DooGie Posted June 23, 2008 Just a quick question. What is the reasoning behind adding Sysinternals Bluescreensaver to the detections? Is there malware that disguises itself as this? Share this post Link to post Share on other sites
SUPERAntiSpy Posted June 23, 2008 Just a quick question.What is the reasoning behind adding Sysinternals Bluescreensaver to the detections? Is there malware that disguises itself as this? If it's under the system folder, and renamed, it's typically used by malware to "fake" users out - that's why it's a warning definition - if you have installed it and use it - then trust it - no "non-technical" user has that screen saver Share this post Link to post Share on other sites
DooGie Posted June 24, 2008 Thanks for the explanation Share this post Link to post Share on other sites
DooGie Posted August 23, 2008 I understand exactly why this was included now. A colleague art work stupidly clicked on a zipped email attachment which installed Antivirus XP 2008. The hoax Bluescreensaver was installed as part of this crappy malware. It took the IT manager and myself around 4 hours to remove the garbage that this fake AV installed. Unfortunately we hadn't got SAS installed on the infected machine and the virus prevented us installing it. It was removed by using a combination of smitfraudfix, malwarebytes, NAV and hijackthis. Not a pleasant experience. I still can't manage to convince the IT manager to purchase a good antispyware programme such as SAS, I'm certain the above problem would have been sorted out a lot faster if all the desktops had this installed. The only upside of this is that I learned a lot in those 4 hours. Keep up the great work and as my sig says Share this post Link to post Share on other sites