Are other av vendors seeing the same thing from a possible sample of winlogon.exe if you can use process Explorer to check it or hybrid analysis.net or malwr.com
On Sep 4, 2016 1:24 AM, "Kelsey, John" <[email protected]> wrote: > We’re seeing a massive outbreak of Troj-FarFli-CT tonight, affecting > winlogon.exe. Sophos doing a poor job of stopping it so far. Anyone else > seeing similar? > > Tons of our VMs are getting infected. On hold for over 30 minutes waiting > for Sophos support right now. > > > > *************************************** > *John C. Kelsey* > > Penn Highlands Healthcare > (: 814.375.3073 > 2 : 814.375.4005 > *: [email protected] > *************************************** > > [image: PHH ESig Logo 150dpi] > > > > This email and any attached files are sensitive in nature and intended solely > for the intended recipient(s). If you are not the named recipient you should > not read, distribute, copy or alter this email. Any views or opinions > expressed in this email are those of the author and do not represent those of > Penn Highlands Healthcare or its affiliates.. Warning: Although precautions > have been taken to make sure no viruses are present in this email, the > company cannot accept responsibility for any loss or damage that arise from > the use of this email or attachments. > >
