Solved

uac.exe

Posted on 2012-04-05
10
711 Views
Last Modified: 2013-11-22
i have one of my managers laptop where os is windows vista business edition  and suddenly uac.exe is attacked.

how to remove it successfully

i had already updated mcafee antivirus which is installed on it

please help
0
Comment
Question by:kurajesh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 8

Expert Comment

by:ozzeczek
ID: 37811218
0
 
LVL 15

Expert Comment

by:Russell_Venable
ID: 37817233
This question is too vague. Can you clarify your question? Are you asking how to remove UAC and What do you mean by UAC is attacked?? UAC on windows vista and forward is a security service that controls elevation.
0
 
LVL 1

Author Comment

by:kurajesh
ID: 37819008
a popup came uae.exe found and it started scanning the hard disk.

suddenly system restarted by itself. later i have installed superantisypware and removed the threats.
now after rebooting the system it got stuck.

is there any other way to scan it in detail to find out the if any malware/spyware is there.

the system is already updated with mcafee latest sec updates and scanned the system with mcafee but no detection found.
0
Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

 
LVL 15

Expert Comment

by:Russell_Venable
ID: 37819414
Interesting, do you have the logfile for superantispyware?
0
 
LVL 1

Author Comment

by:kurajesh
ID: 37820713
unfortunately no log files
0
 
LVL 15

Expert Comment

by:Russell_Venable
ID: 37820988
I take it you also don't remember the site was visited right before this site infected the laptop? Also are the symptoms still the same or are you noticing other odd things like you cannot run tools like combofix or they stall halfway through? Also what version of vista is this. x86 or x64?
0
 
LVL 1

Author Comment

by:kurajesh
ID: 37821028
exactly, i did agree to your comment. it is running x86 vista.

in fact i was wondering even though the system is protected with mcafee it got affected. of course our corporate mcafee license is purely antivirus and not any spyware/malware removal bundled with mcafee. but how we can trace what exactly caused the issue and the steps to take care.
0
 
LVL 15

Accepted Solution

by:
Russell_Venable earned 500 total points
ID: 37822242
Yes, this will happen regardless. Higher levels of heuristics on the antivirus engine catch more instances of malware, but also restrict software and can be a burden to the user.  

our corporate mcafee license is purely antivirus and not any spyware/malware removal bundled with mcafee
Well, look at this way. Most antivirus company's detect on characteristics of how the application runs and known history patterns. When it comes to deeper levels of malware it counteracts this protection and stealth's itself.

how we can trace what exactly caused the issue and the steps to take care.
When a user is attacked by a drive-by exploit site it usually will A) Redirect you to a new site and serve malware that best fits your machines from what it can gather. Given the information is provided by the browser. B) Entice you to download software that might be of interest to the user viewing it. Mostly garbage toolbar's, fake movie/music sites, porn, illegal download sites.

The specific symptoms you say you are experiencing on this computer remind me of a few types of malware. One is website based "Neosploit kit", This one gives you a pop-up like ad that acts like it is scanning your system and asks you to install a plugin that claims to be antivirus and the other is the fake "Antivirus <Year of developement here>" series that automatically downloads by a visiting a site that hosts a drive-by exploit kit using exploits.

Usually this kind downloads a rootkit designed to stealth itself and the presence of other malicious software it downloads after its installed.

The disinfection process is pretty indepth.
0
 
LVL 1

Author Comment

by:kurajesh
ID: 37822395
hi  Russell_Venable,

well explained and good understanding.
it means none of the solutions give cent percent protection. the only solution is to instruct users not to execute any exe files, run any plugins etc..
i think i can close the SR with your suggestion as the best one.
0
 
LVL 15

Expert Comment

by:Russell_Venable
ID: 37822845
Nope, sure don't. It's more of a preventative measure for the known. It's still a lot better then having nothing at all. Most of the infections out there are from user activity. Best practice is making sure your personnel know what you expect of them and how there activity can cause damage. Different levels of course depending on what kind of company, etc.
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Av for Windows mobile 3 169
Roguekiller has no option of deleting 19 190
EmsisoftAntiMalware is it trusted reliable 4 68
Advice on using wifi connection in Hotel with our iPhone 18 129
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question