Viruses removing Anti Virus Software by itself!!

[magicka]

Following recent minor virus infection at one site Netshield has been removed from all workstations in one domain. If I try to reinstall from Management Console on the server the sent products do not appear under each workstation in the explorer. If I try to update to version 4.5 on the w/stations themselves I get cant read from registry (even if I am logged on as administrator). if I try to run SDAT I get unable to find qualifying products. What is going on?

Thanks

Chris G

 

[JimInKS]

I don't know what "Minor" means but both Klez and Bugbear (The current top two viruses) are supposed to be able to disable anti-virus software. Are the workstations clean?

If you know what the infection was, then I would check one of the problematic workstations for signs of the virus. Symantec's web site will have a good description of what to look for on an infected machine.

You could also try a local install on the workstation so you can do a full scan to verify it is clean.

I could be that the virus hosed up the AV software so that it is in some sort of limbo state that the Management Console cannot deal with.

 

[AVChap]

If its Klez or BugBear (pretty sure it's either one), use this program to check the machine out first and clean the bugger:

http://download.nai.com/products/mcafee-avert/stingersetup.exe

This will remove Klez and Bugbear in memory and clean the machine. Then you can re-install the AV from ME.

HTH, AVChap
... take my advice, I don't use it anyway!