So yesterday I was sitting at my desk and I got an email from one of our Vipre Enterprise Antivirus Agents….
Machine: PC (10.30.11.29)
Scan Date: 11/13/2012 2:17 PM
Software Version: 5.0.4464 (we’re in the process of upgrading to version 6.1.22 which has current anti-rootkit tech)
ThreatDB Version: 13968
Threat: Trojan.Win32.Sirefef.pq (v)
Severity: Moderate Risk (since when are rootkits moderate risks?!?!)
Action: Quarantined (not true…those rootkits are still very much there)
So essentially what this email means is that the Vipre agent let a rootkit come through at some point, is now able to detect it, but cannot not remove it.
So, what to do now…I know!!! I’ll test that new Malwarebytes Anti-Rootkit (MBAR) and then post to results to my blog…and here we are.
Ok, let’s extract the mbar.zip. Here’s what we have. Let’s double click on MBAR.
Once MBAR has been opened we’ll update the database
Once the database has been updated we’ll do a scan
MBAR finds 18 infections and removes them.
A subsequent scan via MBAR tells us that everything is clean
For a second opinion, we’ll turn to the proven Hitman Pro. Looks all clean!