First chance to 'test' Live OneCare v2 and others

By R C, in , posted: 1-Oct-2007 18:58

I have been running vista x64 for six months now, with OneCare v2 beta, and no other security software. I had never needed to use it until last weekend.

I for one never have had a problem with UAC popping up all of the time.
So I was pleasantly surprised to see it appear asking me if I wanted to let *.exe run on my PC.
I knew I didn’t want to run it as I hadn’t asked it to, so I said no and thought nothing of it.

However, it kept on popping up everyone hour or so, so I decided to Google it to see why on earth it was doing this. And lucky me I had found some malicious software!!

Now the fun part came when I decided that I did not want it on my PC, rather that Googling it this time I thought I would try to get rid of it myself. Firstly I tried to delete it, this or me nowhere as I did not have the permission to do so. Even though I am the admin user, I changed the rights on the file itself saying that if I am running it as the admin then my only permission is to delete it.

This seemed to make Vista happy and it was gone. Or so I thought, it reappeared in another folder, so same trick again and it disappeared again. Until an hour or so later it had reinstated itself.

So I decided to run OneCare just to see if it would pick it up, left it overnight and when I got up it had found nothing wrong on the PC.

By now I realised that I was getting nowhere in a hurry, so I downloaded Spybot, Adaware and HiJackThis, just to see if they would get me any further.

Unfortunately for me they proved just as useless at removing this unwanted pest.

So I decided to do something stupid, let it install itself. Ok so it's not entirely a dim witted thing to do, as a format will solve many problems. Once installed I ran OneCare again overnight and thankfully this time it removed it.

Trojan 0 - 1 OneCare
Worm 0 - 1 OneCare

End result, a once again clean PC, and two nil up to Live OneCare.

Other related posts:
Xbox360 Dashboard update and Unreadable Disc's
Hotel cancellations experience
White Powder Incident - Wellington

Comment by freitasm, on 1-Oct-2007 19:54

The most interesting question is why it would try to execute the program every hour to install it? Obviously something was already installed to try and run the program on a schedule, otherwise it wouldn't try a second time?

Author's note by rscole86, on 1-Oct-2007 20:55

Yeah I was thinking that to, if there was it was purely browser related. As it only happened whenever I had firefox open from what I remember.

rscole86's profile

New Zealand