Yes. On Fri, Oct 7, 2011 at 11:21 AM, John Aldrich <jaldr...@blueridgecarpet.com>wrote:
> I’m assuming you mean one of the computers that was unable to use the CD?* > *** > > ** ** > > [image: John-Aldrich][image: Thread-Count]**** > > ** ** > > *From:* Cynicalgeek [mailto:cynicalg...@gmail.com] > *Sent:* Friday, October 07, 2011 11:12 AM > > *To:* NT System Admin Issues > *Subject:* Re: Torpig/Anserin/Mebroot infection**** > > ** ** > > Try to boot normally and update Malwarebytes now.**** > > On Fri, Oct 7, 2011 at 11:02 AM, John Aldrich < > jaldr...@blueridgecarpet.com> wrote:**** > > Well, I was using the bootable CD, so any infection on the computer should > not affect the machine in question. I’m guessing it’s just old hardware that > isn’t up to the job. I might take a USB cd up to a couple of ‘em, but > honestly I’m not really worried about it on those machines. We have that IP > range blocked in the firewall, so it’s not as big a deal as it might have > been.**** > > **** > > OTOH, I am glad I used that bootable CD as some of the computers were > really infested beyond what I would have expected with Vipre installed.*** > * > > **** > > [image: John-Aldrich][image: Thread-Count]**** > > **** > > *From:* Cynicalgeek [mailto:cynicalg...@gmail.com] > *Sent:* Friday, October 07, 2011 10:25 AM**** > > > *To:* NT System Admin Issues > *Subject:* Re: Torpig/Anserin/Mebroot infection**** > > **** > > Did it successfully install the software and NOT allow you to update the > definition files?**** > > **** > > This is a good sign of an infected computer.**** > > **** > > On Thu, Oct 6, 2011 at 6:31 PM, John Aldrich <jaldr...@blueridgecarpet.com> > wrote:**** > > What do you do if the machine won’t run it? I have two machines that both > think the CD I just made is like 5 years old, and they won't allow me to > update the definitions or anything.... :( > Neither one is really "critical" but I can't replace 'em right now...**** > > > > > From: Roger Wright [mailto:rhw...@gmail.com] > Sent: Thursday, October 06, 2011 3:56 PM > To: NT System Admin Issues > Subject: Re: Torpig/Anserin/Mebroot infection > > Yeah... give the one from Microsoft a try: > http://connect.microsoft.com/systemsweeper > > > Roger Wright > ___ > My short term goal is to make it through the day. > My long term goal is to string a bunch of short term goals together. > > > > On Thu, Oct 6, 2011 at 3:28 PM, John Aldrich <jaldr...@blueridgecarpet.com > > > wrote: > Well, we blocked the IPs of the C&C server at the firewall, and > theoretically, I should have had some hits on the firewall overnight, but I > never did, so I don't know what's going on. Unless/until I can find > something to point me towards a good way to find this sucker, I'm going to > call it "resolved." > > I did contact Sunbelt, but the tech I got seemed to think I'd already > identified the infected PC. I think the only way I'm likely to identify the > machine in question is to boot off removable media and scan the hard drive > of every machine that has been turned on during the time the infection was > detected (about a dozen or two.) Do y'all know of any good free/trialware > that one can download a bootable ISO for to scan for this bug? > > > > From: Cynicalgeek [mailto:cynicalg...@gmail.com] > Sent: Thursday, October 06, 2011 3:16 PM > To: NT System Admin Issues > Subject: Re: Torpig/Anserin/Mebroot infection > > So you have no root cause but it is resolved? > On Thu, Oct 6, 2011 at 2:57 PM, John Aldrich <jaldr...@blueridgecarpet.com > > > wrote: > Nope. I managed to get the ASA logging to a Linux box successfully, but > it's > not showing any hits on the relevant IP address. *shrug* I don't know if > running Malware Bytes on a few machines cleaned it or not. I didn't find > anything major on those machines, so I doubt that was it. I suppose it > could > be a false-positive. Don't know. > > > > From: Roger Wright [mailto:rhw...@gmail.com] > Sent: Thursday, October 06, 2011 12:03 PM > To: NT System Admin Issues > Subject: Re: Torpig/Anserin/Mebroot infection > > John, > > How'd you make out with this issue? Determine the source yet? > > > Roger Wright > ___ > My short term goal is to make it through the day. > My long term goal is to string a bunch of short term goals together. > > > > On Mon, Oct 3, 2011 at 1:22 PM, John Aldrich <jaldr...@blueridgecarpet.com > > > wrote: > So, our external IP is blacklisted because apparently one of our machines > is > infected with a banking Trojan. Short of going to each and every individual > machine on the network, the only thing I can think of to do is to set up > logging of the ASA to a syslog server. I have downloaded and installed a > trial version of Kiwi syslog, but I can’t figure out how to configure it to > forward the log files to my system. > > Anyone here able to provide a good how-to? I *did* Google, but apparently > my > Google-fu sucks, as I wasn’t able to find instructions that made sense to > me. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > > > -- > -cynicalgeek- > cynicalgeek<at>gmail.com > -- > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > > > **** > > **** > > -- > -cynicalgeek- > cynicalgeek<at>gmail.com > --**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > > > **** > > ** ** > > -- > -cynicalgeek- > cynicalgeek<at>gmail.com > --**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > -- -cynicalgeek- cynicalgeek<at>gmail.com -- ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
<<image002.jpg>>
<<image001.jpg>>
