I've got a deep scan scheduled for tonight. Hopefully it'll catch it, but according to the information on the CBL, it's not commonly caught that way... "Pay very close attention: Most of these trojans have extremely poor detection rates in current Anti-Virus software..." I did scan the "likely suspects" with Malware Bytes, but didn't see any infection. As I said, Vipre Enterprise will be deep-scanning tonight.
From: Shauna Hensala [mailto:she...@msn.com] Sent: Monday, October 03, 2011 4:10 PM To: NT System Admin Issues Subject: RE: Torpig/Anserin/Mebroot infection you *should* be able to do virus scan of your network and identify the culprit. Shauna Hensala > From: jaldr...@blueridgecarpet.com > To: ntsysadmin@lyris.sunbelt-software.com > Subject: RE: Torpig/Anserin/Mebroot infection > Date: Mon, 3 Oct 2011 14:58:42 -0400 > > I did not receive notification from my ISP. I found out about it when I was > corresponding with someone from work on my personal email address and the > email kept getting held. I looked at *why* it was being held and the info > was that it was being held by the CBL.ABUSEAT.ORG block list. They in turn > told me that the external IP of our firewall was listed due to the > Torpig/Anserin/Mebroot traffic. *shrug* > > I'm looking at probably 2-3 dozen computers total in one location. > > > > From: Shauna Hensala [mailto:she...@msn.com] > Sent: Monday, October 03, 2011 1:53 PM > To: NT System Admin Issues > Subject: RE: Torpig/Anserin/Mebroot infection > > How many machines are we talking about here? All local or some in remote > locations? The ISP did not provide the IP of the device that was > misbehaving? > > > Shauna Hensala > > > > ________________________________________ > From: jaldr...@blueridgecarpet.com > To: ntsysadmin@lyris.sunbelt-software.com > Subject: Torpig/Anserin/Mebroot infection > Date: Mon, 3 Oct 2011 13:22:56 -0400 > So, our external IP is blacklisted because apparently one of our machines is > infected with a banking Trojan. Short of going to each and every individual > machine on the network, the only thing I can think of to do is to set up > logging of the ASA to a syslog server. I have downloaded and installed a > trial version of Kiwi syslog, but I cant figure out how to configure it to > forward the log files to my system. > > Anyone here able to provide a good how-to? I *did* Google, but apparently my > Google-fu sucks, as I wasnt able to find instructions that made sense to > me. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin