No specific sites... well, actually I /can/ get the IP of one of the sites. The drive-by added bogus google and bing entries to the hosts file in an effort to have another vector on system [re]infection. Malwarebytes promptly blocks access to the Romainian IP in question.
Not admin, not aware of any specific unpatched vulnerabilities - but its possible. I've seen the same set of infections on 4 systems in the past two weeks. These were all at different medical/dental clients. 1. Malwarebytes would have prevented it. 2. MSE got tooled. 3. Ultimately it took Kaspersky VRT and TDSSKiller to clean it. -- Espi On Fri, Oct 7, 2011 at 11:33 AM, Crawford, Scott <crawfo...@evangel.edu>wrote: > Do you have any examples of sites that exploit this? Are other factors at > play? Browsing with admin credentials or unpatched vulnerabilities?**** > > ** ** > > *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] > *Sent:* Friday, October 07, 2011 1:26 PM > > *To:* NT System Admin Issues > *Subject:* Re: AV and malware protection?**** > > ** ** > > Yep, the current version. From what I have seen done to it by web-based > exploit infections, I would classify the product as "a joke". > > I thought it was decent before, but I currently have no faith in it. This > being part of the scenario of users, using IE, getting hit with drive-by's, > those drive-by's pulling down more crap, and ultimately owning the system > with rootkits. > > IMO, MSE has been worthless in these situations. > > -- > Espi**** > > ** ** > > ** ** > > > > **** > > On Fri, Oct 7, 2011 at 10:57 AM, John Hornbuckle < > john.hornbuc...@taylor.k12.fl.us> wrote:**** > > The current version of MSE? I think it’s on v2.0 now.**** > > **** > > Of course, there’s no substitute for careful behavior, as others have > mentioned. I’m extremely cautious, and honestly can’t recall a single time > that my antimalware (MSE or the stuff I used before that) software has > protected from a threat over the past few years.**** > > **** > > Maybe MSE works well for me because it never has to do anything. :)**** > > **** > > **** > > John**** > > **** > > **** > > *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] > *Sent:* Friday, October 07, 2011 1:20 PM**** > > > *To:* NT System Admin Issues**** > > *Subject:* Re: AV and malware protection?**** > > **** > > I would trust Malwarebytes over a traditional a product. I wouldnt trust > MSE what-so-ever. I've seen web-based drive by exploits absolutely destroy > it. > > If I was going to couple with an AV product, I'd use Kaspersky primarily, > with ESET as a secondary choice. > > -- > Espi**** > > **** > > **** > > ** ** > > On Fri, Oct 7, 2011 at 6:34 AM, John Hornbuckle < > john.hornbuc...@taylor.k12.fl.us> wrote:**** > > I just use Microsoft Security Essentials. Seems to work well enough for me. > Or am I naïve? > > > > John Hornbuckle, MSMIS, PMP > MIS Department > Taylor County School District > www.taylor.k12.fl.us**** > > > > > -----Original Message----- > From: Eric Brouwer [mailto:ithelp.e...@gmail.com] > Sent: Friday, October 07, 2011 9:31 AM > To: NT System Admin Issues > Subject: AV and malware protection? > > If you had to secure your own personal computer at home (Windows 7), what > AV, firewall, malware protection would you install? > > Thanks! > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ < > http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > **** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ** ** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin