I just tested this same FakeAV in Virtual XP.
Protection mode: Locked down
Allowed guarded user-space launches and ran it from the documents folder.
It successfully terminated AppGuard; in fact it's very good at terminating most things.
Unfortunately for Mr Malware, the BrnFileLock driver blocks it from writing its start entry, so upon reboot poor FakeAV is dead.
Even if it didn't block writing the run once start entry, it would not have been able to launch from its user-space directory.
Reply With Quote
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 1 gość