8 Replies Latest reply on Dec 29, 2011 7:26 AM by Attila Polinger

    How do I configure VirusScan Enterprise to block fake Antivirus trojans?

      I have a brand new Toshiba Satellite laptop running Windows 7. I have McAfee virus scan enterprise installed, updated and running correctly.  Windows is also up to date.  Despite this I have been infected with fake AV trojans six times over the past three weeks.  I am not clicking suspsicious links, opening email attachments or visiting sketchy websites, yet I keep getting hit with these Fake AV trojans that seem to appear "out of the blue" and do not get stopped by McAfee. McAfee seems to clean the files afterward, but the system is then non-functional, requiring the use of a restore point. After system restore, McAfee does not find any malware on the computer. Then a few days later, after multiple negative scans, another fake AV trojan will  strike and I have to go through the same process again.

       

      I have two questions:

       

      1)  What causing a brand new machine to be so vulnerable to this type of malware?  Windows is up to date, McAfee is up to date. Checking the quaranteened files, it looks like they are all different, according to McAfee. They often show up first in the JAVA cache folder and then get "installed" in random places in the /appdata folder. What could make this particular computer so vulnerable to this type of attack?

       

      2)  More importantly, what can I do about it?  How can I configure McAfee Virus Scan enterprise to eliminate my vulnerability to such trojans?

       

      I know there are many people having the same problem. I hope somebody can answer the questions for the benefit of many!