Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 716
  • Last Modified:

uac.exe

i have one of my managers laptop where os is windows vista business edition  and suddenly uac.exe is attacked.

how to remove it successfully

i had already updated mcafee antivirus which is installed on it

please help
0
kurajesh
Asked:
kurajesh
  • 5
  • 4
1 Solution
 
ozzeczekCommented:
0
 
Russell_VenableCommented:
This question is too vague. Can you clarify your question? Are you asking how to remove UAC and What do you mean by UAC is attacked?? UAC on windows vista and forward is a security service that controls elevation.
0
 
kurajeshSenior Systems AnalystAuthor Commented:
a popup came uae.exe found and it started scanning the hard disk.

suddenly system restarted by itself. later i have installed superantisypware and removed the threats.
now after rebooting the system it got stuck.

is there any other way to scan it in detail to find out the if any malware/spyware is there.

the system is already updated with mcafee latest sec updates and scanned the system with mcafee but no detection found.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Russell_VenableCommented:
Interesting, do you have the logfile for superantispyware?
0
 
kurajeshSenior Systems AnalystAuthor Commented:
unfortunately no log files
0
 
Russell_VenableCommented:
I take it you also don't remember the site was visited right before this site infected the laptop? Also are the symptoms still the same or are you noticing other odd things like you cannot run tools like combofix or they stall halfway through? Also what version of vista is this. x86 or x64?
0
 
kurajeshSenior Systems AnalystAuthor Commented:
exactly, i did agree to your comment. it is running x86 vista.

in fact i was wondering even though the system is protected with mcafee it got affected. of course our corporate mcafee license is purely antivirus and not any spyware/malware removal bundled with mcafee. but how we can trace what exactly caused the issue and the steps to take care.
0
 
Russell_VenableCommented:
Yes, this will happen regardless. Higher levels of heuristics on the antivirus engine catch more instances of malware, but also restrict software and can be a burden to the user.  

our corporate mcafee license is purely antivirus and not any spyware/malware removal bundled with mcafee
Well, look at this way. Most antivirus company's detect on characteristics of how the application runs and known history patterns. When it comes to deeper levels of malware it counteracts this protection and stealth's itself.

how we can trace what exactly caused the issue and the steps to take care.
When a user is attacked by a drive-by exploit site it usually will A) Redirect you to a new site and serve malware that best fits your machines from what it can gather. Given the information is provided by the browser. B) Entice you to download software that might be of interest to the user viewing it. Mostly garbage toolbar's, fake movie/music sites, porn, illegal download sites.

The specific symptoms you say you are experiencing on this computer remind me of a few types of malware. One is website based "Neosploit kit", This one gives you a pop-up like ad that acts like it is scanning your system and asks you to install a plugin that claims to be antivirus and the other is the fake "Antivirus <Year of developement here>" series that automatically downloads by a visiting a site that hosts a drive-by exploit kit using exploits.

Usually this kind downloads a rootkit designed to stealth itself and the presence of other malicious software it downloads after its installed.

The disinfection process is pretty indepth.
0
 
kurajeshSenior Systems AnalystAuthor Commented:
hi  Russell_Venable,

well explained and good understanding.
it means none of the solutions give cent percent protection. the only solution is to instruct users not to execute any exe files, run any plugins etc..
i think i can close the SR with your suggestion as the best one.
0
 
Russell_VenableCommented:
Nope, sure don't. It's more of a preventative measure for the known. It's still a lot better then having nothing at all. Most of the infections out there are from user activity. Best practice is making sure your personnel know what you expect of them and how there activity can cause damage. Different levels of course depending on what kind of company, etc.
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now