Getting a hit on RE: daily report
It is attached with a .zip.
Anyone else seeing this?
This e-mail and any files transmitted with it are property of Indiana Members
Credit Union, are confidential, and are intended solely for the use of the
individual or entity to whom this e-mail is addressed.
It's very widespread at 2 of my large clients.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of David McSpadden
Sent: Thursday, October 23, 2014 11:26 AM
To: 'ntsysadm@lists.myitforum.com'; Patch Management Mailing List
I have submitted to TrendMicro and Cisco Ironport.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Michael B. Smith
Sent: Thursday, October 23, 2014 12:13 PM
To: ntsysadm@lists.myitforum.com; Patch Management Mailing List
Does it have a name yet?
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Michael B. Smith
Sent: Thursday, October 23, 2014 12:13 PM
To: ntsysadm@lists.myitforum.com; Patch Management Mailing List
(patchmanagem...@listserv.patchmanagement.org)
Subject:
More importantly does it have a logo yet?
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of David McSpadden
Sent: Thursday, October 23, 2014 12:51 PM
To: 'ntsysadm@lists.myitforum.com'
Subject: [NTSysADM] RE: Email virus
Does it have a name yet?
From:
Bash the Shellshocked Poodle??
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Kennedy, Jim
Sent: Thursday, October 23, 2014 12:56 PM
To: 'ntsysadm@lists.myitforum.com'
Subject: [NTSysADM] RE: Email virus
More importantly does it have a logo yet?
That's the band I was in back in high school.
On Thu, Oct 23, 2014 at 1:01 PM, David McSpadden dav...@imcu.com wrote:
Bash the Shellshocked Poodle??
*From:* listsad...@lists.myitforum.com [mailto:
listsad...@lists.myitforum.com] *On Behalf Of *Kennedy, Jim
*Sent:* Thursday, October 23,
Killing me.
And I am sure it is
Troj.W32.Gen
Freaking 0day oddities.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Richard Stovall
Sent: Thursday, October 23, 2014 1:26 PM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] RE: Email virus
That's
Out of curiosity, what are we talking about here? Is there mail with the
subject line RE: daily report and an attachment?
--
richard
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of David McSpadden
Sent: Thursday, October 23, 2014 11:51 AM
To:
We have some hyper-v server images that if possible we would like to not
rebuild. However the original machine they were installed on is no longer
available. So we have 1 vhdx and 8 avhdx. The vhdx is the virtual disk and the
avhdx are check points if I remember correctly. The process I used to
Without having a backup of the original machine configuration, you may be stuck
with either discarding those snapshots, or attempting to merge the entire chain
into one new file, losing your checkpoints. Make backups of the files first,
if you haven't already.
I've merged avhdx's into the master vhdx (only had three avhdx's though)
and it's doable, if tedious. You end up with a workable .VHDX and a system
at the latest status point but no snapshots.
And yes, always work from copies even if it adds significant time.
Dave
Without having a backup of
We had the misfortune of our old provider porting some of our lines back to
themselves from ATT. Which ATT should have blocked from happening.
Have just spent nearly a week getting ATT to provide the paperwork needed to
port the numbers back. Now being told once the work is assigned it will take
I've found that going to their Facebook page, or copying them on a tweet
complaining about the issue, does add a little fire to the mix.
https://www.facebook.com/ATT
Finally, some real value from Social Media
*ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker
*Providing
Just PDFs? Or are other docs affected?
From: Kurt Buff
Sent: Thursday, October 23, 2014 7:27 PM
To: ntsysadm@lists.myitforum.com
All,
A user in our AU office on a Win7 machine is complaining about
inability to open PDFs from our US file server. The error he gets is:
Is there a difference in behavior between UNC and mapped connections? Is
Sandbox Protection enabled?
--
Espi
On Thu, Oct 23, 2014 at 4:27 PM, Kurt Buff kurt.b...@gmail.com wrote:
All,
A user in our AU office on a Win7 machine is complaining about
inability to open PDFs from our US file
I'll get you a copy shortly.
Sent from my iPhone
On Oct 23, 2014, at 7:00 PM, Micheal Espinola Jr
michealespin...@gmail.commailto:michealespin...@gmail.com wrote:
I'd be interested in a link to an upload to https://www.virustotal.com/. I'd
love to see who is catching this and who is not.
--
In a few I will send it
Sent from my iPhone
On Oct 23, 2014, at 6:42 PM, Ed Ziots
eziot...@gmail.commailto:eziot...@gmail.com wrote:
Care to send a sample so I can look from a malware analysis prespective.
Ed
On Oct 23, 2014 12:14 PM, Michael B. Smith
Just PDFs, Word and Excel files apparently open OK.
Kurt
On Thu, Oct 23, 2014 at 4:34 PM, rodtr...@myitforum.com wrote:
Just PDFs? Or are other docs affected?
From: Kurt Buff
Sent: Thursday, October 23, 2014 7:27 PM
To: ntsysadm@lists.myitforum.com
All,
A user in our AU
Much appreciated!
--
Espi
On Thu, Oct 23, 2014 at 4:59 PM, David McSpadden dav...@imcu.com wrote:
I'll get you a copy shortly.
Sent from my iPhone
On Oct 23, 2014, at 7:00 PM, Micheal Espinola Jr
michealespin...@gmail.com wrote:
I'd be interested in a link to an upload to
Sandbox protection turned off, per my original email.
Mapped vs. UNC makes no difference.
Kurt
On Thu, Oct 23, 2014 at 4:55 PM, Micheal Espinola Jr
michealespin...@gmail.com wrote:
Is there a difference in behavior between UNC and mapped connections? Is
Sandbox Protection enabled?
--
Espi
H.
I'm pretty familiar with our security settings, and AFAIK we don't
have anything client-side that restricts that. Again, this is a change
in behavior over this past weekend, when we flipped from a bare Win2k3
server to a 2012R2 server.
Or perhaps this is something on the server side?
Based on what you just said I would look for someone fooling around in AD if I
was you.
Jon
Date: Thu, 23 Oct 2014 17:34:55 -0700
Subject: Re: [NTSysADM] Adobe Reader can't open PDFs over the WAN
From: kurt.b...@gmail.com
To: ntsysadm@lists.myitforum.com
H.
I'm pretty
Sorry guys, by the time I got back into work Trend has updated and I can not
touch the file without it being scanned and quarantined.
Virus/Malware: TROJ_UPATRE.UMO
Endpoint: W7250813242H51
Domain: Imcu.local\
File: C:\Users\davidm\AppData\Local\Microsoft\Windows\Temporary Internet
24 matches
Mail list logo
