A minor update
It’s been awhile since I posted anything, and I do have an article or two I am working on that will hopefully be finished soon to help start off the new year. But for now here is just a quick bit of information or two that can help some others out there.
Lately, I’ve had more and more fake/rogue AV programs popping up and some have taken a new twist. Usually malware installs itself into the currently logged in user’s Documents and Settings directory. But I have a had quite a few that have put themselves into the All users or Default User directories. Fortunately I tend to check those anyway to make sure nothing is lurking in there but it would be very easy to overlook something set to run at start-up in those other user directories. One of the files, as an example; is hotfix dot exe which is a pain as it installs, runs at start-up and prevents Windows from even finishing loading!
As a person who has to support a lot of users and remote locations, it can sometimes be a hassle to get remote process information from a machine. While I know that the command line tools are out there to do it, I am a firm believer in GUI tools. (Show me a command line tool that is more powerful than a point and click GUI version, and you’ve just shown me a GUI version that had a lazy developer who didn’t put all power of the command line version as he should have. But that’s my personal opinion, your milage may vary.) Anyway, a new tool that I found that works really well for accessing and killing remote processes is Remote Process Explorer. It’s free for personal use, around $90 for a corporate license and does an excellent job of letting you connect remotely to machine and see what processes are running, and to kill them. Very much like a task manager for remote machines, I have used it several times to help me kill fake AV programs that are trying to take over a user’s computer and then been able to remove the offending exe and run local anti spyware and anti-virus software to eliminate any thing left behind by the fake AV.
*** This is a Security Bloggers Network syndicated blog from Technomagic authored by David. Read the original post at: https://varne.wordpress.com/2011/01/11/a-minor-update/