Nope. I managed to get the ASA logging to a Linux box successfully, but it's not showing any hits on the relevant IP address. *shrug* I don't know if running Malware Bytes on a few machines cleaned it or not. I didn't find anything major on those machines, so I doubt that was it. I suppose it could be a false-positive. Don't know.
From: Roger Wright [mailto:rhw...@gmail.com] Sent: Thursday, October 06, 2011 12:03 PM To: NT System Admin Issues Subject: Re: Torpig/Anserin/Mebroot infection John, How'd you make out with this issue? Determine the source yet? Roger Wright ___ My short term goal is to make it through the day. My long term goal is to string a bunch of short term goals together. On Mon, Oct 3, 2011 at 1:22 PM, John Aldrich <jaldr...@blueridgecarpet.com> wrote: So, our external IP is blacklisted because apparently one of our machines is infected with a banking Trojan. Short of going to each and every individual machine on the network, the only thing I can think of to do is to set up logging of the ASA to a syslog server. I have downloaded and installed a trial version of Kiwi syslog, but I cant figure out how to configure it to forward the log files to my system. Anyone here able to provide a good how-to? I *did* Google, but apparently my Google-fu sucks, as I wasnt able to find instructions that made sense to me. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
