, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
From: MMF [mailto:mmfree...@ameritech.net]
Sent: Tuesday, July 19, 2011 5:48 PM
To: NT System Admin Issues
Subject: Re: Thought on malware cleaning
Don’t hold back (
MMF
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
[image: CISSP_logo]
*From:* MMF [mailto:mmfree...@ameritech.net]
*Sent:* Tuesday, July 19, 2011 5:48 PM
*To:* NT System Admin Issues
*Subject:* Re: Thought on malware cleaning
** **
Don’t hold back
1:12 PM
*To:* NT System Admin Issues
*Subject:* Thought on malware cleaning
Maybe I'm nuts. Maybe I'm sick of dealing with malware. But I have some
very simple questions about things I almost ALWAYS see on infected systems.
Perhaps someone here can clarify something for me that I have yet
On Tue, Jul 19, 2011 at 3:02 PM, Micheal Espinola Jr
michealespin...@gmail.com wrote:
While I agree with your sentiment whole-heartedly, I still wonder why
antimalware software isnt performing the most basic of checks for common
infection breadcrumbs.
Hammer myopia.
(When all you have is
Well that's f'ing helpful. Good luck on educating the planet with a more
logical course of action. Let us know how that works-out for you!
--
Espi
On Tue, Jul 19, 2011 at 12:44 PM, Ben Scott mailvor...@gmail.com wrote:
On Tue, Jul 19, 2011 at 3:02 PM, Micheal Espinola Jr
On that note, I'm going to go on my lunch break now. Here's what I'll do:
I'm going to close my eyes and walk in the direction of my car. Screw
anything I walk into, because logically there should be doors that
automatically open in the direction I need to go. Screw how things
currently exist,
Just be glad that I am not the person to come and help you when you run into
a wall.
I'll just point you into another wall, or worse, a hallway plant of some
sort, and watch you fall down, hoping that the floor will 'give way to your
will' and watch you either fall flat on your face, or go
On Tue, Jul 19, 2011 at 4:01 PM, Micheal Espinola Jr
michealespin...@gmail.com wrote:
While I agree with your sentiment whole-heartedly, I still wonder why
antimalware software isnt performing the most basic of checks for common
infection breadcrumbs.
Hammer myopia.
Well that's f'ing
is an ongoing process, not a one time event ! '
From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
Sent: Tuesday, July 19, 2011 4:16 PM
To: NT System Admin Issues
Subject: Re: Thought on malware cleaning
On that note, I'm going to go on my lunch break now. Here's what I'll do:
I'm
Don’t hold back (
MMF
From: Micheal Espinola Jr
Sent: Tuesday, July 19, 2011 3:15 PM
To: NT System Admin Issues
Subject: Re: Thought on malware cleaning
On that note, I'm going to go on my lunch break now. Here's what I'll do:
I'm going to close my eyes and walk in the direction of my
]
Sent: Wednesday, July 13, 2011 1:12 PM
To: NT System Admin Issues
Subject: Thought on malware cleaning
Maybe I'm nuts. Maybe I'm sick of dealing with malware. But I have some very
simple questions about things I almost ALWAYS see on infected systems. Perhaps
someone here can clarify something
legitimate for vendors to put files there down the track.
Cheers
Ken
From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
Sent: Thursday, 14 July 2011 5:04 AM
To: NT System Admin Issues
Subject: Re: Thought on malware cleaning
I'm all for leaving it open. But it should be checked by AV software
Subject: Re: Thought on malware cleaning
I'm all for leaving it open. But it should be checked by AV software and
related tools. its just common sense. there is almost always infection
there. There and some other common locations should be checked. Any apps
present should be checked
+
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
From: Crawford, Scott [mailto:crawfo...@evangel.edu]
Sent: Wednesday, July 13, 2011 4:41 PM
To: NT System Admin Issues
Subject: RE: Thought on malware cleaning
My point is that it's common simply
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
[image: CISSP_logo]
** **
*From:* Crawford, Scott [mailto:crawfo...@evangel.edu]
*Sent:* Wednesday, July 13, 2011 4:41 PM
*To:* NT System Admin Issues
*Subject:* RE: Thought on malware cleaning
Maybe I'm nuts. Maybe I'm sick of dealing with malware. But I have some
very simple questions about things I almost ALWAYS see on infected systems.
Perhaps someone here can clarify something for me that I have yet to see
Microsoft and any antivirus vender directly address. I'm gonna start this
There's a desktop.ini file in mine but no other ones.
You might be interested in taking a look at the VB script here, which I've
found to be useful:
http://www.silentrunners.org/
There is a list of launch points the script checks, notated with which OS
they are applicable to on the web site.
What I would like to see from the OS is something like a trimmed down
version of UAC *just for the malware load points* !!!
A permission / integrity monitor that prompts and/or logs whever a RUN key
is altered, whenever a scheduled task is created, whenever a link is added
to the STARTUP group,
and as to Maybe I'm nuts. , isn't that a separate issue ??? grin
On Wed, Jul 13, 2011 at 1:12 PM, Micheal Espinola Jr
michealespin...@gmail.com wrote:
Maybe I'm nuts. Maybe I'm sick of dealing with malware. But I have some
very simple questions about things I almost ALWAYS see on infected
That's certainly helpful, thank you. I had forgot about that script. It
may have reusable code.
--
Espi
On Wed, Jul 13, 2011 at 10:53 AM, Jeff Bunting bunting.j...@gmail.comwrote:
There's a desktop.ini file in mine but no other ones.
You might be interested in taking a look at the VB
Exactly. And thats what I'm starting to pull-together. I'm really fed up
with this nonsense.
--
Espi
On Wed, Jul 13, 2011 at 11:08 AM, Erik Goldoff egold...@gmail.com wrote:
What I would like to see from the OS is something like a trimmed down
version of UAC *just for the malware load
To be addressed at a later date, yes. ;-)
--
Espi
On Wed, Jul 13, 2011 at 11:09 AM, Erik Goldoff egold...@gmail.com wrote:
and as to Maybe I'm nuts. , isn't that a separate issue ??? grin
On Wed, Jul 13, 2011 at 1:12 PM, Micheal Espinola Jr
michealespin...@gmail.com wrote:
Maybe
Oh, no - I think you should rewrite it in powershell...
Heh.
Seriously though, this looks like a good project.
On Wed, Jul 13, 2011 at 11:18, Micheal Espinola Jr
michealespin...@gmail.com wrote:
That's certainly helpful, thank you. I had forgot about that script. It
may have reusable code.
What have you been using to remove the malware ? The support team here have
been dealing wit increased occurrences more frequently, even with the
machines being patched and the logged on users having the bare minmum of
permissions. I don't have any whitelisting software or any GPO's that lock
down
Its been a while for me, but I'm re-investigating the ability to lock down
these folders at certain generic levels without interfering with things
too much.
Better still I think (because there will always be miss-configured systems),
I'm working on something to check these things, match to the
What OSes are you seeing this with, btw?
* *
*ASB* *http://about.me/Andrew.S.Baker* *Harnessing the Advantages of
Technology for the SMB market…
*
On Wed, Jul 13, 2011 at 1:12 PM, Micheal Espinola Jr
michealespin...@gmail.com wrote:
Maybe I'm nuts. Maybe I'm sick of dealing with malware.
, 2011 2:28 PM
To: NT System Admin Issues
Subject: Re: Thought on malware cleaning
To be addressed at a later date, yes. ;-)
--
Espi
On Wed, Jul 13, 2011 at 11:09 AM, Erik Goldoff egold...@gmail.com
wrote:
and as to Maybe I'm nuts. , isn't that a separate issue ??? grin
On Wed, Jul
System Admin Issues
*Subject:* Re: Thought on malware cleaning
** **
To be addressed at a later date, yes. ;-)
--
Espi
** **
** **
On Wed, Jul 13, 2011 at 11:09 AM, Erik Goldoff egold...@gmail.com wrote:
and as to Maybe I'm nuts. , isn't that a separate issue
Mostly XP (with new extended life-cycle!), but Vista and 7 as well.
--
Espi
On Wed, Jul 13, 2011 at 11:48 AM, Andrew S. Baker asbz...@gmail.com wrote:
What OSes are you seeing this with, btw?
* *
*ASB* *http://about.me/Andrew.S.Baker* *Harnessing the Advantages of
Technology for the
Espinola Jr [mailto:michealespin...@gmail.com]
Sent: Wednesday, July 13, 2011 2:25 PM
To: NT System Admin Issues
Subject: Re: Thought on malware cleaning
Very true, but there some very basic things that can be checked and have some
very basic logic applied to take action on. Why this isnt addressed
:* Micheal Espinola Jr [mailto:michealespin...@gmail.com]
*Sent:* Wednesday, July 13, 2011 2:25 PM
*To:* NT System Admin Issues
*Subject:* Re: Thought on malware cleaning
** **
Very true, but there some very basic things that can be checked and have
some very basic logic applied to take
On 13 Jul 2011 at 14:08, Erik Goldoff wrote:
What I would like to see from the OS is something like a trimmed down
version of UAC *just for the malware load points* !!! A permission /
integrity monitor that prompts and/or logs whever a RUN key is
altered, whenever a scheduled task is created,
Those malwares doesn't bother me, people bring me personal machines, which I
get to fix and make money on the side to fund my hobbies. :-)
James
On Wed, Jul 13, 2011 at 4:12 PM, Angus Scott-Fleming angu...@geoapps.comwrote:
On 13 Jul 2011 at 14:08, Erik Goldoff wrote:
What I would like to
, July 13, 2011 2:52 PM
To: NT System Admin Issues
Subject: Re: Thought on malware cleaning
Thats not my solution. my solution is to check these types of folders and
match against the registry.
Its a very common occurance in my experience, and would add lots of value when
they are found.
--
Espi
2:52 PM
*To:* NT System Admin Issues
*Subject:* Re: Thought on malware cleaning
** **
Thats not my solution. my solution is to check these types of folders and
match against the registry.
Its a very common occurance in my experience, and would add lots of value
when they are found
: Thought on malware cleaning
While I agree with whitelisting, and I believe its a reasonable solution at
this point. The original intent of this post and what I am proposing dont
involve whitelisting.
--
Espi
On Wed, Jul 13, 2011 at 1:40 PM, Crawford, Scott
crawfo
, 2011 3:50 PM
*To:* NT System Admin Issues
*Subject:* Re: Thought on malware cleaning
** **
While I agree with whitelisting, and I believe its a reasonable solution at
this point. The original intent of this post and what I am proposing dont
involve whitelisting.
--
Espi
Jul 2011 14:04:17
To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com
Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
Subject: Re: Thought on malware cleaning
I'm all for leaving it open. But it should be checked by AV software and
related tools. its just
: NT System Admin
Issues ntsysadmin@lyris.sunbelt-software.com
Subject: Re: Thought on malware cleaning
I'm all for leaving it open. But it should be checked by AV software and
related tools. its just common sense. there is almost always infection
there. There and some other common
Admin Issues
ntsysadmin@lyris.sunbelt-software.com
Subject: Re: Thought on malware cleaning
I'm all for leaving it open. But it should be checked by AV software and
related tools. its just common sense. there is almost always infection
there. There and some other common locations should
40 matches
Mail list logo