Deleting unwanted programs like Snood.exe from users PCs and Servers with Antivirus Software

Discussion in 'Anti-Virus' started by WillE, Feb 13, 2004.

  1. WillE

    WillE Guest

    I maintain ~1500 PCs in 13 different schools. I am having a problem
    with students downloading fluffware like snood and pocket tanks and
    trying to hide them several folders deep all over the server's shares.
    I know I could set up a scan for the files nightly but it seems like
    a waste of resources. Besides, a scan like that would slow down my
    backups that run nightly. Presently my servers are running AVAST
    antivirus and my workstations are running AntiVir. Both servers and
    workstations are scanning executables when read and created. It seems
    that if I could add a custom list of unwanted programs to these AV
    programs I could get rid of these things without any additional
    overhead. Instead of having to scan and hunt these programs the very
    user accessing them would point them out to the AV software. Anybody
    done this before? Anybody got any ideas how to start? Antir has a
    place to select unwanted programs by category but I would like to
    specify them by name. Anybody done this before? Anybody got any ideas
    how to start? I will gladly post a workable solution if one is found.
    WillE, Feb 13, 2004
    1. Advertisements

  2. WillE

    null Guest

    Have you considered firewall blocking/blacklisting incoming on the
    basis of source IP numbers? And/or the use of hosts files? If that
    kind of approach seems a possibility to you I can steer you to
    information that will help you.

    null, Feb 13, 2004
    1. Advertisements

  3. Evil idea: instead of just deleting the unwanted programs, try replacing
    them with something harmless but embarrassing such as a program to launch
    a sound file, fart.wav (you'll have to find such a program or wav file on
    your own) or a harmless file that just pops up a window reading "Sorry! I
    don't do Windows."

    For the latter, read the notes at:
    and extract iddwm.exe from:
    (which, as documented, also prevents Minesweeper from starting).

    I'm not sure because I haven't tried it but a resource editor might allow
    you to change the icon used to that of the original file you replaced.

    If enough students find themselves extremely embarrassed when running
    something they might stop running them.
    Norman L. DeForest, Feb 15, 2004
  4. WillE

    WillE Guest

    Thanks for all the suggestions. I was hoping that there already was
    an AV with a blacklist feature. I guess I'll have to wait. Thanks
    WillE, Feb 17, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.