Going through the motions already. The new Microsoft Security Essentials scanner is picking it up as iloma.c and it keeps setting up residence in the system32 directory.
----- Original Message ----- From: [email protected] To: NT System Admin Issues Sent: Thursday, September 24, 2009 12:14 PM Subject: Re: Roaming profiles??? It depends when you downloaded it. Again, they claim they update it daily. You could check your current version with what is available to download. "David W. McSpadden" <[email protected]> wrote on 09/24/2009 11:14:30 AM: > If I already have that on my machine would I download it again? > ----- Original Message ----- > From: [email protected] > To: NT System Admin Issues > Sent: Thursday, September 24, 2009 10:54 AM > Subject: Re: Roaming profiles??? > > > And now a word from our sponsor... (They still say that, or did > that end in the early '60s?) > > Go to SunbeltSoftware.com and download "PC Rescue". It's not easy > to find, but any page, at the bottom, are some tiny little links. > "PC Rescue" is one of them. > > (Few seconds later) Or, I could be a wee bit more helpful: > > http://live.sunbeltsoftware.com/ > > They (claim to) update this daily. > > Once you get this installed, try a quick scan. Then, boot into > SafeMode and do a deep scan. (Note - I once encountered a root kit > on someone's home machine that prevented it from booting into SafeMode.) > -- > Richard D. McClary > Systems Administrator, Information Technology Group > > ASPCA® > 1717 S. Philo Rd, Ste 36 > Urbana, IL 61802 > > > "David W. McSpadden" <[email protected]> wrote on 09/24/2009 09:40:52 AM: > > > app data is always where it is finding the iloma and clamp but it is > > 'cleaning' them.... > > Once I get into the machine I find 0 files in the app data folder.. > > > > ----- Original Message ----- > > From: Ray > > To: NT System Admin Issues > > Sent: Thursday, September 24, 2009 10:35 AM > > Subject: RE: Roaming profiles??? > > > > Run Malwarebytes on your machines. This was how a major virus > > outbreak started on our network, and we're still not completely done > > with it. ILOMA,B and I think Clamp. McAfee started finding it > > as a "Buffer Overflow" but woudn't fix it. We spend days trying to > > get them to get us a DAT that would find it. Still not 100% sure > > they can stop it from spreading. > > > > PSEXEC is supposedly how it spreads. > > > > You'll probably find several .exe's in the documents & > > settings/usename/application data . > > > > From: David W. McSpadden [mailto:[email protected]] > > Sent: Thursday, September 24, 2009 6:48 AM > > To: NT System Admin Issues > > Subject: Re: Roaming profiles??? > > > > These are local local on the user profile page. They are showing up > > as if they logged into my machine. > > > > ----- Original Message ----- > > From: Richard Stovall > > To: NT System Admin Issues > > Sent: Tuesday, September 22, 2009 3:14 PM > > Subject: RE: Roaming profiles??? > > > > Just out of curiosity, are the affected machines the same ones on > > which you see the PsExec log entries? > > > > From: David W. McSpadden [mailto:[email protected]] > > Sent: Tuesday, September 22, 2009 2:52 PM > > To: NT System Admin Issues > > Subject: Re: Roaming profiles??? > > > > domain user accounts. > > just pass/fail on user accounts. > > None of them signed on to the network or my machine at the time > > 'their' profile was updated on my pc today. > > The best they could come up with was they might have had their > > screensaver up and it is password enforced... > > > > ----- Original Message ----- > > From: Richard Stovall > > To: NT System Admin Issues > > Sent: Tuesday, September 22, 2009 2:48 PM > > Subject: RE: Roaming profiles??? > > > > Are these profile directories of domain user accounts or local accounts? > > > > Are you auditing account logon events and logon events in the > > appropriate places? > > > > From: David W. McSpadden [mailto:[email protected]] > > Sent: Tuesday, September 22, 2009 2:41 PM > > To: NT System Admin Issues > > Subject: Re: Roaming profiles??? > > > > These are Windows 2000 Server, Windows 2003 Server, and Windows XP > > Pro machines. > > It is not domain wide yet but I see almost all 10 on most all machines. > > Even machines that haven't rebooted in months.... > > So I am confused. > > ----- Original Message ----- > > From: Andrew S. Baker > > To: NT System Admin Issues > > Sent: Tuesday, September 22, 2009 2:36 PM > > Subject: Re: Roaming profiles??? > > > > What kinds of servers are these? > > > > Are these users using Citrix or Remote Desktop to access these servers? > > > > Are there any scheduled jobs running under these user accounts? > > > > -ASB: http://xeesm.com/AndrewBaker > > Providing Competitive Advantage through Effective IT Leadership > > On Tue, Sep 22, 2009 at 2:12 PM, David W. McSpadden <[email protected]> wrote: > > I have like 10 user accounts I am seeing in Documents and settings > > on like 4 machines now. > > That would make sense if they logged into these 4 machines but they > > are physically not here. > > So, are they some weird form of roaming profiles or what? > > How do I check them out to see?? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > No virus found in this incoming message. > > Checked by AVG - www.avg.com > > Version: 8.5.409 / Virus Database: 270.13.112/2391 - Release Date: > > 09/23/09 18:00:00 > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
