Ansgar -59cobalt- Wiechers
Re: Windows Fake AV Programs - How to prevent installation?
LightBulb <firstname.lastname@example.org> wrote:
> I am posting here to get knowledgeable feedback. I have had a few
> friends hit by this the latest being ThinkPoint AV. I am Mac User so
> bear with me. Do this fake AV programs that appear to be web browser
> pop-ups triggered from compromised websites require the the naive
> Windwos computer user to have 'local admin' rights? TIA
Judging from what a quick search turned up, this particular malware
installs itself into the user's profile. So, no, admin privileges are
You can easily get rid of it, though, by killing the respective
processes and renaming the user's profile directory as an admin user.
Next time the user logs in a new profile is created. Afterwards you can
selectively migrate files and settings from the old profile to the new
profile. Make sure to copy files instead of moving them to avoid keeping
old permissions and ownership.
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."