So you have no root cause but it is resolved? On Thu, Oct 6, 2011 at 2:57 PM, John Aldrich <[email protected]>wrote:
> Nope. I managed to get the ASA logging to a Linux box successfully, but > it's > not showing any hits on the relevant IP address. *shrug* I don't know if > running Malware Bytes on a few machines cleaned it or not. I didn't find > anything major on those machines, so I doubt that was it. I suppose it > could > be a false-positive. Don't know. > > > > From: Roger Wright [mailto:[email protected]] > Sent: Thursday, October 06, 2011 12:03 PM > To: NT System Admin Issues > Subject: Re: Torpig/Anserin/Mebroot infection > > John, > > How'd you make out with this issue? Determine the source yet? > > > Roger Wright > ___ > My short term goal is to make it through the day. > My long term goal is to string a bunch of short term goals together. > > > > On Mon, Oct 3, 2011 at 1:22 PM, John Aldrich <[email protected] > > > wrote: > So, our external IP is blacklisted because apparently one of our machines > is > infected with a banking Trojan. Short of going to each and every individual > machine on the network, the only thing I can think of to do is to set up > logging of the ASA to a syslog server. I have downloaded and installed a > trial version of Kiwi syslog, but I can’t figure out how to configure it to > forward the log files to my system. > > Anyone here able to provide a good how-to? I *did* Google, but apparently > my > Google-fu sucks, as I wasn’t able to find instructions that made sense to > me. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > -- -cynicalgeek- cynicalgeek<at>gmail.com -- ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
