I'm having a problem that is starting to be more and more frequent; namely a lot of my users are getting infected with the Antivirus 2009 or Spyware 2009 families of spyware. I have checked that the spyware definitions for these are set to autofix, real-time spyware is enabled on my clients. I'm running 8.8 sp2. I haven't had a problem with spyware since we started using LANDesk 8.6 a few years ago; but lately more calls are coming in. I'm just not sure if I'm doing something wrong or what.
Even if I run a Security scan manually once the infection is present it doesn't get rid of it or report that it's even there. I have to use a free scanner like Spybot or malwarebytes to ultimately get rid of it. Seems to me an entereprise level software should get rid of anything a free program can.
My company is experiencing the same thing, where the phony antivirus malware is infecting workstations. Did you have any luck with this post? We're running 8.8 Sp3 with the latest updates for malware.
Unfortunately not. At first I thought the clients getting infected didn't have updated spyware definition files as I've had to stop doing scheduled spyware scans (so I'm relying on the real-time). But I've had a few brand new deployments that I know have updated everything that still get it. I've tried deleting all the .aawdef files and re-downloading all the spyware content, but still no luck. I never called support, I just don't have the time. It comes in waves: some weeks we get 5-6 calls and others 0 calls.
Sorry I can't be of much help...
Thanks John, we've tried some of the same things you listed and we get a few calls here and there and are just accepting that not every malware scanner will protect against everything and have needed to download other malware applications to try and clean them.
Yeah same here, although it does baffle me that a free program like Malwarebytes can remove something that an enterprise-grade program can't, and not only does it not prevent the infection, if you run a spyware scan it says it's clean...
If there is some content that we are not detecting then we need to let our content team know so we can get it resolved.
Please follow the steps in this article to upload the infected file to us.
Once our conent team looks at it, they will resolve it and post new spyware definitions.
Thanks for the info, I was not aware of that document. However, the infection is the pretty popular WinAntivirus varient, which is listed in my spyware defs, so it seems to me like it should already be protected against it. I understand that these things morph to avoid detection but if you search the web it seems like everyone is getting hit with this so I would think LANDesk should be well aware of this variant.