: Roger Wright [mailto:rhw...@gmail.com]
Sent: Thursday, October 06, 2011 3:56 PM
To: NT System Admin Issues
Subject: Re: Torpig/Anserin/Mebroot infection
Yeah... give the one from Microsoft a try:
http://connect.microsoft.com/systemsweeper
Roger Wright
___
My short term goal is to make
...@gmail.com]
Sent: Thursday, October 06, 2011 3:56 PM
To: NT System Admin Issues
Subject: Re: Torpig/Anserin/Mebroot infection
Yeah... give the one from Microsoft a try:
http://connect.microsoft.com/systemsweeper
Roger Wright
___
My short term goal is to make it through the day.
My long term
3:56 PM
To: NT System Admin Issues
Subject: Re: Torpig/Anserin/Mebroot infection
Yeah... give the one from Microsoft a try:
http://connect.microsoft.com/systemsweeper
Roger Wright
___
My short term goal is to make it through the day.
My long term goal is to string a bunch of short term
Issues
Subject: Re: Torpig/Anserin/Mebroot infection
Yeah... give the one from Microsoft a try:
http://connect.microsoft.com/systemsweeper
Roger Wright
___
My short term goal is to make it through the day.
My long term goal is to string a bunch of short term goals together.
On Thu, Oct 6
...@gmail.com]
Sent: Friday, October 07, 2011 10:25 AM
To: NT System Admin Issues
Subject: Re: Torpig/Anserin/Mebroot infection
Did it successfully install the software and NOT allow you to update the
definition files?
This is a good sign of an infected computer.
On Thu, Oct 6, 2011 at 6:31 PM
...@gmail.com]
Sent: Thursday, October 06, 2011 3:56 PM
To: NT System Admin Issues
Subject: Re: Torpig/Anserin/Mebroot infection
Yeah... give the one from Microsoft a try:
http://connect.microsoft.com/systemsweeper
Roger Wright
___
My short term goal is to make it through the day.
My long term goal
:* Friday, October 07, 2011 11:12 AM
*To:* NT System Admin Issues
*Subject:* Re: Torpig/Anserin/Mebroot infection
** **
Try to boot normally and update Malwarebytes now.
On Fri, Oct 7, 2011 at 11:02 AM, John Aldrich
jaldr...@blueridgecarpet.com wrote:
Well, I was using
9:42 AM
To: NT System Admin Issues
Subject: Re: Torpig/Anserin/Mebroot infection
bad disc clamp in CD ROM drive, preventing proper rotational speed to read
the disk ???
(guessing the machines that won't read are NOT brand new)
On Fri, Oct 7, 2011 at 9:13 AM, Roger Wright rhw...@gmail.com wrote
Working on *installing* it on one of those computers.
John-AldrichThread-Count
From: Cynicalgeek [mailto:cynicalg...@gmail.com]
Sent: Friday, October 07, 2011 11:23 AM
To: NT System Admin Issues
Subject: Re: Torpig/Anserin/Mebroot infection
Yes.
On Fri, Oct 7, 2011 at 11:21 AM, John
System Admin Issues
Subject: Re: Torpig/Anserin/Mebroot infection
Try to boot normally and update Malwarebytes now.
On Fri, Oct 7, 2011 at 11:02 AM, John Aldrich jaldr...@blueridgecarpet.com
wrote:
Well, I was using the bootable CD, so any infection on the computer should
not affect
]
** **
*From:* Cynicalgeek [mailto:cynicalg...@gmail.com]
*Sent:* Friday, October 07, 2011 11:23 AM
*To:* NT System Admin Issues
*Subject:* Re: Torpig/Anserin/Mebroot infection
** **
Yes.
On Fri, Oct 7, 2011 at 11:21 AM, John Aldrich
jaldr...@blueridgecarpet.com wrote
John, do you do any sort of DNS or URL filtering at your firewall to
control/restrict outbound traffic?
From: John Aldrich [jaldr...@blueridgecarpet.com]
Sent: 07 October 2011 4:02 PM
To: NT System Admin Issues
Subject: RE: Torpig/Anserin/Mebroot infection
Well
System Admin Issues
Subject: RE: Torpig/Anserin/Mebroot infection
John, do you do any sort of DNS or URL filtering at your firewall to
control/restrict outbound traffic?
_
From: John Aldrich [jaldr...@blueridgecarpet.com]
Sent: 07 October 2011 4:02 PM
To: NT System Admin Issues
Subject
From: John Aldrich [jaldr...@blueridgecarpet.com]
Sent: 07 October 2011 5:42 PM
To: NT System Admin Issues
Subject: RE: Torpig/Anserin/Mebroot infection
Not really. I don’t do much with the firewall as I don’t know much about Cisco.
I rely on an outside consultant
John,
How'd you make out with this issue? Determine the source yet?
Roger Wright
___
My short term goal is to make it through the day.
My long term goal is to string a bunch of short term goals together.
On Mon, Oct 3, 2011 at 1:22 PM, John Aldrich
jaldr...@blueridgecarpet.comwrote:
it could
be a false-positive. Don't know.
From: Roger Wright [mailto:rhw...@gmail.com]
Sent: Thursday, October 06, 2011 12:03 PM
To: NT System Admin Issues
Subject: Re: Torpig/Anserin/Mebroot infection
John,
How'd you make out with this issue? Determine the source yet?
Roger Wright
___
My short
: Re: Torpig/Anserin/Mebroot infection
John,
How'd you make out with this issue? Determine the source yet?
Roger Wright
___
My short term goal is to make it through the day.
My long term goal is to string a bunch of short term goals together.
On Mon, Oct 3, 2011 at 1:22 PM, John Aldrich
was
detected (about a dozen or two.) Do y'all know of any good free/trialware
that one can download a bootable ISO for to scan for this bug?
From: Cynicalgeek [mailto:cynicalg...@gmail.com]
Sent: Thursday, October 06, 2011 3:16 PM
To: NT System Admin Issues
Subject: Re: Torpig/Anserin/Mebroot
To: NT System Admin Issues
Subject: Re: Torpig/Anserin/Mebroot infection
So you have no root cause but it is resolved?
On Thu, Oct 6, 2011 at 2:57 PM, John Aldrich jaldr...@blueridgecarpet.com
wrote:
Nope. I managed to get the ASA logging to a Linux box successfully, but
it's
not showing any
Thanks! I'll give that a shot.
John-AldrichThread-Count
From: Roger Wright [mailto:rhw...@gmail.com]
Sent: Thursday, October 06, 2011 3:56 PM
To: NT System Admin Issues
Subject: Re: Torpig/Anserin/Mebroot infection
Yeah... give the one from Microsoft a try:
http
:* Thursday, October 06, 2011 3:56 PM
*To:* NT System Admin Issues
*Subject:* Re: Torpig/Anserin/Mebroot infection
** **
Yeah... give the one from Microsoft a try:
http://connect.microsoft.com/systemsweeper
Roger Wright
___
My short term goal is to make it through the day
...@gmail.com]
Sent: Thursday, October 06, 2011 3:56 PM
To: NT System Admin Issues
Subject: Re: Torpig/Anserin/Mebroot infection
Yeah... give the one from Microsoft a try:
http://connect.microsoft.com/systemsweeper
Roger Wright
___
My short term goal is to make it through the day.
My long term goal
in the firewall?
-Original Message-
From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk]
Sent: Monday, October 03, 2011 4:04 PM
To: NT System Admin Issues
Subject: RE: Torpig/Anserin/Mebroot infection
Jus to confirm, you don't allow outbound SMTP from anything other than your
How many machines are we talking about here? All local or some in remote
locations? The ISP did not provide the IP of the device that was misbehaving?
Shauna Hensala
From: jaldr...@blueridgecarpet.com
To: ntsysadmin@lyris.sunbelt-software.com
Subject: Torpig/Anserin/Mebroot infection
Date
Can you expand on blacklisted? Which blacklist and for what type of traffic?
From: John Aldrich [jaldr...@blueridgecarpet.com]
Sent: 03 October 2011 6:22 PM
To: NT System Admin Issues
Subject: Torpig/Anserin/Mebroot infection
So, our external IP is blacklisted
Have you kicked off a VIPRE deep scan on these machines?
Roger Wright
___
My short term goal is to make it through the day.
My long term goal is to string a bunch of short term goals together.
On Mon, Oct 3, 2011 at 1:22 PM, John Aldrich
jaldr...@blueridgecarpet.comwrote:
So, our
: RE: Torpig/Anserin/Mebroot infection
How many machines are we talking about here? All local or some in remote
locations? The ISP did not provide the IP of the device that was
misbehaving?
Shauna Hensala
From: jaldr...@blueridgecarpet.com
Issues
Subject: RE: Torpig/Anserin/Mebroot infection
Can you expand on blacklisted? Which blacklist and for what type of
traffic?
From: John Aldrich [jaldr...@blueridgecarpet.com]
Sent: 03 October 2011 6:22 PM
To: NT System Admin Issues
Subject: Torpig/Anserin
Not yet. I can do so though.
John-AldrichThread-Count
From: Roger Wright [mailto:rhw...@gmail.com]
Sent: Monday, October 03, 2011 2:55 PM
To: NT System Admin Issues
Subject: Re: Torpig/Anserin/Mebroot infection
Have you kicked off a VIPRE deep scan on these machines?
Roger Wright
infection
Can you expand on blacklisted? Which blacklist and for what type of
traffic?
From: John Aldrich [jaldr...@blueridgecarpet.com]
Sent: 03 October 2011 6:22 PM
To: NT System Admin Issues
Subject: Torpig/Anserin/Mebroot infection
So, our
To: NT System Admin Issues
Subject: Re: Torpig/Anserin/Mebroot infection
Are you using ASDM? Can't you filter the builtin realtime log viewer in a way
that might show you the infected machines? (It's been a long time since I've
used ASDM...)
On Mon, Oct 3, 2011 at 2:59 PM, John Aldrich jaldr
Issues
Subject: RE: Torpig/Anserin/Mebroot infection
Can you expand on blacklisted? Which blacklist and for what type of
traffic?
From: John Aldrich [jaldr...@blueridgecarpet.com]
Sent: 03 October 2011 6:22 PM
To: NT System Admin Issues
Subject: Torpig/Anserin
did CBL get into the non-email abuse gets your email blocked business.
-Original Message-
From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk]
Sent: Monday, October 03, 2011 4:04 PM
To: NT System Admin Issues
Subject: RE: Torpig/Anserin/Mebroot infection
Jus to confirm, you don't allow
you *should* be able to do virus scan of your network and identify the culprit.
Shauna Hensala
From: jaldr...@blueridgecarpet.com
To: ntsysadmin@lyris.sunbelt-software.com
Subject: RE: Torpig/Anserin/Mebroot infection
Date: Mon, 3 Oct 2011 14:58:42 -0400
I did not receive notification
: Torpig/Anserin/Mebroot infection
This is very interesting, can't wait to see that answer. I doubt it was on port
25, that Trojan looks to phone home with credentials of the infected user, it
is not an email bot as far as I can tell. And the two open questions will be;
1) No matter what port
4:04 PM
To: NT System Admin Issues
Subject: RE: Torpig/Anserin/Mebroot infection
Jus to confirm, you don't allow outbound SMTP from anything other than your
corporate SMTP boxes do you?
From: John Aldrich [jaldr...@blueridgecarpet.com]
Sent: 03 October 2011
suspects with Malware Bytes, but didn't see any infection. As I said, Vipre
Enterprise will be deep-scanning tonight.
From: Shauna Hensala [mailto:she...@msn.com]
Sent: Monday, October 03, 2011 4:10 PM
To: NT System Admin Issues
Subject: RE: Torpig/Anserin/Mebroot infection
you *should* be able to do
.
From: John Aldrich [jaldr...@blueridgecarpet.com]
Sent: 03 October 2011 9:14 PM
To: NT System Admin Issues
Subject: RE: Torpig/Anserin/Mebroot infection
We don't have a mail server here. Our ISP hosts our email for us, so yeah,
we do allow SMTP out. I wonder if there's a way to force all port
[mailto:paul.hutchi...@mira.co.uk]
Sent: Monday, October 03, 2011 4:19 PM
To: NT System Admin Issues
Subject: RE: Torpig/Anserin/Mebroot infection
You really don't want to be doing that, or if you must do it at least only
allow it outbound to the IP of the mail server your PC's are supposed to be
using.
Looking
On 3 Oct 2011 at 16:14, John Aldrich wrote:
We don't have a mail server here. Our ISP hosts our email for us, so yeah, we
do allow SMTP out. I wonder if there's a way to force all port 25 traffic to
one IP in the firewall?
There's usually a way to limit port-25 traffic to only one IP. It
/Anserin/Mebroot infection
On 3 Oct 2011 at 16:14, John Aldrich wrote:
We don't have a mail server here. Our ISP hosts our email for us, so
yeah, we do allow SMTP out. I wonder if there's a way to force all
port 25 traffic to one IP in the firewall?
There's usually a way to limit port-25 traffic
[mailto:paul.hutchi...@mira.co.uk]
Sent: Monday, October 03, 2011 4:19 PM
To: NT System Admin Issues
Subject: RE: Torpig/Anserin/Mebroot infection
You really don't want to be doing that, or if you must do it at least only
allow it outbound to the IP of the mail server your PC's are supposed to be
using
On Mon October 3 2011, you wrote:
On 3 Oct 2011 at 16:14, John Aldrich wrote:
We don't have a mail server here. Our ISP hosts our email for us, so
yeah, we do allow SMTP out. I wonder if there's a way to force all
port 25 traffic to one IP in the firewall?
There's usually a way to limit
43 matches
Mail list logo
