In our environment few machine has been affected by Spyware " XP Security 2011 firewall alert & XP Antispyware 2011 Alert",
The above 2 Spyware has drop one or two .exe files under current user, application data, they randomly change the names, but it should be 3 letter files.
And created few changes & modification under registry.
McAfee virus scan and Stinger Not event detect that.
I ran Hijack this and few tools to identify the thread on the machine, Once i removed the infected file from the machine, the Spyware got removed but after restating the machine
.exe files are not open up.....If i click any .exe file, open with diolog box appears and i unable to open any .exe files. Its seems to be some windows file has been corrupted.
Is there any sollution for this
Is there a way to create a AP rule in virus scan to avoid this kind of issues.
Thanks in advance.
I had that once... The Virus had manipulated something in the registry for the .exe extenstion. But I was unable to fix it within 2 hours of fiddling around, so I decided to fresh setup the PC.
For protection of that Virus keep your software (all Adobe Products, Java, ...) on an up to date state as that one is usually distributed by drive-by infection. It's so often updated that the AV manufactors (like Mcafee) can't react fast enough.
Not really, as the developers of that Spyware constantly update it to use the latest security holes. Besides that they also use typical distribution channels like spam mail and such. The chance is really big to be once infected.
What helps against being infected is to keep Windows, Adobe (Reader, Flash, Shockwave) and Java up to date.