Go to the SAS site and download their free software from:
http://www.superantispyware.com Update and run an in depth scan. Being free, you must perform a manual update daily.
According to independent security consultant Dancho Danchev, the threats associated with this attack include a fake antivirus, a Gbot backdoor and a variant of W32.Pilleuz which currently has a low detection rate, source:
http://ddanchev.blogspot.com/2011/03/spamvertised-united-parcel-service.htmlThe fake-av in the coctail changed the following registry keys which, when the malware is removed, may prevent internet access from functioning normally, so what to do additionally?
1. Temporarily Disable System Restore
2. Update the virus definitions.
3. Reboot computer in SafeMode
4. Run a full system scan and clean/delete all infected files
5. Delete/Modify any values added to the registry. [how to edit registry]
Navigate to and delete the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Winlogon\”Taskman” = “%SystemDrive%\RECYCLER\[SID]\sysdate.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyServer
http=127.0.0.1:50370
HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings
ProxyEnable
0x00000001
6. Exit registry editor and restart the computer,
These Internet settings will likely need to be restored, through this MS fix:
http://go.microsoft.com/?linkid=9664547polonus