uac.exe

i have one of my managers laptop where os is windows vista business edition  and suddenly uac.exe is attacked.

how to remove it successfully

i had already updated mcafee antivirus which is installed on it

please help
LVL 1
kurajeshSenior Systems AnalystAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ozzeczekCommented:
Russell_VenableCommented:
This question is too vague. Can you clarify your question? Are you asking how to remove UAC and What do you mean by UAC is attacked?? UAC on windows vista and forward is a security service that controls elevation.
kurajeshSenior Systems AnalystAuthor Commented:
a popup came uae.exe found and it started scanning the hard disk.

suddenly system restarted by itself. later i have installed superantisypware and removed the threats.
now after rebooting the system it got stuck.

is there any other way to scan it in detail to find out the if any malware/spyware is there.

the system is already updated with mcafee latest sec updates and scanned the system with mcafee but no detection found.
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

Russell_VenableCommented:
Interesting, do you have the logfile for superantispyware?
kurajeshSenior Systems AnalystAuthor Commented:
unfortunately no log files
Russell_VenableCommented:
I take it you also don't remember the site was visited right before this site infected the laptop? Also are the symptoms still the same or are you noticing other odd things like you cannot run tools like combofix or they stall halfway through? Also what version of vista is this. x86 or x64?
kurajeshSenior Systems AnalystAuthor Commented:
exactly, i did agree to your comment. it is running x86 vista.

in fact i was wondering even though the system is protected with mcafee it got affected. of course our corporate mcafee license is purely antivirus and not any spyware/malware removal bundled with mcafee. but how we can trace what exactly caused the issue and the steps to take care.
Russell_VenableCommented:
Yes, this will happen regardless. Higher levels of heuristics on the antivirus engine catch more instances of malware, but also restrict software and can be a burden to the user.  

our corporate mcafee license is purely antivirus and not any spyware/malware removal bundled with mcafee
Well, look at this way. Most antivirus company's detect on characteristics of how the application runs and known history patterns. When it comes to deeper levels of malware it counteracts this protection and stealth's itself.

how we can trace what exactly caused the issue and the steps to take care.
When a user is attacked by a drive-by exploit site it usually will A) Redirect you to a new site and serve malware that best fits your machines from what it can gather. Given the information is provided by the browser. B) Entice you to download software that might be of interest to the user viewing it. Mostly garbage toolbar's, fake movie/music sites, porn, illegal download sites.

The specific symptoms you say you are experiencing on this computer remind me of a few types of malware. One is website based "Neosploit kit", This one gives you a pop-up like ad that acts like it is scanning your system and asks you to install a plugin that claims to be antivirus and the other is the fake "Antivirus <Year of developement here>" series that automatically downloads by a visiting a site that hosts a drive-by exploit kit using exploits.

Usually this kind downloads a rootkit designed to stealth itself and the presence of other malicious software it downloads after its installed.

The disinfection process is pretty indepth.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kurajeshSenior Systems AnalystAuthor Commented:
hi  Russell_Venable,

well explained and good understanding.
it means none of the solutions give cent percent protection. the only solution is to instruct users not to execute any exe files, run any plugins etc..
i think i can close the SR with your suggestion as the best one.
Russell_VenableCommented:
Nope, sure don't. It's more of a preventative measure for the known. It's still a lot better then having nothing at all. Most of the infections out there are from user activity. Best practice is making sure your personnel know what you expect of them and how there activity can cause damage. Different levels of course depending on what kind of company, etc.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.