POV-Ray: Newsgroups: povray.off-topic: Fake AV: Re: Fake AV

POV-Ray : Newsgroups : povray.off-topic : Fake AV : Re: Fake AV		Server Time 4 Sep 2024 05:15:13 EDT (-0400)

From: Invisible
Date: 11 May 2010 07:45:35
Message: <4be9435f@news.povray.org>

scott wrote:
>> logged into the PC. This surely indicates that something has been 
>> installed locally. And yet repeated AV scans detect nothing...
> 
> You could just use one of those "spy" tools (forget which one now, but 
> former SysInternals probably have something) to check which process owns 
> the fake AV alert window.  Then just see where it's running from, or 
> google the name or whatever.

Obviously the first thing I did was run Process Explorer to see what 
processes are running. I found nothing unusual. I hadn't thought of 
using it to check which process owns the window though; it's not a 
feature I usually have call to use. (I have a sneaking feeling the 
answer would just be IEXPLORE.EXE, which seemed to be running directly 
after login...)

Then again, I also crawled around in the registry and found nothing 
unusual. But deleting the registry hive fixed the problem, so clearly 
there *was* something interesting in there that I didn't see.

The problem is fixed now, so I can't investigate further. I did find it 
rather alarming however that our AV system that we pay a lot of money 
for could apparently find nothing wrong...

Post a reply to this message