Application whitelisting saves me from annoyances like this, generally On 16 June 2011 15:11, Mike Sullivan <[email protected]> wrote:
> I ran into this on Monday, at least I have my users locked down and they > only saw the message that the hard drive was failing and their shortcuts > disappeared. I followed Tammy's instructions and had it cleaned up pronto! > > > On Thu, Jun 16, 2011 at 6:53 AM, Jonathan <[email protected]> wrote: > >> I've run into a nice variant of this just this morning....the window is >> titled, "Windows Vista Restore" and the caption at the top of the window >> says, "PC Performance & Stability analysis report". It is telling me hat the >> hard drive is failing and that private data is at risk. >> >> When I went into the root of C:. it only showed one file, named >> bootsect.bak. After I chose to display all hidden and os files, >> viola,everything in C: and on the desktop appeared. >> >> What a way to start a Thursday - at least it isn't Monday! >> >> JR >> >> On Mon, Jun 6, 2011 at 11:56 AM, Roger Wright <[email protected]> wrote: >> >>> Try setting him up with ClearCloudDNS - might help prevent future >>> infections. >>> >>> >>> Roger Wright >>> ___ >>> >>> "Formula for success: rise early, work hard, strike oil." - J. Paul Getty >>> >>> >>> >>> >>> >>> On Fri, Jun 3, 2011 at 10:34 AM, John Aldrich >>> <[email protected]> wrote: >>> > Thanks... This particular user is unlucky enough to have teenagers who >>> use >>> > his computer. My guess is they are visiting infected/hostile/0wned >>> sites and >>> > that's how he's getting infected. Never really had a problem when he >>> was >>> > working here, so I'm suspecting it's some of his grandkids that are >>> causing >>> > the problem. >>> > >>> > As I have not yet seen the problem, I don't know if it's going to be >>> easy or >>> > difficult. Hopefully MBAM and Vipre won't have any problem with it. :D >>> > >>> > Thanks again! >>> > >>> > >>> > >>> > From: James Rankin [mailto:[email protected]] >>> > Sent: Friday, June 03, 2011 10:31 AM >>> > To: NT System Admin Issues >>> > Subject: Re: Fake antivirus >>> > >>> > May be time to invest in some UAT (user awareness training). Continual >>> > re-infestation either means he is unlucky, or gung-ho in his browsing. >>> > >>> > I've had some fake AVs recently which were ridiculously easy to get rid >>> of >>> > (kill process, delete files, remove autorun entry). Others have been >>> more >>> > stealthy - such as killing targeted windows like Task Manager. Booting >>> into >>> > safe mode usually prevents these extra "features" from bothering you. >>> > >>> > But as with everything - a reimage may be the only way to be sure. >>> > On 3 June 2011 15:26, John Aldrich <[email protected]> >>> wrote: >>> > I'm going to go to a former co-worker's this afternoon to clean his >>> system >>> > (again) from another fake antivirus infestation. I've already got Vipre >>> > Rescue and Malware Bytes on a memory stick. I've also got RKILL. I >>> haven't >>> > had to deal with any fake antivirus in a few weeks. Just wondering if >>> they >>> > have developed any new tricks recently that I should be aware of? >>> > >>> > Oh, this user had Vipre Home on his PC, and got infested anyway. Should >>> I >>> > submit samples to Sunbelt (assuming I can find where they're >>> quarantined)??? >>> > >>> > Thanks! >>> > >>> > >>> > >>> > >>> > >>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> > >>> > --- >>> > To manage subscriptions click here: >>> > http://lyris.sunbelt-software.com/read/my_forums/ >>> > or send an email to [email protected] >>> > with the body: unsubscribe ntsysadmin >>> > >>> > >>> > >>> > -- >>> > "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put >>> into >>> > the machine wrong figures, will the right answers come out?' I am not >>> able >>> > rightly to apprehend the kind of confusion of ideas that could provoke >>> such >>> > a question." >>> > >>> > IMPORTANT: The information in this email is CONFIDENTIAL. If its >>> contents >>> > are disclosed in any way my lawyers will swoop down from black >>> helicopters >>> > like Seal Team Six and drag you away with a black bag over your head. >>> They >>> > will then take you to a secret prison and make you fight to the death >>> with >>> > other people who dared to share this email. You will be given a large >>> bowie >>> > knife and a supply of methamphetamines while I watch the said >>> deathmatch and >>> > wager vast sums of money on who will be the winner. If the fight >>> becomes >>> > boring or there is a stalemate, I will release rabid dogs and my >>> two-stone >>> > cat into the arena to liven things up a bit. If these animals become in >>> any >>> > way docile, I will squirt them with water pistols until they become a >>> bit >>> > more temperamental. >>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> > >>> > --- >>> > To manage subscriptions click here: >>> > http://lyris.sunbelt-software.com/read/my_forums/ >>> > or send an email to [email protected] >>> > with the body: unsubscribe ntsysadmin >>> > >>> > >>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> > >>> > --- >>> > To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> > or send an email to [email protected] >>> > with the body: unsubscribe ntsysadmin >>> > >>> > >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to [email protected] >>> with the body: unsubscribe ntsysadmin >>> >>> >> >> >> -- >> Jonathan, A+, MCSA, MCSE >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> > > > > -- > Thank you, > Mike Sullivan > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ****** IMPORTANT INFORMATION/DISCLAIMER ***** This document should be read only by those persons to whom it is addressed. If you have received this message it was obviously addressed to you and therefore you can read it, even it we didn't mean to send it to you. However, if the contents of this email make no sense whatsoever then you probably were not the intended recipient, or, alternatively, you are a mindless cretin; either way, you should immediately kill yourself and destroy your computer (not necessarily in that order). Once you have taken this action, please contact us.. no, sorry, you can't use your computer, because you just destroyed it, and possibly also committed suicide afterwards, but I am starting to digress...... * * The originator of this email is not liable for the transmission of the information contained in this communication. Or are they? Either way it's a pretty dull legal query and frankly one I'm not going to dwell on. But should you have nothing better to do, please feel free to ruminate on it, and please pass on any concrete conclusions should you find them. However, if you pass them on via email, be sure to include a disclaimer regarding liability for transmission. * * In the event that the originator did not send this email to you, then please return it to us and attach a scanned-in picture of your mother's brother's wife wearing nothing but a kangaroo suit, and we will immediately refund you exactly half of what you paid for the can of Whiskas you bought when you went to Pets** ** At Home yesterday. * * We take no responsibility for non-receipt of this email because we are running Exchange 5.5 and everyone knows how glitchy that can be. In the event that you do get this message then please note that we take no responsibility for that either. Nor will we accept any liability, tacit or implied, for any damage you may or may not incur as a result of receiving, or not, as the case may be, from time to time, notwithstanding all liabilities implied or otherwise, ummm, hell, where was I...umm, no matter what happens, it is NOT, and NEVER WILL BE, OUR FAULT! * * The comments and opinions expressed herein are my own and NOT those of my employer, who, if he knew I was sending emails and surfing the seamier side of the Internet, would cut off my manhood and feed it to me for afternoon tea. * ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
