http://www.dailywav.com/0800/bendover.wav
-- Espi On Thu, Oct 6, 2011 at 1:19 PM, John Aldrich <[email protected]>wrote: > Thanks! I’ll give that a shot.**** > > ** ** > > [image: John-Aldrich][image: Thread-Count]**** > > ** ** > > *From:* Roger Wright [mailto:[email protected]] > *Sent:* Thursday, October 06, 2011 3:56 PM > > *To:* NT System Admin Issues > *Subject:* Re: Torpig/Anserin/Mebroot infection**** > > ** ** > > Yeah... give the one from Microsoft a try: **** > > http://connect.microsoft.com/systemsweeper > > > Roger Wright > ___**** > > My short term goal is to make it through the day. **** > > My long term goal is to string a bunch of short term goals together.**** > > ** ** > > > > **** > > On Thu, Oct 6, 2011 at 3:28 PM, John Aldrich <[email protected]> > wrote:**** > > Well, we blocked the IPs of the C&C server at the firewall, and > theoretically, I should have had some hits on the firewall overnight, but I > never did, so I don't know what's going on. Unless/until I can find > something to point me towards a good way to find this sucker, I'm going to > call it "resolved." > > I did contact Sunbelt, but the tech I got seemed to think I'd already > identified the infected PC. I think the only way I'm likely to identify the > machine in question is to boot off removable media and scan the hard drive > of every machine that has been turned on during the time the infection was > detected (about a dozen or two.) Do y'all know of any good free/trialware > that one can download a bootable ISO for to scan for this bug? > > > > From: Cynicalgeek [mailto:[email protected]] > Sent: Thursday, October 06, 2011 3:16 PM**** > > To: NT System Admin Issues > Subject: Re: Torpig/Anserin/Mebroot infection > > So you have no root cause but it is resolved? > On Thu, Oct 6, 2011 at 2:57 PM, John Aldrich <[email protected] > > > wrote: > Nope. I managed to get the ASA logging to a Linux box successfully, but > it's > not showing any hits on the relevant IP address. *shrug* I don't know if > running Malware Bytes on a few machines cleaned it or not. I didn't find > anything major on those machines, so I doubt that was it. I suppose it > could > be a false-positive. Don't know. > > > > From: Roger Wright [mailto:[email protected]] > Sent: Thursday, October 06, 2011 12:03 PM > To: NT System Admin Issues > Subject: Re: Torpig/Anserin/Mebroot infection > > John, > > How'd you make out with this issue? Determine the source yet? > > > Roger Wright > ___ > My short term goal is to make it through the day. > My long term goal is to string a bunch of short term goals together. > > > > On Mon, Oct 3, 2011 at 1:22 PM, John Aldrich <[email protected] > > > wrote: > So, our external IP is blacklisted because apparently one of our machines > is > infected with a banking Trojan. Short of going to each and every individual > machine on the network, the only thing I can think of to do is to set up > logging of the ASA to a syslog server. I have downloaded and installed a > trial version of Kiwi syslog, but I can’t figure out how to configure it to > forward the log files to my system. > > Anyone here able to provide a good how-to? I *did* Google, but apparently > my > Google-fu sucks, as I wasn’t able to find instructions that made sense to > me. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > > > -- > -cynicalgeek- > cynicalgeek<at>gmail.com > -- > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ** ** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<image001.jpg>>
<<image002.jpg>>
