SAFETYANTISPYWARE AS SYMANTEC NORTON ANTIVIRUS?
Updated: December 10, 2009 3:28:48 PM
Type: Misleading Application
Name: SafetyAntiSpyware
Publisher: safetyantispywareshop.com
Risk Impact: Medium
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
The following instructions pertain to all current and recent Symantec antivirus products, including Symantec AntiVirus and Norton AntiVirus product lines
- Disable System Restore (Windows Me / XP).
- Update the virus definitions.
- Run a full system scan.
- Delete any values added to the registry.
For specific details on each of these steps, read the following instructions.
1. To disable System Restore (Windows Me / XP)
If you are running Windows Me or Windows XP, we recommend that you temporarily turn off Restore sistema.Windows Me / XP uses this feature, which is enabled by default, to restore the files on your computer in case of a dañen.Si virus, worm, or Trojan infects a computer, System Restore can hold the virus, worm, or Trojan on the computer.
Windows prevents outside programs, including antivirus programs, from modifying System Restore.Therefore, antivirus programs or tools can not remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other places.
Also, a virus scan may detect a threat in the System Restore folder even though you have removed the threat.
For instructions on disabling System Restore, read your Windows documentation, or one of the following items:
How to enable or disable Windows System Restore
How to enable or disable Windows XP System Restore
Note: When you are completely finished with the removal procedure and are satisfied that the threat has been removed, reenable System Restore by following the instructions in the aforementioned documents.
For additional information, and an alternative to disabling System Restore, see the Microsoft Knowledge Base: Antivirus Tools Can not Clean Infected Files in the _Restore Folder (Article ID: Q263455).
2. To update the virus definitions
Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the latest virus definitions:
LiveUpdate operation, which is the easiest way to obtain virus definitions.
If you use Norton AntiVirus 2006, Symantec AntiVirus Corporate Edition 10.0, or newer products, LiveUpdate definitions are updated daily. These products include new technology.
If you use Norton AntiVirus 2005, Symantec AntiVirus Corporate Edition 9.0, or earlier products, LiveUpdate definitions are updated weekly. The exception is major outbreaks, when definitions are updated more often.
Download the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are set daily.You should download the definitions from the Symantec Web site and manually install Security Response.
The latest Intelligent Updater virus definitions can be obtained from: The Intelligent Updater virus definitions.For detailed instructions read the document: How to update virus definition files using the Intelligent Updater.
3. To run a full system scan
Start your Symantec antivirus program and make sure it is set to scan all files.
For Norton AntiVirus consumer products: Read the document: How to configure Norton AntiVirus to scan all files.
For Symantec AntiVirus Enterprise products: Read the document: How to verify that a Symantec enterprise antivirus product is set to scan all files.
Run a full system scan
If any files are detected, follow the instructions displayed by the program antivirus.Importante: If you can not start your Symantec antivirus product reports and products that you can not delete a detected file, you may have to stop running the risk In order to eliminate it. To do this, run the scan in Safe Mode. For instructions, read How to start your computer in Safe Mode. Once you have restarted in Safe mode, run the scan again.
Once files are deleted, restart the computer in Normal mode and proceed with the next section.
Warning messages may appear when the computer is restarted, since the threat may not be totally eliminated in this punto.Puede ignore these messages and click OK. These messages appear when the computer is restarted after the removal instructions have been fully completed. The messages displayed may be similar to the following:
Title
Message body: Windows can not find [file name]. Make sure you typed the name correctly, and try again. To find a file, click the Start button and then click Search.
4. To remove the registry value
Note: Symantec recommends that you back up the registry before making any changes. Incorrectly editing the registry can result in permanent data loss or corrupted files. Modify the subkeys indicated. For instructions, see the document: How to make a backup of the Windows registry.
- Click Start> Run.
- Type regedit
- Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the Registry Editor. Security Response has developed a tool to solve this problem. Download and run this tool, and then continue with the removal.
Locate and delete the following registry entry
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ "Anti-Spyware 3" = "C: \ Program Files \ Security Anti-Spyware 3 \ Anti-Spyware Security 3.exe"
Locate and delete the following registry subkeys
HKEY_CURRENT_USER \ Software \ 38D331181577BDFF1A869898F3DAA70D
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Uninstall \ Security Anti-Spyware 3
Exit the Registry Editor
Note: If the risk creates or modifies registry subkeys or entries under HKEY_CURRENT_USER, it may be created for each user on the compromised computer. To ensure that all registry subkeys or entries are removed or restored, log on using each user account and check for any HKEY_CURRENT_USER items listed above.
Comentarios