Jump to content
DooGie

Why add this?

Recommended Posts

Just a quick question.

What is the reasoning behind adding Sysinternals Bluescreensaver to the detections? Is there malware that disguises itself as this?

Share this post


Link to post
Share on other sites
Just a quick question.

What is the reasoning behind adding Sysinternals Bluescreensaver to the detections? Is there malware that disguises itself as this?

If it's under the system folder, and renamed, it's typically used by malware to "fake" users out - that's why it's a warning definition - if you have installed it and use it - then trust it - no "non-technical" user has that screen saver :)

Share this post


Link to post
Share on other sites

I understand exactly why this was included now.

A colleague art work stupidly clicked on a zipped email attachment which installed Antivirus XP 2008.

The hoax Bluescreensaver was installed as part of this crappy malware.

It took the IT manager and myself around 4 hours to remove the garbage that this fake AV installed.

Unfortunately we hadn't got SAS installed on the infected machine and the virus prevented us installing it.

It was removed by using a combination of smitfraudfix, malwarebytes, NAV and hijackthis. Not a pleasant experience.

I still can't manage to convince the IT manager to purchase a good antispyware programme such as SAS, I'm certain the above problem would have been sorted out a lot faster if all the desktops had this installed.

The only upside of this is that I learned a lot in those 4 hours.

Keep up the great work :)

and as my sig says

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...