Page 1 of 6 123 ... LastLast
Results 1 to 10 of 57
  1. #1
    Newbie
    Join Date
    Aug 2008
    Posts
    5

    Default XP AntiVirus 2008/2009

    I have two customers with Untangle boxes and they have workstations that have gotten infected with the infamous "XP AntiVirus 2009" spyware. Anyone know of anyway to block this with Untangle?

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,173

    Default

    Welcome to the forums..

    The installers are detected on download.

    That does nothing for an active infection, so you still have to clean the boxes.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Newbie
    Join Date
    Aug 2008
    Posts
    5

    Default

    We placed Untangle in this customer environment two weeks ago and a workstation became infected today.....

  4. #4
    Newbie
    Join Date
    Sep 2008
    Posts
    10

    Default Best removal tool

    I've found the best removal tool for this is malwarebytes anti malware.
    Works every time for this particular threat.

    It's very possible that the virus has come in via someones usb flash drive or the like?

  5. #5
    Untangler
    Join Date
    Sep 2008
    Posts
    69

    Default

    Quote Originally Posted by jfilson View Post
    We placed Untangle in this customer environment two weeks ago and a workstation became infected today.....


    Are you running Clam or Kaspersky? I would run Kaspersky locally on the infected machines to clean them. A gateway AV is a great idea, but you still need local AV.

    For Windows, Kaspersky is arguably the best AV. There is another good one out there, but ones like Norton, McAfee etc.. are total garbage.

  6. #6
    mdh
    mdh is offline
    Untangle Ninja mdh's Avatar
    Join Date
    Aug 2007
    Posts
    4,786

    Default

    Agreed. You know the cooties got there, but you don't know how. It could always have come in with a USB drive.

  7. #7
    Master Untangler
    Join Date
    Apr 2008
    Posts
    346

    Default

    Actually, there is a new form of this injection, hitting emails. The emails are saying in the subject, something like Milan cannot afford Ronaldinho, with a link to a news report.
    However, if the victim clicks on the link they will be taken to a page with a message encouraging them to install a Flash Player to watch a video with the information. And, that is what loads XP Antivirus 2008. Does Untangle stop this new form yet???
    Not certain.
    But, now you have more information to look for to see if this is how the infection came in.

  8. #8
    Master Untangler Evil_Bert's Avatar
    Join Date
    Nov 2007
    Location
    Sydney, Australia
    Posts
    119

    Default

    I got the same "XP Antivirus 2009" infection about a month ago by drive-by download (I followed a Google link and *zap* there she was ...). Luckily this was only in a VM - but still behind UT (a stable config I've had for many months now). It definitely came from the web, through UT. This VM is "reset to snapshot" after every use, so the infection could only arrive during a session and there's nothing else this VM communicates with - it's a "browser appliance".

    There are many alternate universes, but only this one has beer.

  9. #9
    Untangler
    Join Date
    Sep 2008
    Posts
    69

    Default

    Since you know you got it from the web this means UT failed to detect and remove it. Quite disappointing.

  10. #10
    Master Untangler
    Join Date
    Aug 2008
    Posts
    284

    Default

    Not really disappointing. That's just the nature of security appliances and applications. The malicious code writers are almost always one step ahead in coming out with new ways to infect computers. One way to combat that is to submit samples of new infections as well as the links they came from. This allows the security application developers narrow the time frame of new, undetected threat to new, detected threat.

    Send the information to the Untangle crew as well so they can close the holes.

Page 1 of 6 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2