Solved

uac.exe

Posted on 2012-04-05
10
703 Views
Last Modified: 2013-11-22
i have one of my managers laptop where os is windows vista business edition  and suddenly uac.exe is attacked.

how to remove it successfully

i had already updated mcafee antivirus which is installed on it

please help
0
Comment
Question by:kurajesh
  • 5
  • 4
10 Comments
 
LVL 8

Expert Comment

by:ozzeczek
ID: 37811218
0
 
LVL 15

Expert Comment

by:Russell_Venable
ID: 37817233
This question is too vague. Can you clarify your question? Are you asking how to remove UAC and What do you mean by UAC is attacked?? UAC on windows vista and forward is a security service that controls elevation.
0
 
LVL 1

Author Comment

by:kurajesh
ID: 37819008
a popup came uae.exe found and it started scanning the hard disk.

suddenly system restarted by itself. later i have installed superantisypware and removed the threats.
now after rebooting the system it got stuck.

is there any other way to scan it in detail to find out the if any malware/spyware is there.

the system is already updated with mcafee latest sec updates and scanned the system with mcafee but no detection found.
0
 
LVL 15

Expert Comment

by:Russell_Venable
ID: 37819414
Interesting, do you have the logfile for superantispyware?
0
 
LVL 1

Author Comment

by:kurajesh
ID: 37820713
unfortunately no log files
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 15

Expert Comment

by:Russell_Venable
ID: 37820988
I take it you also don't remember the site was visited right before this site infected the laptop? Also are the symptoms still the same or are you noticing other odd things like you cannot run tools like combofix or they stall halfway through? Also what version of vista is this. x86 or x64?
0
 
LVL 1

Author Comment

by:kurajesh
ID: 37821028
exactly, i did agree to your comment. it is running x86 vista.

in fact i was wondering even though the system is protected with mcafee it got affected. of course our corporate mcafee license is purely antivirus and not any spyware/malware removal bundled with mcafee. but how we can trace what exactly caused the issue and the steps to take care.
0
 
LVL 15

Accepted Solution

by:
Russell_Venable earned 500 total points
ID: 37822242
Yes, this will happen regardless. Higher levels of heuristics on the antivirus engine catch more instances of malware, but also restrict software and can be a burden to the user.  

our corporate mcafee license is purely antivirus and not any spyware/malware removal bundled with mcafee
Well, look at this way. Most antivirus company's detect on characteristics of how the application runs and known history patterns. When it comes to deeper levels of malware it counteracts this protection and stealth's itself.

how we can trace what exactly caused the issue and the steps to take care.
When a user is attacked by a drive-by exploit site it usually will A) Redirect you to a new site and serve malware that best fits your machines from what it can gather. Given the information is provided by the browser. B) Entice you to download software that might be of interest to the user viewing it. Mostly garbage toolbar's, fake movie/music sites, porn, illegal download sites.

The specific symptoms you say you are experiencing on this computer remind me of a few types of malware. One is website based "Neosploit kit", This one gives you a pop-up like ad that acts like it is scanning your system and asks you to install a plugin that claims to be antivirus and the other is the fake "Antivirus <Year of developement here>" series that automatically downloads by a visiting a site that hosts a drive-by exploit kit using exploits.

Usually this kind downloads a rootkit designed to stealth itself and the presence of other malicious software it downloads after its installed.

The disinfection process is pretty indepth.
0
 
LVL 1

Author Comment

by:kurajesh
ID: 37822395
hi  Russell_Venable,

well explained and good understanding.
it means none of the solutions give cent percent protection. the only solution is to instruct users not to execute any exe files, run any plugins etc..
i think i can close the SR with your suggestion as the best one.
0
 
LVL 15

Expert Comment

by:Russell_Venable
ID: 37822845
Nope, sure don't. It's more of a preventative measure for the known. It's still a lot better then having nothing at all. Most of the infections out there are from user activity. Best practice is making sure your personnel know what you expect of them and how there activity can cause damage. Different levels of course depending on what kind of company, etc.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now