFix to get rid of any traces of it in the Registry, etc.
     
Thread Status:
Not open for further replies.