RE: #*$% Security Tools Malware
Yes, I use DynDNS as well. There are many others, but I use them mostly because IP updates are supported in DD-WRT firmware. I pay for the service just so I don't need to re-up every month manually, its like 10 bucks a year, that's all of two drinks at the bar, no biggie. Phillip Partipilo Parametric Solutions Inc. Jupiter, Florida (561) 747-6107 -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Thursday, September 16, 2010 3:45 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Yep. I also use DynDNS, but only their free service. Really nice to be able to remote into my machine at home, on a random DSL IP address. :-) Thanks, John Aldrich IT Manager, Blueridge Carpet 706-276-2001, Ext. 2233 From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, September 16, 2010 3:42 PM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware I use DynDNS, but not for that service. Generally, I've been happy with their overall service for over 7 years now. Probably not a bad deal. ASB (My XeeSM Profile) Exploiting Technology for Business Advantage... On Thu, Sep 16, 2010 at 1:23 PM, Ralph Smith m...@gatewayindustries.org wrote: Along these lines, does anyone have experience with or have an opinion on a similar product from dyndns.com http://www.dyndns.com/services/dynguide/ The premium service is only $20 per year, and they seem to use Barracuda for their content and site blocking. Not a lot of detail on their web site. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, September 16, 2010 12:40 PM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware OpenDNS also offers FamilyShield: https://www.opendns.com/familyshield Not quite a comprehensive as their standard product, but more security features. Of course, I expect ClearCloud to be better against more malware. OpenDNS does block *some* malware sites, except in the BASIC service. (I'm subscribed to the $9.95/yr plan) Anyway, I've put in a request for them to use external malware feeds and allow purchasing/obtaining the malware function across all subscription levels. ASB (My XeeSM Profile) Exploiting Technology for Business Advantage... On Thu, Sep 16, 2010 at 11:21 AM, Alex Eckelberry al...@sunbelt-software.com wrote: OpenDNS is a Cadillac Escalade, ClearCloud DNS is a Porsche. Ok, that's the hyperbole. But it's apt. I like OpenDNS. I have used the service, and we are very good friends with the principals over there. But OpenDNS is a very sophisticated system that includes content filtering. ClearCloud is just focused on malware sites. OpenDNS does not block malware sites, instead requiring an additional fee: https://www.opendns.com/start/ Users of both products who have been testing it indicate that they prefer ClearCloud because: - It is very simple - just enter the IP number and go. Unlike OpenDNS, we don't care where you IP originated from (for configuration management), so we don't have to worry about updating dynamic DNS, etc. - It's quite a bit faster. OpenDNS does a lot of incredible things, but these come at a performance cost. OpenDNS is a company setup to make money on DNS. We aren't. For us, the DNS portion of ClearCloud is only one part of the equation. ClearCloud is actually the DNS infrastructure which will provide a major part of our future cloud-services model. So it pops off the work we're already doing. That's not to say we won't try and figure out a way to make some money off of it at some point (maybe by charging business a small fee for it at some point in the future), but it's not our primary focus. But simply: If you're not worried about content filtering (which has its limitations anyway in DNS, since you can only block a domain, not a full URL), then ClearCloud is better. If you want content filtering, use OpenDNS. Alex From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, September 16, 2010 8:24 AM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware OpenDNS provides similar benefits... ASB (My XeeSM Profile) Exploiting Technology for Business Advantage... On Thu, Sep 16, 2010 at 6:27 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: Trying it now. Love the concept-let's see if it helps. :) From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:58 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Btw, we update the malware URLs of these rogues right into ClearCloud. Feel free to and the ClearCloud DNS server as a replacement to your existing DNS: http://clearclouddns.com/ It's still beta, but I think you'll find it works quite well. And it's free. Alex From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:55 PM To: NT System Admin Issues Subject: RE
Re: #*$% Security Tools Malware
On 16 Sep 2010 at 6:27, John Hornbuckle wrote: What happens is that they go to some website that pops up a browser window that´s designed to look like the window of an antivirus app. They actually do a pretty good job-it can fool the average user easily. Anyhow, the animation in the window tells them they´re infected and to click here to clean the virus, and when they click there it downloads an EXE that plants the malware on their system. Most of these popups are hard-coded to look like the standard XP theme, so one of the simplest techniques to fight these malware popups is to change your XP theme from the standard XP theme to Windows Classic. I use that theme whenever I log in with an Admin-level account, it reminds me that I'm an administrator. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-895-3270 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: #*$% Security Tools Malware
On 16 Sep 2010 at 11:18, Alex Eckelberry wrote: I have asked and they said they would put that up. Kewl ... -Original Message- From: Angus Scott-Fleming [mailto:angu...@geoapps.com] Sent: Thursday, September 16, 2010 1:54 AM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware On 15 Sep 2010 at 14:45, Alex Eckelberry wrote: In my discussions with Malwarebytes, they have indicated that they are ok with the use of Malwarebytes in a commercial environment for a one-time use to clean an infected system -- at least as it regards the website vipre.malwarebytes.org. Having that made explicit on the vipre.malwarebytes.org page would be a Good Thing. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: #*$% Security Tools Malware
OpenDNS is a win-win imho. Can anyone tell me otherwise? Like Jonathan, I've been using it religiously since the poisoning issues. In my DNS performance testing its always the fastest as well. If you never have, test yours as well: http://code.google.com/p/namebench/ -- ME2 On Thu, Sep 16, 2010 at 5:24 AM, Andrew S. Baker asbz...@gmail.com wrote: OpenDNS provides similar benefits... *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Sep 16, 2010 at 6:27 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: Trying it now. Love the concept—let’s see if it helps. :) *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com] *Sent:* Wednesday, September 15, 2010 12:58 PM *To:* NT System Admin Issues *Subject:* RE: #*$% Security Tools Malware Btw, we update the malware URLs of these rogues right into ClearCloud. Feel free to and the ClearCloud DNS server as a replacement to your existing DNS: http://clearclouddns.com/ It’s still beta, but I think you’ll find it works quite well. And it’s free. Alex *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com] *Sent:* Wednesday, September 15, 2010 12:55 PM *To:* NT System Admin Issues *Subject:* RE: #*$% Security Tools Malware http://vipre.malwarebytes.org/ Free. And the combination really works. *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] *Sent:* Wednesday, September 15, 2010 12:20 PM *To:* NT System Admin Issues *Subject:* #*$% Security Tools Malware The “Security Tools” malware is about to drive me insane. My users keep managing to infect themselves with it, and we’re having trouble stopping it. They don’t run with admin rights, so there’s no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I’m tired of my technicians having to waste time on it. Our antimalware software is Microsoft’s Forefront Client Security, and it’s having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions—but the EXE’s used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS’s definitions. I can think of a couple of options that I know would stop it, like blocking all EXE’s at our web filter or using group policy to limit the running of EXE’s—but this would also prevent users from doing things like installing safe plug-ins from websites, so it’s not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: #*$% Security Tools Malware
manually, its like 10 bucks a year, that's all of two drinks at the bar, no biggie. Phillip Partipilo Parametric Solutions Inc. Jupiter, Florida (561) 747-6107 Hey, what bar is selling drinks that cheap.at least alcoholic drinks? Murray ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: #*$% Security Tools Malware
OpenDNS coupled with Malwarebytes (registered) should cover all bases. -- ME2 On Thu, Sep 16, 2010 at 9:39 AM, Andrew S. Baker asbz...@gmail.com wrote: OpenDNS also offers FamilyShield: https://www.opendns.com/familyshield https://www.opendns.com/familyshieldNot quite a comprehensive as their standard product, but more security features. Of course, I expect ClearCloud to be better against more malware. OpenDNS does block *some* malware sites, except in the BASIC service. (I'm subscribed to the $9.95/yr plan) Anyway, I've put in a request for them to use external malware feeds and allow purchasing/obtaining the malware function across all subscription levels. *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Sep 16, 2010 at 11:21 AM, Alex Eckelberry al...@sunbelt-software.com wrote: OpenDNS is a Cadillac Escalade, ClearCloud DNS is a Porsche. Ok, that’s the hyperbole. But it’s apt. I like OpenDNS. I have used the service, and we are very good friends with the principals over there. But OpenDNS is a very sophisticated system that includes content filtering. ClearCloud is just focused on malware sites. OpenDNS does not block malware sites, instead requiring an additional fee: https://www.opendns.com/start/ Users of both products who have been testing it indicate that they prefer ClearCloud because: - It is very simple – just enter the IP number and go. Unlike OpenDNS, we don’t care where you IP originated from (for configuration management), so we don’t have to worry about updating dynamic DNS, etc. - It’s quite a bit faster. OpenDNS does a lot of incredible things, but these come at a performance cost. OpenDNS is a company setup to make money on DNS. We aren’t. For us, the DNS portion of ClearCloud is only one part of the equation. ClearCloud is actually the DNS infrastructure which will provide a major part of our future cloud-services model. So it pops off the work we’re already doing. That’s not to say we won’t try and figure out a way to make some money off of it at some point (maybe by charging business a small fee for it at some point in the future), but it’s not our primary focus. But simply: If you’re not worried about content filtering (which has its limitations anyway in DNS, since you can only block a domain, not a full URL), then ClearCloud is better. If you want content filtering, use OpenDNS. Alex *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Thursday, September 16, 2010 8:24 AM *To:* NT System Admin Issues *Subject:* Re: #*$% Security Tools Malware OpenDNS provides similar benefits... *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Sep 16, 2010 at 6:27 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: Trying it now. Love the concept—let’s see if it helps. :) *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com] *Sent:* Wednesday, September 15, 2010 12:58 PM *To:* NT System Admin Issues *Subject:* RE: #*$% Security Tools Malware Btw, we update the malware URLs of these rogues right into ClearCloud. Feel free to and the ClearCloud DNS server as a replacement to your existing DNS: http://clearclouddns.com/ It’s still beta, but I think you’ll find it works quite well. And it’s free. Alex *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com] *Sent:* Wednesday, September 15, 2010 12:55 PM *To:* NT System Admin Issues *Subject:* RE: #*$% Security Tools Malware http://vipre.malwarebytes.org/ Free. And the combination really works. *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] *Sent:* Wednesday, September 15, 2010 12:20 PM *To:* NT System Admin Issues *Subject:* #*$% Security Tools Malware The “Security Tools” malware is about to drive me insane. My users keep managing to infect themselves with it, and we’re having trouble stopping it. They don’t run with admin rights, so there’s no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I’m tired of my technicians having to waste time on it. Our antimalware software is Microsoft’s Forefront Client Security, and it’s having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions—but the EXE’s used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS’s definitions. I can think of a couple of options that I know would stop it, like blocking all EXE’s at our web filter or using group policy to limit the running of EXE’s—but this would also prevent users from doing things like installing safe plug-ins from websites, so it’s not a first resort. Suggestions? John Hornbuckle MIS
RE: #*$% Security Tools Malware
Oh, it's in the registry. :) In HKEY_CURRENT_USER under the Run key, naturally, so it starts up automagically upon login. Actually, I believe that if the user who infected the machine has admin rights, it may go under the Run key of HKEY_LOCAL_MACHINE instead, so it impacts ANYONE who logs in. But in our case, all users have limited rights, so the program can't write to that key. Instead, it's limited to the current user. We've found that when the tool is running, it breaks things like regedit and Task Manager in an effort to keep you from killing it and cleaning the machine. What we do is to log in with a different account (one with admin rights, of course), run regedit, load the hive of the infected user, then go into their Run key to look for weirdness. We look at the key that calls the malware so that we know what folder and files to delete, then delete those, then delete the key from the registry. That's all it takes-the next time the user logs in, everything is clean. It's not horribly painful, but it gets old doing it again and again. John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.ushttp://www.taylor.k12.fl.us From: MMF [mailto:mmfree...@ameritech.net] Sent: Wednesday, September 15, 2010 8:39 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware John is absolutely correct. My brother got this a couple of weeks ago and asked me for help.I found it by going into task manager and looking at all the processes. I noticed one with a very long name and noted its location and it was exactly where John said it was found. So we shut it down and rebooted, and it was back again, but with a new name. Went to its location and this time deleted the folder with the 2 executables. Deleted the folder and that solved the problem. At least my brother hasn't called me back, and he rebooted his machine a number of times to make sure that we had cleansed his laptop. One question, has anyone found anything in the registry relating to this? My brother was satisfied that his laptop was clean, so we didn't look into the registry. Murray From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:56 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware From what I've seen in digging into Security Tools, the .exe's aren't stored in the IT temp folder. I'm finding them elsewhere under the user's profile \application data\local settings. Some random folder name... From: Roger Wright [mailto:rhw...@gmail.com] Sent: Wednesday, September 15, 2010 12:30 PM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware An occasional one manages to slip past VIPRE but they're rare. We've also found that they tend to appear after a reboot even when the user is diligent and immediately kills iexplore.exe. We set a GP to automatically delete Temp Internet Files when IE is closed - this eliminates those 123456457.exe downloads that are called from registry entries. Since doing so we've have far fewer infections. Roger Wright ___ When it's GOOD there ain't nothin' like it, and when it's BAD there ain't nothin' like it! On Wed, Sep 15, 2010 at 12:20 PM, John Hornbuckle john.hornbuc...@taylor.k12.fl.usmailto:john.hornbuc...@taylor.k12.fl.us wrote: The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.ushttp://www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public
RE: #*$% Security Tools Malware
I work on that same theory. What happens is that they go to some website that pops up a browser window that's designed to look like the window of an antivirus app. They actually do a pretty good job-it can fool the average user easily. Anyhow, the animation in the window tells them they're infected and to click here to clean the virus, and when they click there it downloads an EXE that plants the malware on their system. We do have a content filter in place that's supposed to block URLs that contain malicious content, but that hasn't seemed to stop this. I don't know what URLs are serving it up to people, and reconstructing that after the fact is a pain. I could do it-find an infected user, get an idea of when they became infected, then check the content filter logs to see what sites they accessed during that period. But I'm sure there are multiple URLs serving it, and keeping up with them all is a game of cat and mouse just like keeping AV definitions up-to-date to catch the latest version of the malware is. John From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Wednesday, September 15, 2010 1:08 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Do you do URL filtering? I work on the theory A/V should be the last line, stop them getting there in the first place. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: 15 September 2010 17:20 To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: #*$% Security Tools Malware
Trying it now. Love the concept-let's see if it helps. :) From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:58 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Btw, we update the malware URLs of these rogues right into ClearCloud. Feel free to and the ClearCloud DNS server as a replacement to your existing DNS: http://clearclouddns.com/ It's still beta, but I think you'll find it works quite well. And it's free. Alex From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:55 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware http://vipre.malwarebytes.org/ Free. And the combination really works. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: #*$% Security Tools Malware
Just to be nasty, some HKEY_C_U malware will put the nasty executable into another user's profile. VIPRE has found some located in the cached DOCsSettings folders of users who were nowhere near the place at the time indicated by the time/date stamp on the malware files. Again, as I've mentioned at least a time or two on this thread, scans don't find downloaders in HKEY_C_U if the user with the corrupted registry is not the person logged in. (Sometimes one needs to start loading NTUSER.DAT files as registry hives and look through all those with local profiles - more fun!) -- Richard D. McClary Systems Administrator, Information Technology Group ASPCA® 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 richardmccl...@aspca.org P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.org The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA ®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote on 09/16/2010 05:22:14 AM: Oh, it?s in the registry. :) In HKEY_CURRENT_USER under the Run key, naturally, so it starts up automagically upon login. Actually, I believe that if the user who infected the machine has admin rights, it may go under the Run key of HKEY_LOCAL_MACHINE instead, so it impacts ANYONE who logs in. But in our case, all users have limited rights, so the program can?t write to that key. Instead, it?s limited to the current user. We?ve found that when the ?tool? is running, it breaks things like regedit and Task Manager in an effort to keep you from killing it and cleaning the machine. What we do is to log in with a different account (one with admin rights, of course), run regedit, load the hive of the infected user, then go into their Run key to look for weirdness. We look at the key that calls the malware so that we know what folder and files to delete, then delete those, then delete the key from the registry. That?s all it takes?the next time the user logs in, everything is clean. It?s not horribly painful, but it gets old doing it again and again. John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us From: MMF [mailto:mmfree...@ameritech.net] Sent: Wednesday, September 15, 2010 8:39 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware John is absolutely correct. My brother got this a couple of weeks ago and asked me for help.I found it by going into task manager and looking at all the processes. I noticed one with a very long name and noted its location and it was exactly where John said it was found. So we shut it down and rebooted, and it was back again, but with a new name. Went to its location and this time deleted the folder with the 2 executables. Deleted the folder and that solved the problem. At least my brother hasn't called me back, and he rebooted his machine a number of times to make sure that we had cleansed his laptop. One question, has anyone found anything in the registry relating to this? My brother was satisfied that his laptop was clean, so we didn't look into the registry. Murray From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:56 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware From what I?ve seen in digging into ?Security Tools,? the .exe?s aren?t stored in the IT temp folder. I?m finding them elsewhere under the user?s profile \application data\local settings. Some random folder name? From: Roger Wright [mailto:rhw...@gmail.com] Sent: Wednesday, September 15, 2010 12:30 PM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware An occasional one manages to slip past VIPRE but they're rare. We've also found that they tend to appear after a reboot even when the user is diligent and immediately kills iexplore.exe. We set a GP to automatically delete Temp Internet Files when IE is closed - this eliminates those 123456457.exe downloads that are called from registry entries. Since doing so we've have far fewer infections. Roger Wright ___ When it's GOOD there ain't nothin' like it, and when it's BAD there ain't nothin' like it! On Wed, Sep 15, 2010 at 12:20 PM, John Hornbuckle john. hornbuc...@taylor.k12.fl.us wrote: The ?Security Tools? malware is about to drive me
Re: #*$% Security Tools Malware
OpenDNS provides similar benefits... *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Sep 16, 2010 at 6:27 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: Trying it now. Love the concept—let’s see if it helps. :) *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com] *Sent:* Wednesday, September 15, 2010 12:58 PM *To:* NT System Admin Issues *Subject:* RE: #*$% Security Tools Malware Btw, we update the malware URLs of these rogues right into ClearCloud. Feel free to and the ClearCloud DNS server as a replacement to your existing DNS: http://clearclouddns.com/ It’s still beta, but I think you’ll find it works quite well. And it’s free. Alex *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com] *Sent:* Wednesday, September 15, 2010 12:55 PM *To:* NT System Admin Issues *Subject:* RE: #*$% Security Tools Malware http://vipre.malwarebytes.org/ Free. And the combination really works. *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] *Sent:* Wednesday, September 15, 2010 12:20 PM *To:* NT System Admin Issues *Subject:* #*$% Security Tools Malware The “Security Tools” malware is about to drive me insane. My users keep managing to infect themselves with it, and we’re having trouble stopping it. They don’t run with admin rights, so there’s no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I’m tired of my technicians having to waste time on it. Our antimalware software is Microsoft’s Forefront Client Security, and it’s having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions—but the EXE’s used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS’s definitions. I can think of a couple of options that I know would stop it, like blocking all EXE’s at our web filter or using group policy to limit the running of EXE’s—but this would also prevent users from doing things like installing safe plug-ins from websites, so it’s not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: #*$% Security Tools Malware
I've been using OpenDNS since the DNS poisoning problem was widely reported...last year? Year before? Not only that, seems to be faster than our ISP's DNS servers. On Thu, Sep 16, 2010 at 8:24 AM, Andrew S. Baker asbz...@gmail.com wrote: OpenDNS provides similar benefits... *ASB *(My XeeSM Profile) http://xeesm.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Sep 16, 2010 at 6:27 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: Trying it now. Love the concept—let’s see if it helps. :) *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com] *Sent:* Wednesday, September 15, 2010 12:58 PM *To:* NT System Admin Issues *Subject:* RE: #*$% Security Tools Malware Btw, we update the malware URLs of these rogues right into ClearCloud. Feel free to and the ClearCloud DNS server as a replacement to your existing DNS: http://clearclouddns.com/ It’s still beta, but I think you’ll find it works quite well. And it’s free. Alex *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com] *Sent:* Wednesday, September 15, 2010 12:55 PM *To:* NT System Admin Issues *Subject:* RE: #*$% Security Tools Malware http://vipre.malwarebytes.org/ Free. And the combination really works. *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] *Sent:* Wednesday, September 15, 2010 12:20 PM *To:* NT System Admin Issues *Subject:* #*$% Security Tools Malware The “Security Tools” malware is about to drive me insane. My users keep managing to infect themselves with it, and we’re having trouble stopping it. They don’t run with admin rights, so there’s no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I’m tired of my technicians having to waste time on it. Our antimalware software is Microsoft’s Forefront Client Security, and it’s having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions—but the EXE’s used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS’s definitions. I can think of a couple of options that I know would stop it, like blocking all EXE’s at our web filter or using group policy to limit the running of EXE’s—but this would also prevent users from doing things like installing safe plug-ins from websites, so it’s not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: #*$% Security Tools Malware
OpenDNS is very fast. Very distributed. *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Sep 16, 2010 at 8:28 AM, Jonathan Link jonathan.l...@gmail.comwrote: I've been using OpenDNS since the DNS poisoning problem was widely reported...last year? Year before? Not only that, seems to be faster than our ISP's DNS servers. On Thu, Sep 16, 2010 at 8:24 AM, Andrew S. Baker asbz...@gmail.comwrote: OpenDNS provides similar benefits... *ASB *(My XeeSM Profile) http://xeesm.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Sep 16, 2010 at 6:27 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: Trying it now. Love the concept—let’s see if it helps. :) *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com] *Sent:* Wednesday, September 15, 2010 12:58 PM *To:* NT System Admin Issues *Subject:* RE: #*$% Security Tools Malware Btw, we update the malware URLs of these rogues right into ClearCloud. Feel free to and the ClearCloud DNS server as a replacement to your existing DNS: http://clearclouddns.com/ It’s still beta, but I think you’ll find it works quite well. And it’s free. Alex *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com] *Sent:* Wednesday, September 15, 2010 12:55 PM *To:* NT System Admin Issues *Subject:* RE: #*$% Security Tools Malware http://vipre.malwarebytes.org/ Free. And the combination really works. *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] *Sent:* Wednesday, September 15, 2010 12:20 PM *To:* NT System Admin Issues *Subject:* #*$% Security Tools Malware The “Security Tools” malware is about to drive me insane. My users keep managing to infect themselves with it, and we’re having trouble stopping it. They don’t run with admin rights, so there’s no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I’m tired of my technicians having to waste time on it. Our antimalware software is Microsoft’s Forefront Client Security, and it’s having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions—but the EXE’s used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS’s definitions. I can think of a couple of options that I know would stop it, like blocking all EXE’s at our web filter or using group policy to limit the running of EXE’s—but this would also prevent users from doing things like installing safe plug-ins from websites, so it’s not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: #*$% Security Tools Malware
Using Open DNS also, but the clear cloud idea does have some merits, I might try this on my PC at home, and see how it works. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Thursday, September 16, 2010 8:29 AM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware I've been using OpenDNS since the DNS poisoning problem was widely reported...last year? Year before? Not only that, seems to be faster than our ISP's DNS servers. On Thu, Sep 16, 2010 at 8:24 AM, Andrew S. Baker asbz...@gmail.com wrote: OpenDNS provides similar benefits... ASB (My XeeSM Profile) http://xeesm.com/AndrewBaker Exploiting Technology for Business Advantage... On Thu, Sep 16, 2010 at 6:27 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: Trying it now. Love the concept-let's see if it helps. :) From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:58 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Btw, we update the malware URLs of these rogues right into ClearCloud. Feel free to and the ClearCloud DNS server as a replacement to your existing DNS: http://clearclouddns.com/ It's still beta, but I think you'll find it works quite well. And it's free. Alex From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:55 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware http://vipre.malwarebytes.org/ Free. And the combination really works. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us http://www.taylor.k12.fl.us/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: #*$% Security Tools Malware
ClearCloudDNS is probably a very good option for home users. It will be less daunting to them than OpenDNS, for sure, and addresses the one thing they really (should) care about. *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Sep 16, 2010 at 8:31 AM, Ziots, Edward ezi...@lifespan.org wrote: Using Open DNS also, but the clear cloud idea does have some merits, I might try this on my PC at home, and see how it works. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org email%3aezi...@lifespan.org Cell:401-639-3505 *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] *Sent:* Thursday, September 16, 2010 8:29 AM *To:* NT System Admin Issues *Subject:* Re: #*$% Security Tools Malware I've been using OpenDNS since the DNS poisoning problem was widely reported...last year? Year before? Not only that, seems to be faster than our ISP's DNS servers. On Thu, Sep 16, 2010 at 8:24 AM, Andrew S. Baker asbz...@gmail.com wrote: OpenDNS provides similar benefits... *ASB *(My XeeSM Profile) http://xeesm.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Sep 16, 2010 at 6:27 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: Trying it now. Love the concept—let’s see if it helps. :) *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com] *Sent:* Wednesday, September 15, 2010 12:58 PM *To:* NT System Admin Issues *Subject:* RE: #*$% Security Tools Malware Btw, we update the malware URLs of these rogues right into ClearCloud. Feel free to and the ClearCloud DNS server as a replacement to your existing DNS: http://clearclouddns.com/ It’s still beta, but I think you’ll find it works quite well. And it’s free. Alex *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com] *Sent:* Wednesday, September 15, 2010 12:55 PM *To:* NT System Admin Issues *Subject:* RE: #*$% Security Tools Malware http://vipre.malwarebytes.org/ Free. And the combination really works. *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] *Sent:* Wednesday, September 15, 2010 12:20 PM *To:* NT System Admin Issues *Subject:* #*$% Security Tools Malware The “Security Tools” malware is about to drive me insane. My users keep managing to infect themselves with it, and we’re having trouble stopping it. They don’t run with admin rights, so there’s no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I’m tired of my technicians having to waste time on it. Our antimalware software is Microsoft’s Forefront Client Security, and it’s having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions—but the EXE’s used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS’s definitions. I can think of a couple of options that I know would stop it, like blocking all EXE’s at our web filter or using group policy to limit the running of EXE’s—but this would also prevent users from doing things like installing safe plug-ins from websites, so it’s not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: #*$% Security Tools Malware
Plus honestly, home users need all the help they can get to avoid the threats that are present on the Big Bad Internet these days, the security standards on those assets are very poor if not non-existent. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, September 16, 2010 8:44 AM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware ClearCloudDNS is probably a very good option for home users. It will be less daunting to them than OpenDNS, for sure, and addresses the one thing they really (should) care about. ASB (My XeeSM Profile) http://XeeSM.com/AndrewBaker Exploiting Technology for Business Advantage... On Thu, Sep 16, 2010 at 8:31 AM, Ziots, Edward ezi...@lifespan.org wrote: Using Open DNS also, but the clear cloud idea does have some merits, I might try this on my PC at home, and see how it works. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org mailto:email%3aezi...@lifespan.org Cell:401-639-3505 From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Thursday, September 16, 2010 8:29 AM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware I've been using OpenDNS since the DNS poisoning problem was widely reported...last year? Year before? Not only that, seems to be faster than our ISP's DNS servers. On Thu, Sep 16, 2010 at 8:24 AM, Andrew S. Baker asbz...@gmail.com wrote: OpenDNS provides similar benefits... ASB (My XeeSM Profile) http://xeesm.com/AndrewBaker Exploiting Technology for Business Advantage... On Thu, Sep 16, 2010 at 6:27 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: Trying it now. Love the concept-let's see if it helps. :) From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:58 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Btw, we update the malware URLs of these rogues right into ClearCloud. Feel free to and the ClearCloud DNS server as a replacement to your existing DNS: http://clearclouddns.com/ It's still beta, but I think you'll find it works quite well. And it's free. Alex From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:55 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware http://vipre.malwarebytes.org/ Free. And the combination really works. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us http://www.taylor.k12.fl.us/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com
Re: #*$% Security Tools Malware
Hey, Alex Have you thought about working with the OpenDNS folks to provide enhanced website security for their service? This would be a benefit to Sunbelt/GFI customers who are already using OpenDNS. *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Wed, Sep 15, 2010 at 1:31 PM, Alex Eckelberry al...@sunbelt-software.com wrote: www.Clearclouddns.com *From:* Jeff Frantz [mailto:jfra...@itstechnologies.com] *Sent:* Wednesday, September 15, 2010 1:11 PM *To:* NT System Admin Issues *Subject:* RE: #*$% Security Tools Malware John, I have not tried it yet but Trend Micro has a free browser add-on which is supposed protect the browser from infiltrations. It may be worth a try on one or two PCs where the users are malware magnets. http://free.antivirus.com/web-protection-add-on/ -Jeff -- *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] *Sent:* Wednesday, September 15, 2010 12:20 PM *To:* NT System Admin Issues *Subject:* #*$% Security Tools Malware The “Security Tools” malware is about to drive me insane. My users keep managing to infect themselves with it, and we’re having trouble stopping it. They don’t run with admin rights, so there’s no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I’m tired of my technicians having to waste time on it. Our antimalware software is Microsoft’s Forefront Client Security, and it’s having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions—but the EXE’s used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS’s definitions. I can think of a couple of options that I know would stop it, like blocking all EXE’s at our web filter or using group policy to limit the running of EXE’s—but this would also prevent users from doing things like installing safe plug-ins from websites, so it’s not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: #*$% Security Tools Malware
I have asked and they said they would put that up. -Original Message- From: Angus Scott-Fleming [mailto:angu...@geoapps.com] Sent: Thursday, September 16, 2010 1:54 AM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware On 15 Sep 2010 at 14:45, Alex Eckelberry wrote: In my discussions with Malwarebytes, they have indicated that they are ok with the use of Malwarebytes in a commercial environment for a one-time use to clean an infected system -- at least as it regards the website vipre.malwarebytes.org. Having that made explicit on the vipre.malwarebytes.org page would be a Good Thing. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: #*$% Security Tools Malware
OpenDNS is a Cadillac Escalade, ClearCloud DNS is a Porsche. Ok, that's the hyperbole. But it's apt. I like OpenDNS. I have used the service, and we are very good friends with the principals over there. But OpenDNS is a very sophisticated system that includes content filtering. ClearCloud is just focused on malware sites. OpenDNS does not block malware sites, instead requiring an additional fee: https://www.opendns.com/start/ Users of both products who have been testing it indicate that they prefer ClearCloud because: - It is very simple - just enter the IP number and go. Unlike OpenDNS, we don't care where you IP originated from (for configuration management), so we don't have to worry about updating dynamic DNS, etc. - It's quite a bit faster. OpenDNS does a lot of incredible things, but these come at a performance cost. OpenDNS is a company setup to make money on DNS. We aren't. For us, the DNS portion of ClearCloud is only one part of the equation. ClearCloud is actually the DNS infrastructure which will provide a major part of our future cloud-services model. So it pops off the work we're already doing. That's not to say we won't try and figure out a way to make some money off of it at some point (maybe by charging business a small fee for it at some point in the future), but it's not our primary focus. But simply: If you're not worried about content filtering (which has its limitations anyway in DNS, since you can only block a domain, not a full URL), then ClearCloud is better. If you want content filtering, use OpenDNS. Alex From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, September 16, 2010 8:24 AM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware OpenDNS provides similar benefits... ASB (My XeeSM Profile)http://XeeSM.com/AndrewBaker Exploiting Technology for Business Advantage... On Thu, Sep 16, 2010 at 6:27 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.usmailto:john.hornbuc...@taylor.k12.fl.us wrote: Trying it now. Love the concept-let's see if it helps. :) From: Alex Eckelberry [mailto:al...@sunbelt-software.commailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:58 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Btw, we update the malware URLs of these rogues right into ClearCloud. Feel free to and the ClearCloud DNS server as a replacement to your existing DNS: http://clearclouddns.com/ It's still beta, but I think you'll find it works quite well. And it's free. Alex From: Alex Eckelberry [mailto:al...@sunbelt-software.commailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:55 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware http://vipre.malwarebytes.org/ Free. And the combination really works. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.usmailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.ushttp://www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: #*$% Security Tools Malware
Yes. We have talked with them. I think they are sourcing their malware lists from some other source. Fwiw, our malware lists are used by a lot of vendors. Bluecoat networks, Cisco Ironport, Nominum are all customers of our ThreatTrack malicious data feeds. Alex From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, September 16, 2010 9:38 AM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware Hey, Alex Have you thought about working with the OpenDNS folks to provide enhanced website security for their service? This would be a benefit to Sunbelt/GFI customers who are already using OpenDNS. ASB (My XeeSM Profile)http://XeeSM.com/AndrewBaker Exploiting Technology for Business Advantage... On Wed, Sep 15, 2010 at 1:31 PM, Alex Eckelberry al...@sunbelt-software.commailto:al...@sunbelt-software.com wrote: www.Clearclouddns.comhttp://www.Clearclouddns.com From: Jeff Frantz [mailto:jfra...@itstechnologies.commailto:jfra...@itstechnologies.com] Sent: Wednesday, September 15, 2010 1:11 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware John, I have not tried it yet but Trend Micro has a free browser add-on which is supposed protect the browser from infiltrations. It may be worth a try on one or two PCs where the users are malware magnets. http://free.antivirus.com/web-protection-add-on/ -Jeff From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.usmailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.ushttp://www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: #*$% Security Tools Malware
OK, I installed Clearcloud DNS on my laptop at home, and it blocked my ability to print to my wireless printers. So, I reversed those DNS settings and I could print again. So, I then setup Clearcloud DNS on my Netgear router and again it blocked printing to my wireless printers. Reversed those DNS settings, and I could print again. What's going on? Murray _ From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Thursday, September 16, 2010 10:24 AM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Yes. We have talked with them. I think they are sourcing their malware lists from some other source. Fwiw, our malware lists are used by a lot of vendors. Bluecoat networks, Cisco Ironport, Nominum are all customers of our ThreatTrack malicious data feeds. Alex From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, September 16, 2010 9:38 AM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware Hey, Alex Have you thought about working with the OpenDNS folks to provide enhanced website security for their service? This would be a benefit to Sunbelt/GFI customers who are already using OpenDNS. ASB http://XeeSM.com/AndrewBaker (My XeeSM Profile) Exploiting Technology for Business Advantage... On Wed, Sep 15, 2010 at 1:31 PM, Alex Eckelberry al...@sunbelt-software.com wrote: www.Clearclouddns.com From: Jeff Frantz [mailto:jfra...@itstechnologies.com] Sent: Wednesday, September 15, 2010 1:11 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware John, I have not tried it yet but Trend Micro has a free browser add-on which is supposed protect the browser from infiltrations. It may be worth a try on one or two PCs where the users are malware magnets. http://free.antivirus.com/web-protection-add-on/ -Jeff _ From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe
Re: #*$% Security Tools Malware
***Fwiw, our malware lists are used by a lot of vendors. * Yep. That's a good business to be in. Hopefully OpenDNS folks will consider your feeds as a source, and we can get the best of both worlds. *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Sep 16, 2010 at 11:24 AM, Alex Eckelberry al...@sunbelt-software.com wrote: Yes. We have talked with them. I think they are sourcing their malware lists from some other source. Fwiw, our malware lists are used by a lot of vendors. Bluecoat networks, Cisco Ironport, Nominum are all customers of our ThreatTrack malicious data feeds. Alex *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Thursday, September 16, 2010 9:38 AM *To:* NT System Admin Issues *Subject:* Re: #*$% Security Tools Malware Hey, Alex Have you thought about working with the OpenDNS folks to provide enhanced website security for their service? This would be a benefit to Sunbelt/GFI customers who are already using OpenDNS. *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Wed, Sep 15, 2010 at 1:31 PM, Alex Eckelberry al...@sunbelt-software.com wrote: www.Clearclouddns.com *From:* Jeff Frantz [mailto:jfra...@itstechnologies.com] *Sent:* Wednesday, September 15, 2010 1:11 PM *To:* NT System Admin Issues *Subject:* RE: #*$% Security Tools Malware John, I have not tried it yet but Trend Micro has a free browser add-on which is supposed protect the browser from infiltrations. It may be worth a try on one or two PCs where the users are malware magnets. http://free.antivirus.com/web-protection-add-on/ -Jeff -- *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] *Sent:* Wednesday, September 15, 2010 12:20 PM *To:* NT System Admin Issues *Subject:* #*$% Security Tools Malware The “Security Tools” malware is about to drive me insane. My users keep managing to infect themselves with it, and we’re having trouble stopping it. They don’t run with admin rights, so there’s no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I’m tired of my technicians having to waste time on it. Our antimalware software is Microsoft’s Forefront Client Security, and it’s having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions—but the EXE’s used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS’s definitions. I can think of a couple of options that I know would stop it, like blocking all EXE’s at our web filter or using group policy to limit the running of EXE’s—but this would also prevent users from doing things like installing safe plug-ins from websites, so it’s not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: #*$% Security Tools Malware
Clearly, your wireless printer is malicious. :) Do you print to your printers by name or IP? *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Sep 16, 2010 at 12:05 PM, MMF mmfree...@ameritech.net wrote: OK, I installed Clearcloud DNS on my laptop at home, and it blocked my ability to print to my wireless printers. So, I reversed those DNS settings and I could print again. So, I then setup Clearcloud DNS on my Netgear router and again it blocked printing to my wireless printers. Reversed those DNS settings, and I could print again. What's going on? Murray -- *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com] *Sent:* Thursday, September 16, 2010 10:24 AM *To:* NT System Admin Issues *Subject:* RE: #*$% Security Tools Malware Yes. We have talked with them. I think they are sourcing their malware lists from some other source. Fwiw, our malware lists are used by a lot of vendors. Bluecoat networks, Cisco Ironport, Nominum are all customers of our ThreatTrack malicious data feeds. Alex *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Thursday, September 16, 2010 9:38 AM *To:* NT System Admin Issues *Subject:* Re: #*$% Security Tools Malware Hey, Alex Have you thought about working with the OpenDNS folks to provide enhanced website security for their service? This would be a benefit to Sunbelt/GFI customers who are already using OpenDNS. *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Wed, Sep 15, 2010 at 1:31 PM, Alex Eckelberry al...@sunbelt-software.com wrote: www.Clearclouddns.com *From:* Jeff Frantz [mailto:jfra...@itstechnologies.com] *Sent:* Wednesday, September 15, 2010 1:11 PM *To:* NT System Admin Issues *Subject:* RE: #*$% Security Tools Malware John, I have not tried it yet but Trend Micro has a free browser add-on which is supposed protect the browser from infiltrations. It may be worth a try on one or two PCs where the users are malware magnets. http://free.antivirus.com/web-protection-add-on/ -Jeff -- *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] *Sent:* Wednesday, September 15, 2010 12:20 PM *To:* NT System Admin Issues *Subject:* #*$% Security Tools Malware The “Security Tools” malware is about to drive me insane. My users keep managing to infect themselves with it, and we’re having trouble stopping it. They don’t run with admin rights, so there’s no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I’m tired of my technicians having to waste time on it. Our antimalware software is Microsoft’s Forefront Client Security, and it’s having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions—but the EXE’s used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS’s definitions. I can think of a couple of options that I know would stop it, like blocking all EXE’s at our web filter or using group policy to limit the running of EXE’s—but this would also prevent users from doing things like installing safe plug-ins from websites, so it’s not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read
Re: #*$% Security Tools Malware
That sounds genuinely odd. What protocol are you using to print to the printers? By what names are they referenced in your configuration? If you do an nslookup against those names, what results do you see when using ClearCloud? Your original settings? On Thu, Sep 16, 2010 at 12:05 PM, MMF mmfree...@ameritech.net wrote: OK, I installed Clearcloud DNS on my laptop at home, and it blocked my ability to print to my wireless printers. So, I reversed those DNS settings and I could print again. So, I then setup Clearcloud DNS on my Netgear router and again it blocked printing to my wireless printers. Reversed those DNS settings, and I could print again. What's going on? Murray -- *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com] *Sent:* Thursday, September 16, 2010 10:24 AM *To:* NT System Admin Issues *Subject:* RE: #*$% Security Tools Malware Yes. We have talked with them. I think they are sourcing their malware lists from some other source. Fwiw, our malware lists are used by a lot of vendors. Bluecoat networks, Cisco Ironport, Nominum are all customers of our ThreatTrack malicious data feeds. Alex *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Thursday, September 16, 2010 9:38 AM *To:* NT System Admin Issues *Subject:* Re: #*$% Security Tools Malware Hey, Alex Have you thought about working with the OpenDNS folks to provide enhanced website security for their service? This would be a benefit to Sunbelt/GFI customers who are already using OpenDNS. *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Wed, Sep 15, 2010 at 1:31 PM, Alex Eckelberry al...@sunbelt-software.com wrote: www.Clearclouddns.com *From:* Jeff Frantz [mailto:jfra...@itstechnologies.com] *Sent:* Wednesday, September 15, 2010 1:11 PM *To:* NT System Admin Issues *Subject:* RE: #*$% Security Tools Malware John, I have not tried it yet but Trend Micro has a free browser add-on which is supposed protect the browser from infiltrations. It may be worth a try on one or two PCs where the users are malware magnets. http://free.antivirus.com/web-protection-add-on/ -Jeff -- *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] *Sent:* Wednesday, September 15, 2010 12:20 PM *To:* NT System Admin Issues *Subject:* #*$% Security Tools Malware The “Security Tools” malware is about to drive me insane. My users keep managing to infect themselves with it, and we’re having trouble stopping it. They don’t run with admin rights, so there’s no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I’m tired of my technicians having to waste time on it. Our antimalware software is Microsoft’s Forefront Client Security, and it’s having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions—but the EXE’s used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS’s definitions. I can think of a couple of options that I know would stop it, like blocking all EXE’s at our web filter or using group policy to limit the running of EXE’s—but this would also prevent users from doing things like installing safe plug-ins from websites, so it’s not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions
Re: #*$% Security Tools Malware
Dollars to donuts they are HP inkjets. :-) But seriously, now that I think about it, I wonder if this is somehow related to bloat in the printer driver. On Thu, Sep 16, 2010 at 12:16 PM, Andrew S. Baker asbz...@gmail.com wrote: Clearly, your wireless printer is malicious. :) Do you print to your printers by name or IP? *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Sep 16, 2010 at 12:05 PM, MMF mmfree...@ameritech.net wrote: OK, I installed Clearcloud DNS on my laptop at home, and it blocked my ability to print to my wireless printers. So, I reversed those DNS settings and I could print again. So, I then setup Clearcloud DNS on my Netgear router and again it blocked printing to my wireless printers. Reversed those DNS settings, and I could print again. What's going on? Murray -- *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com] *Sent:* Thursday, September 16, 2010 10:24 AM *To:* NT System Admin Issues *Subject:* RE: #*$% Security Tools Malware Yes. We have talked with them. I think they are sourcing their malware lists from some other source. Fwiw, our malware lists are used by a lot of vendors. Bluecoat networks, Cisco Ironport, Nominum are all customers of our ThreatTrack malicious data feeds. Alex *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Thursday, September 16, 2010 9:38 AM *To:* NT System Admin Issues *Subject:* Re: #*$% Security Tools Malware Hey, Alex Have you thought about working with the OpenDNS folks to provide enhanced website security for their service? This would be a benefit to Sunbelt/GFI customers who are already using OpenDNS. *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Wed, Sep 15, 2010 at 1:31 PM, Alex Eckelberry al...@sunbelt-software.com wrote: www.Clearclouddns.com *From:* Jeff Frantz [mailto:jfra...@itstechnologies.com] *Sent:* Wednesday, September 15, 2010 1:11 PM *To:* NT System Admin Issues *Subject:* RE: #*$% Security Tools Malware John, I have not tried it yet but Trend Micro has a free browser add-on which is supposed protect the browser from infiltrations. It may be worth a try on one or two PCs where the users are malware magnets. http://free.antivirus.com/web-protection-add-on/ -Jeff -- *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] *Sent:* Wednesday, September 15, 2010 12:20 PM *To:* NT System Admin Issues *Subject:* #*$% Security Tools Malware The “Security Tools” malware is about to drive me insane. My users keep managing to infect themselves with it, and we’re having trouble stopping it. They don’t run with admin rights, so there’s no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I’m tired of my technicians having to waste time on it. Our antimalware software is Microsoft’s Forefront Client Security, and it’s having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions—but the EXE’s used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS’s definitions. I can think of a couple of options that I know would stop it, like blocking all EXE’s at our web filter or using group policy to limit the running of EXE’s—but this would also prevent users from doing things like installing safe plug-ins from websites, so it’s not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body
Re: #*$% Security Tools Malware
OpenDNS also offers FamilyShield: https://www.opendns.com/familyshield https://www.opendns.com/familyshieldNot quite a comprehensive as their standard product, but more security features. Of course, I expect ClearCloud to be better against more malware. OpenDNS does block *some* malware sites, except in the BASIC service. (I'm subscribed to the $9.95/yr plan) Anyway, I've put in a request for them to use external malware feeds and allow purchasing/obtaining the malware function across all subscription levels. *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Sep 16, 2010 at 11:21 AM, Alex Eckelberry al...@sunbelt-software.com wrote: OpenDNS is a Cadillac Escalade, ClearCloud DNS is a Porsche. Ok, that’s the hyperbole. But it’s apt. I like OpenDNS. I have used the service, and we are very good friends with the principals over there. But OpenDNS is a very sophisticated system that includes content filtering. ClearCloud is just focused on malware sites. OpenDNS does not block malware sites, instead requiring an additional fee: https://www.opendns.com/start/ Users of both products who have been testing it indicate that they prefer ClearCloud because: - It is very simple – just enter the IP number and go. Unlike OpenDNS, we don’t care where you IP originated from (for configuration management), so we don’t have to worry about updating dynamic DNS, etc. - It’s quite a bit faster. OpenDNS does a lot of incredible things, but these come at a performance cost. OpenDNS is a company setup to make money on DNS. We aren’t. For us, the DNS portion of ClearCloud is only one part of the equation. ClearCloud is actually the DNS infrastructure which will provide a major part of our future cloud-services model. So it pops off the work we’re already doing. That’s not to say we won’t try and figure out a way to make some money off of it at some point (maybe by charging business a small fee for it at some point in the future), but it’s not our primary focus. But simply: If you’re not worried about content filtering (which has its limitations anyway in DNS, since you can only block a domain, not a full URL), then ClearCloud is better. If you want content filtering, use OpenDNS. Alex *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Thursday, September 16, 2010 8:24 AM *To:* NT System Admin Issues *Subject:* Re: #*$% Security Tools Malware OpenDNS provides similar benefits... *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Sep 16, 2010 at 6:27 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: Trying it now. Love the concept—let’s see if it helps. :) *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com] *Sent:* Wednesday, September 15, 2010 12:58 PM *To:* NT System Admin Issues *Subject:* RE: #*$% Security Tools Malware Btw, we update the malware URLs of these rogues right into ClearCloud. Feel free to and the ClearCloud DNS server as a replacement to your existing DNS: http://clearclouddns.com/ It’s still beta, but I think you’ll find it works quite well. And it’s free. Alex *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com] *Sent:* Wednesday, September 15, 2010 12:55 PM *To:* NT System Admin Issues *Subject:* RE: #*$% Security Tools Malware http://vipre.malwarebytes.org/ Free. And the combination really works. *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] *Sent:* Wednesday, September 15, 2010 12:20 PM *To:* NT System Admin Issues *Subject:* #*$% Security Tools Malware The “Security Tools” malware is about to drive me insane. My users keep managing to infect themselves with it, and we’re having trouble stopping it. They don’t run with admin rights, so there’s no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I’m tired of my technicians having to waste time on it. Our antimalware software is Microsoft’s Forefront Client Security, and it’s having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions—but the EXE’s used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS’s definitions. I can think of a couple of options that I know would stop it, like blocking all EXE’s at our web filter or using group policy to limit the running of EXE’s—but this would also prevent users from doing things like installing safe plug-ins from websites, so it’s not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com
RE: #*$% Security Tools Malware
One is a HP Deskjet 960 and the other is a HP Photosmart D110. Murray _ From: Richard Stovall [mailto:rich...@gmail.com] Sent: Thursday, September 16, 2010 11:21 AM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware Dollars to donuts they are HP inkjets. :-) But seriously, now that I think about it, I wonder if this is somehow related to bloat in the printer driver. On Thu, Sep 16, 2010 at 12:16 PM, Andrew S. Baker asbz...@gmail.com wrote: Clearly, your wireless printer is malicious. :) Do you print to your printers by name or IP? ASB http://XeeSM.com/AndrewBaker (My XeeSM Profile) Exploiting Technology for Business Advantage... On Thu, Sep 16, 2010 at 12:05 PM, MMF mmfree...@ameritech.net wrote: OK, I installed Clearcloud DNS on my laptop at home, and it blocked my ability to print to my wireless printers. So, I reversed those DNS settings and I could print again. So, I then setup Clearcloud DNS on my Netgear router and again it blocked printing to my wireless printers. Reversed those DNS settings, and I could print again. What's going on? Murray _ From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Thursday, September 16, 2010 10:24 AM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Yes. We have talked with them. I think they are sourcing their malware lists from some other source. Fwiw, our malware lists are used by a lot of vendors. Bluecoat networks, Cisco Ironport, Nominum are all customers of our ThreatTrack malicious data feeds. Alex From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, September 16, 2010 9:38 AM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware Hey, Alex Have you thought about working with the OpenDNS folks to provide enhanced website security for their service? This would be a benefit to Sunbelt/GFI customers who are already using OpenDNS. ASB http://XeeSM.com/AndrewBaker (My XeeSM Profile) Exploiting Technology for Business Advantage... On Wed, Sep 15, 2010 at 1:31 PM, Alex Eckelberry al...@sunbelt-software.com wrote: www.Clearclouddns.com From: Jeff Frantz [mailto:jfra...@itstechnologies.com] Sent: Wednesday, September 15, 2010 1:11 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware John, I have not tried it yet but Trend Micro has a free browser add-on which is supposed protect the browser from infiltrations. It may be worth a try on one or two PCs where the users are malware magnets. http://free.antivirus.com/web-protection-add-on/ -Jeff _ From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http
RE: #*$% Security Tools Malware
I believe that it's by IP, but I'll check. Murray _ From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, September 16, 2010 11:17 AM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware Clearly, your wireless printer is malicious. :) Do you print to your printers by name or IP? ASB http://XeeSM.com/AndrewBaker (My XeeSM Profile) Exploiting Technology for Business Advantage... On Thu, Sep 16, 2010 at 12:05 PM, MMF mmfree...@ameritech.net wrote: OK, I installed Clearcloud DNS on my laptop at home, and it blocked my ability to print to my wireless printers. So, I reversed those DNS settings and I could print again. So, I then setup Clearcloud DNS on my Netgear router and again it blocked printing to my wireless printers. Reversed those DNS settings, and I could print again. What's going on? Murray _ From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Thursday, September 16, 2010 10:24 AM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Yes. We have talked with them. I think they are sourcing their malware lists from some other source. Fwiw, our malware lists are used by a lot of vendors. Bluecoat networks, Cisco Ironport, Nominum are all customers of our ThreatTrack malicious data feeds. Alex From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, September 16, 2010 9:38 AM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware Hey, Alex Have you thought about working with the OpenDNS folks to provide enhanced website security for their service? This would be a benefit to Sunbelt/GFI customers who are already using OpenDNS. ASB http://XeeSM.com/AndrewBaker (My XeeSM Profile) Exploiting Technology for Business Advantage... On Wed, Sep 15, 2010 at 1:31 PM, Alex Eckelberry al...@sunbelt-software.com wrote: www.Clearclouddns.com From: Jeff Frantz [mailto:jfra...@itstechnologies.com] Sent: Wednesday, September 15, 2010 1:11 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware John, I have not tried it yet but Trend Micro has a free browser add-on which is supposed protect the browser from infiltrations. It may be worth a try on one or two PCs where the users are malware magnets. http://free.antivirus.com/web-protection-add-on/ -Jeff _ From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE
Re: #*$% Security Tools Malware
But does Open DNS have access to EVERY URLs in the world? On Thu, Sep 16, 2010 at 8:30 AM, Andrew S. Baker asbz...@gmail.com wrote: OpenDNS is very fast. Very distributed. *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Sep 16, 2010 at 8:28 AM, Jonathan Link jonathan.l...@gmail.comwrote: I've been using OpenDNS since the DNS poisoning problem was widely reported...last year? Year before? Not only that, seems to be faster than our ISP's DNS servers. On Thu, Sep 16, 2010 at 8:24 AM, Andrew S. Baker asbz...@gmail.comwrote: OpenDNS provides similar benefits... *ASB *(My XeeSM Profile) http://xeesm.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Sep 16, 2010 at 6:27 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: Trying it now. Love the concept—let’s see if it helps. :) *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com] *Sent:* Wednesday, September 15, 2010 12:58 PM *To:* NT System Admin Issues *Subject:* RE: #*$% Security Tools Malware Btw, we update the malware URLs of these rogues right into ClearCloud. Feel free to and the ClearCloud DNS server as a replacement to your existing DNS: http://clearclouddns.com/ It’s still beta, but I think you’ll find it works quite well. And it’s free. Alex *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com] *Sent:* Wednesday, September 15, 2010 12:55 PM *To:* NT System Admin Issues *Subject:* RE: #*$% Security Tools Malware http://vipre.malwarebytes.org/ Free. And the combination really works. *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] *Sent:* Wednesday, September 15, 2010 12:20 PM *To:* NT System Admin Issues *Subject:* #*$% Security Tools Malware The “Security Tools” malware is about to drive me insane. My users keep managing to infect themselves with it, and we’re having trouble stopping it. They don’t run with admin rights, so there’s no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I’m tired of my technicians having to waste time on it. Our antimalware software is Microsoft’s Forefront Client Security, and it’s having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions—but the EXE’s used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS’s definitions. I can think of a couple of options that I know would stop it, like blocking all EXE’s at our web filter or using group policy to limit the running of EXE’s—but this would also prevent users from doing things like installing safe plug-ins from websites, so it’s not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: #*$% Security Tools Malware
Along these lines, does anyone have experience with or have an opinion on a similar product from dyndns.com http://www.dyndns.com/services/dynguide/ The premium service is only $20 per year, and they seem to use Barracuda for their content and site blocking. Not a lot of detail on their web site. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, September 16, 2010 12:40 PM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware OpenDNS also offers FamilyShield: https://www.opendns.com/familyshield https://www.opendns.com/familyshield https://www.opendns.com/familyshield Not quite a comprehensive as their standard product, but more security features. Of course, I expect ClearCloud to be better against more malware. OpenDNS does block *some* malware sites, except in the BASIC service. (I'm subscribed to the $9.95/yr plan) Anyway, I've put in a request for them to use external malware feeds and allow purchasing/obtaining the malware function across all subscription levels. ASB (My XeeSM Profile) http://XeeSM.com/AndrewBaker Exploiting Technology for Business Advantage... On Thu, Sep 16, 2010 at 11:21 AM, Alex Eckelberry al...@sunbelt-software.com wrote: OpenDNS is a Cadillac Escalade, ClearCloud DNS is a Porsche. Ok, that's the hyperbole. But it's apt. I like OpenDNS. I have used the service, and we are very good friends with the principals over there. But OpenDNS is a very sophisticated system that includes content filtering. ClearCloud is just focused on malware sites. OpenDNS does not block malware sites, instead requiring an additional fee: https://www.opendns.com/start/ Users of both products who have been testing it indicate that they prefer ClearCloud because: - It is very simple - just enter the IP number and go. Unlike OpenDNS, we don't care where you IP originated from (for configuration management), so we don't have to worry about updating dynamic DNS, etc. - It's quite a bit faster. OpenDNS does a lot of incredible things, but these come at a performance cost. OpenDNS is a company setup to make money on DNS. We aren't. For us, the DNS portion of ClearCloud is only one part of the equation. ClearCloud is actually the DNS infrastructure which will provide a major part of our future cloud-services model. So it pops off the work we're already doing. That's not to say we won't try and figure out a way to make some money off of it at some point (maybe by charging business a small fee for it at some point in the future), but it's not our primary focus. But simply: If you're not worried about content filtering (which has its limitations anyway in DNS, since you can only block a domain, not a full URL), then ClearCloud is better. If you want content filtering, use OpenDNS. Alex From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, September 16, 2010 8:24 AM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware OpenDNS provides similar benefits... ASB (My XeeSM Profile) http://XeeSM.com/AndrewBaker Exploiting Technology for Business Advantage... On Thu, Sep 16, 2010 at 6:27 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: Trying it now. Love the concept-let's see if it helps. :) From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:58 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Btw, we update the malware URLs of these rogues right into ClearCloud. Feel free to and the ClearCloud DNS server as a replacement to your existing DNS: http://clearclouddns.com/ It's still beta, but I think you'll find it works quite well. And it's free. Alex From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:55 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware http://vipre.malwarebytes.org/ Free. And the combination really works. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can
Re: #*$% Security Tools Malware
I use DynDNS, but not for that service. Generally, I've been happy with their overall service for over 7 years now. Probably not a bad deal. *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Sep 16, 2010 at 1:23 PM, Ralph Smith m...@gatewayindustries.orgwrote: Along these lines, does anyone have experience with or have an opinion on a similar product from dyndns.com http://www.dyndns.com/services/dynguide/ The premium service is only $20 per year, and they seem to use Barracuda for their content and site blocking. Not a lot of detail on their web site. -- *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Thursday, September 16, 2010 12:40 PM *To:* NT System Admin Issues *Subject:* Re: #*$% Security Tools Malware OpenDNS also offers FamilyShield: https://www.opendns.com/familyshield https://www.opendns.com/familyshieldNot quite a comprehensive as their standard product, but more security features. Of course, I expect ClearCloud to be better against more malware. OpenDNS does block *some* malware sites, except in the BASIC service. (I'm subscribed to the $9.95/yr plan) Anyway, I've put in a request for them to use external malware feeds and allow purchasing/obtaining the malware function across all subscription levels. *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Sep 16, 2010 at 11:21 AM, Alex Eckelberry al...@sunbelt-software.com wrote: OpenDNS is a Cadillac Escalade, ClearCloud DNS is a Porsche. Ok, that’s the hyperbole. But it’s apt. I like OpenDNS. I have used the service, and we are very good friends with the principals over there. But OpenDNS is a very sophisticated system that includes content filtering. ClearCloud is just focused on malware sites. OpenDNS does not block malware sites, instead requiring an additional fee: https://www.opendns.com/start/ Users of both products who have been testing it indicate that they prefer ClearCloud because: - It is very simple – just enter the IP number and go. Unlike OpenDNS, we don’t care where you IP originated from (for configuration management), so we don’t have to worry about updating dynamic DNS, etc. - It’s quite a bit faster. OpenDNS does a lot of incredible things, but these come at a performance cost. OpenDNS is a company setup to make money on DNS. We aren’t. For us, the DNS portion of ClearCloud is only one part of the equation. ClearCloud is actually the DNS infrastructure which will provide a major part of our future cloud-services model. So it pops off the work we’re already doing. That’s not to say we won’t try and figure out a way to make some money off of it at some point (maybe by charging business a small fee for it at some point in the future), but it’s not our primary focus. But simply: If you’re not worried about content filtering (which has its limitations anyway in DNS, since you can only block a domain, not a full URL), then ClearCloud is better. If you want content filtering, use OpenDNS. Alex *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Thursday, September 16, 2010 8:24 AM *To:* NT System Admin Issues *Subject:* Re: #*$% Security Tools Malware OpenDNS provides similar benefits... *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Sep 16, 2010 at 6:27 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: Trying it now. Love the concept—let’s see if it helps. :) *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com] *Sent:* Wednesday, September 15, 2010 12:58 PM *To:* NT System Admin Issues *Subject:* RE: #*$% Security Tools Malware Btw, we update the malware URLs of these rogues right into ClearCloud. Feel free to and the ClearCloud DNS server as a replacement to your existing DNS: http://clearclouddns.com/ It’s still beta, but I think you’ll find it works quite well. And it’s free. Alex *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com] *Sent:* Wednesday, September 15, 2010 12:55 PM *To:* NT System Admin Issues *Subject:* RE: #*$% Security Tools Malware http://vipre.malwarebytes.org/ Free. And the combination really works. *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] *Sent:* Wednesday, September 15, 2010 12:20 PM *To:* NT System Admin Issues *Subject:* #*$% Security Tools Malware The “Security Tools” malware is about to drive me insane. My users keep managing to infect themselves with it, and we’re having trouble stopping it. They don’t run with admin rights, so there’s no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I’m tired
RE: #*$% Security Tools Malware
This is really weird. The printer driver must be using DNS, but that still makes no sense. We'll go and buy this printer and do some testing. What is the model? (just answer me directly off-list). Alex From: MMF [mailto:mmfree...@ameritech.net] Sent: Thursday, September 16, 2010 12:06 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware OK, I installed Clearcloud DNS on my laptop at home, and it blocked my ability to print to my wireless printers. So, I reversed those DNS settings and I could print again. So, I then setup Clearcloud DNS on my Netgear router and again it blocked printing to my wireless printers. Reversed those DNS settings, and I could print again. What's going on? Murray From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Thursday, September 16, 2010 10:24 AM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Yes. We have talked with them. I think they are sourcing their malware lists from some other source. Fwiw, our malware lists are used by a lot of vendors. Bluecoat networks, Cisco Ironport, Nominum are all customers of our ThreatTrack malicious data feeds. Alex From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, September 16, 2010 9:38 AM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware Hey, Alex Have you thought about working with the OpenDNS folks to provide enhanced website security for their service? This would be a benefit to Sunbelt/GFI customers who are already using OpenDNS. ASB (My XeeSM Profile)http://XeeSM.com/AndrewBaker Exploiting Technology for Business Advantage... On Wed, Sep 15, 2010 at 1:31 PM, Alex Eckelberry al...@sunbelt-software.commailto:al...@sunbelt-software.com wrote: www.Clearclouddns.comhttp://www.Clearclouddns.com From: Jeff Frantz [mailto:jfra...@itstechnologies.commailto:jfra...@itstechnologies.com] Sent: Wednesday, September 15, 2010 1:11 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware John, I have not tried it yet but Trend Micro has a free browser add-on which is supposed protect the browser from infiltrations. It may be worth a try on one or two PCs where the users are malware magnets. http://free.antivirus.com/web-protection-add-on/ -Jeff From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.usmailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.ushttp://www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe
RE: #*$% Security Tools Malware
Yep. I also use DynDNS, but only their free service. Really nice to be able to remote into my machine at home, on a random DSL IP address. :-) Thanks, John Aldrich IT Manager, Blueridge Carpet 706-276-2001, Ext. 2233 From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, September 16, 2010 3:42 PM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware I use DynDNS, but not for that service. Generally, I've been happy with their overall service for over 7 years now. Probably not a bad deal. ASB (My XeeSM Profile) Exploiting Technology for Business Advantage... On Thu, Sep 16, 2010 at 1:23 PM, Ralph Smith m...@gatewayindustries.org wrote: Along these lines, does anyone have experience with or have an opinion on a similar product from dyndns.com http://www.dyndns.com/services/dynguide/ The premium service is only $20 per year, and they seem to use Barracuda for their content and site blocking. Not a lot of detail on their web site. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, September 16, 2010 12:40 PM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware OpenDNS also offers FamilyShield: https://www.opendns.com/familyshield Not quite a comprehensive as their standard product, but more security features. Of course, I expect ClearCloud to be better against more malware. OpenDNS does block *some* malware sites, except in the BASIC service. (I'm subscribed to the $9.95/yr plan) Anyway, I've put in a request for them to use external malware feeds and allow purchasing/obtaining the malware function across all subscription levels. ASB (My XeeSM Profile) Exploiting Technology for Business Advantage... On Thu, Sep 16, 2010 at 11:21 AM, Alex Eckelberry al...@sunbelt-software.com wrote: OpenDNS is a Cadillac Escalade, ClearCloud DNS is a Porsche. Ok, thats the hyperbole. But its apt. I like OpenDNS. I have used the service, and we are very good friends with the principals over there. But OpenDNS is a very sophisticated system that includes content filtering. ClearCloud is just focused on malware sites. OpenDNS does not block malware sites, instead requiring an additional fee: https://www.opendns.com/start/ Users of both products who have been testing it indicate that they prefer ClearCloud because: - It is very simple just enter the IP number and go. Unlike OpenDNS, we dont care where you IP originated from (for configuration management), so we dont have to worry about updating dynamic DNS, etc. - Its quite a bit faster. OpenDNS does a lot of incredible things, but these come at a performance cost. OpenDNS is a company setup to make money on DNS. We arent. For us, the DNS portion of ClearCloud is only one part of the equation. ClearCloud is actually the DNS infrastructure which will provide a major part of our future cloud-services model. So it pops off the work were already doing. Thats not to say we wont try and figure out a way to make some money off of it at some point (maybe by charging business a small fee for it at some point in the future), but its not our primary focus. But simply: If youre not worried about content filtering (which has its limitations anyway in DNS, since you can only block a domain, not a full URL), then ClearCloud is better. If you want content filtering, use OpenDNS. Alex From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, September 16, 2010 8:24 AM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware OpenDNS provides similar benefits... ASB (My XeeSM Profile) Exploiting Technology for Business Advantage... On Thu, Sep 16, 2010 at 6:27 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: Trying it now. Love the conceptlets see if it helps. :) From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:58 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Btw, we update the malware URLs of these rogues right into ClearCloud. Feel free to and the ClearCloud DNS server as a replacement to your existing DNS: http://clearclouddns.com/ Its still beta, but I think youll find it works quite well. And its free. Alex From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:55 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware http://vipre.malwarebytes.org/ Free. And the combination really works. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and were having trouble stopping it. They dont run with admin rights, so theres no real damage done
RE: #*$% Security Tools Malware
You could always switch to Vipre Enterprise. J That's what we're using here and it seems to catch it. So far, I don't think it's missed a single attempt since upgrading to Vipre Enterprise 4. (knocking on / touching wood!) John-AldrichPerception_2 From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadminimage001.jpgimage002.jpg
Re: #*$% Security Tools Malware
An occasional one manages to slip past VIPRE but they're rare. We've also found that they tend to appear after a reboot even when the user is diligent and immediately kills iexplore.exe. We set a GP to automatically delete Temp Internet Files when IE is closed - this eliminates those 123456457.exe downloads that are called from registry entries. Since doing so we've have far fewer infections. Roger Wright ___ When it's GOOD there ain't nothin' like it, and when it's BAD there ain't nothin' like it! On Wed, Sep 15, 2010 at 12:20 PM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: The “Security Tools” malware is about to drive me insane. My users keep managing to infect themselves with it, and we’re having trouble stopping it. They don’t run with admin rights, so there’s no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I’m tired of my technicians having to waste time on it. Our antimalware software is Microsoft’s Forefront Client Security, and it’s having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions—but the EXE’s used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS’s definitions. I can think of a couple of options that I know would stop it, like blocking all EXE’s at our web filter or using group policy to limit the running of EXE’s—but this would also prevent users from doing things like installing safe plug-ins from websites, so it’s not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: #*$% Security Tools Malware
I run FCS at quite a number of my clients. It works well. It and Vipre are my top two these days. However - we block EXE downloads. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Wednesday, September 15, 2010 12:28 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware You could always switch to Vipre Enterprise. :) That's what we're using here and it seems to catch it. So far, I don't think it's missed a single attempt since upgrading to Vipre Enterprise 4. (knocking on / touching wood!) [John-Aldrich][Perception_2] From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpginline: image002.jpg
Re: #*$% Security Tools Malware
Touching Wood? Really?!?! On Wed, Sep 15, 2010 at 9:27 AM, John Aldrich jaldr...@blueridgecarpet.comwrote: You could always switch to Vipre Enterprise. J That’s what we’re using here and it seems to catch it. So far, I don’t think it’s missed a single attempt since upgrading to Vipre Enterprise 4. (knocking on / touching wood!) [image: John-Aldrich][image: Perception_2] *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] *Sent:* Wednesday, September 15, 2010 12:20 PM *To:* NT System Admin Issues *Subject:* #*$% Security Tools Malware The “Security Tools” malware is about to drive me insane. My users keep managing to infect themselves with it, and we’re having trouble stopping it. They don’t run with admin rights, so there’s no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I’m tired of my technicians having to waste time on it. Our antimalware software is Microsoft’s Forefront Client Security, and it’s having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions—but the EXE’s used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS’s definitions. I can think of a couple of options that I know would stop it, like blocking all EXE’s at our web filter or using group policy to limit the running of EXE’s—but this would also prevent users from doing things like installing safe plug-ins from websites, so it’s not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadminimage002.jpgimage001.jpg
Re: #*$% Security Tools Malware
There's always the chance you are missing some things... 1. I know of no AV product which scans an NTUSER.DAT file. If the user associated with this file is logged in, then it is scanned as a part of the active registry. If the associated user is logged off, then scans do not find the ugly things hidden in HK_Current_User\Software hives. (Perhaps this painful, irritating nature is why they are called hives!) I've found all kinds of crud either as major hives, or I've found things in .\Microsoft\Windows\CurrentVersion\Run (which, again, show only when that user is logged in). 2. I found a really nasty one a couple of months ago that VIPRE missed. (It now finds this, BTW.) Look in the \Windows, the \Windows\System, and the \Windows\System32 folders for recent files, especially DLL, COM, or EXE files with weird names (randon string of letters). Both #1 and #2 (as well as numerous others) will stay kind-of hidden but continue to download crud. The AV scans find what the malware downloads, but they miss the downloaders. -- Richard D. McClary Systems Administrator, Information Technology Group ASPCA® 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 richardmccl...@aspca.org P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.org The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA ®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote on 09/15/2010 11:20:06 AM: The ?Security Tools? malware is about to drive me insane. My users keep managing to infect themselves with it, and we?re having trouble stopping it. They don?t run with admin rights, so there?s no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I?m tired of my technicians having to waste time on it. Our antimalware software is Microsoft?s Forefront Client Security, and it?s having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions?but the EXE?s used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS?s definitions. I can think of a couple of options that I know would stop it, like blocking all EXE?s at our web filter or using group policy to limit the running of EXE?s?but this would also prevent users from doing things like installing safe plug-ins from websites, so it?s not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software. com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: #*$% Security Tools Malware
This brand, for lack of a better word seems to be the most pernicious stuff I've seen. On Wed, Sep 15, 2010 at 12:20 PM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: The “Security Tools” malware is about to drive me insane. My users keep managing to infect themselves with it, and we’re having trouble stopping it. They don’t run with admin rights, so there’s no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I’m tired of my technicians having to waste time on it. Our antimalware software is Microsoft’s Forefront Client Security, and it’s having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions—but the EXE’s used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS’s definitions. I can think of a couple of options that I know would stop it, like blocking all EXE’s at our web filter or using group policy to limit the running of EXE’s—but this would also prevent users from doing things like installing safe plug-ins from websites, so it’s not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: #*$% Security Tools Malware
http://vipre.malwarebytes.org/ Free. And the combination really works. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: #*$% Security Tools Malware
Btw, we update the malware URLs of these rogues right into ClearCloud. Feel free to and the ClearCloud DNS server as a replacement to your existing DNS: http://clearclouddns.com/ It's still beta, but I think you'll find it works quite well. And it's free. Alex From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:55 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware http://vipre.malwarebytes.org/ Free. And the combination really works. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: #*$% Security Tools Malware
+1 That is exactly the combination I was using (sucessfully I might add) even before the 'merger'. On Wed, Sep 15, 2010 at 11:55 AM, Alex Eckelberry al...@sunbelt-software.com wrote: http://vipre.malwarebytes.org/ Free. And the combination really works. *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] *Sent:* Wednesday, September 15, 2010 12:20 PM *To:* NT System Admin Issues *Subject:* #*$% Security Tools Malware The “Security Tools” malware is about to drive me insane. My users keep managing to infect themselves with it, and we’re having trouble stopping it. They don’t run with admin rights, so there’s no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I’m tired of my technicians having to waste time on it. Our antimalware software is Microsoft’s Forefront Client Security, and it’s having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions—but the EXE’s used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS’s definitions. I can think of a couple of options that I know would stop it, like blocking all EXE’s at our web filter or using group policy to limit the running of EXE’s—but this would also prevent users from doing things like installing safe plug-ins from websites, so it’s not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Organization and good planning are just crutches for people that can't handle stress and caffeine. - unknown ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: #*$% Security Tools Malware
Do you do URL filtering? I work on the theory A/V should be the last line, stop them getting there in the first place. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: 15 September 2010 17:20 To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: #*$% Security Tools Malware
Vipre seems to be the best antivirus thats is also keeping up well with malware. The other major players are seriously paling in comparison. Otherwise, if you are already vested in an antivirus product; suppliment your systems with dedicated malware protection from something like Malwarebytes. -- ME2 On Wed, Sep 15, 2010 at 9:20 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: The “Security Tools” malware is about to drive me insane. My users keep managing to infect themselves with it, and we’re having trouble stopping it. They don’t run with admin rights, so there’s no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I’m tired of my technicians having to waste time on it. Our antimalware software is Microsoft’s Forefront Client Security, and it’s having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions—but the EXE’s used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS’s definitions. I can think of a couple of options that I know would stop it, like blocking all EXE’s at our web filter or using group policy to limit the running of EXE’s—but this would also prevent users from doing things like installing safe plug-ins from websites, so it’s not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: #*$% Security Tools Malware
Well, sometimes it does, sometimes it does not... A short time ago I gave a couple of problems. That is, the _real_ malware is hidden. Scans find the secondary downloaded malware but not the real culprit. It wasn't until I went looking for new files in the Windows directories that we finally stopped that. Again, I do not believe this combination will find bad registry entries for an NTUSER.DAT file which is not a part of the active registry. What gets found when the scans (VIPRE + MBytes) are run when the afflicted user is still logged on and what is found the next day when another person is logged in differ. -- Richard D. McClary Systems Administrator, Information Technology Group ASPCA® 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 richardmccl...@aspca.org P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.org The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA ®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. Alex Eckelberry al...@sunbelt-software.com wrote on 09/15/2010 11:55:28 AM: http://vipre.malwarebytes.org/ Free. And the combination really works. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The ?Security Tools? malware is about to drive me insane. My users keep managing to infect themselves with it, and we?re having trouble stopping it. They don?t run with admin rights, so there?s no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I?m tired of my technicians having to waste time on it. Our antimalware software is Microsoft?s Forefront Client Security, and it?s having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions?but the EXE?s used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS?s definitions. I can think of a couple of options that I know would stop it, like blocking all EXE?s at our web filter or using group policy to limit the running of EXE?s?but this would also prevent users from doing things like installing safe plug-ins from websites, so it?s not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software. com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software. com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: #*$% Security Tools Malware
John, I have not tried it yet but Trend Micro has a free browser add-on which is supposed protect the browser from infiltrations. It may be worth a try on one or two PCs where the users are malware magnets. http://free.antivirus.com/web-protection-add-on/ -Jeff From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: #*$% Security Tools Malware
Fine, except some well known and trusted sites get compromised on occasion. This is one route by which malicious PDF files hit folks via drive by infections. -- richard Paul Hutchings paul.hutchi...@mira.co.uk wrote on 09/15/2010 12:07:40 PM: Do you do URL filtering? I work on the theory A/V should be the last line, stop them getting there in the first place. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: 15 September 2010 17:20 To: NT System Admin Issues Subject: #*$% Security Tools Malware The ?Security Tools? malware is about to drive me insane. My users keep managing to infect themselves with it, and we?re having trouble stopping it. They don?t run with admin rights, so there?s no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I?m tired of my technicians having to waste time on it. Our antimalware software is Microsoft?s Forefront Client Security, and it?s having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions?but the EXE?s used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS?s definitions. I can think of a couple of options that I know would stop it, like blocking all EXE?s at our web filter or using group policy to limit the running of EXE?s?but this would also prevent users from doing things like installing safe plug-ins from websites, so it?s not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software. com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software. com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: #*$% Security Tools Malware
www.Clearclouddns.com From: Jeff Frantz [mailto:jfra...@itstechnologies.com] Sent: Wednesday, September 15, 2010 1:11 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware John, I have not tried it yet but Trend Micro has a free browser add-on which is supposed protect the browser from infiltrations. It may be worth a try on one or two PCs where the users are malware magnets. http://free.antivirus.com/web-protection-add-on/ -Jeff From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: #*$% Security Tools Malware
Any plans to include content filtering in ClearCloud? Roger Wright ___ When it's GOOD there ain't nothin' like it, and when it's BAD there ain't nothin' like it! On Wed, Sep 15, 2010 at 1:31 PM, Alex Eckelberry al...@sunbelt-software.com wrote: www.Clearclouddns.com *From:* Jeff Frantz [mailto:jfra...@itstechnologies.com] *Sent:* Wednesday, September 15, 2010 1:11 PM *To:* NT System Admin Issues *Subject:* RE: #*$% Security Tools Malware John, I have not tried it yet but Trend Micro has a free browser add-on which is supposed protect the browser from infiltrations. It may be worth a try on one or two PCs where the users are malware magnets. http://free.antivirus.com/web-protection-add-on/ -Jeff -- *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] *Sent:* Wednesday, September 15, 2010 12:20 PM *To:* NT System Admin Issues *Subject:* #*$% Security Tools Malware The “Security Tools” malware is about to drive me insane. My users keep managing to infect themselves with it, and we’re having trouble stopping it. They don’t run with admin rights, so there’s no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I’m tired of my technicians having to waste time on it. Our antimalware software is Microsoft’s Forefront Client Security, and it’s having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions—but the EXE’s used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS’s definitions. I can think of a couple of options that I know would stop it, like blocking all EXE’s at our web filter or using group policy to limit the running of EXE’s—but this would also prevent users from doing things like installing safe plug-ins from websites, so it’s not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: #*$% Security Tools Malware
Not right now... it's focused just on malware sites. From: Roger Wright [mailto:rhw...@gmail.com] Sent: Wednesday, September 15, 2010 1:35 PM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware Any plans to include content filtering in ClearCloud? Roger Wright ___ When it's GOOD there ain't nothin' like it, and when it's BAD there ain't nothin' like it! On Wed, Sep 15, 2010 at 1:31 PM, Alex Eckelberry al...@sunbelt-software.commailto:al...@sunbelt-software.com wrote: www.Clearclouddns.comhttp://www.Clearclouddns.com From: Jeff Frantz [mailto:jfra...@itstechnologies.commailto:jfra...@itstechnologies.com] Sent: Wednesday, September 15, 2010 1:11 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware John, I have not tried it yet but Trend Micro has a free browser add-on which is supposed protect the browser from infiltrations. It may be worth a try on one or two PCs where the users are malware magnets. http://free.antivirus.com/web-protection-add-on/ -Jeff From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.usmailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.ushttp://www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: #*$% Security Tools Malware
So far, Vipre has found these downloaders using the Active Protection, not as part of the nightly scan. That's no guarantee that it will continue to find them, but I'm hopeful that it will. J John-AldrichPerception_2 From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Wednesday, September 15, 2010 12:39 PM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware There's always the chance you are missing some things... 1. I know of no AV product which scans an NTUSER.DAT file. If the user associated with this file is logged in, then it is scanned as a part of the active registry. If the associated user is logged off, then scans do not find the ugly things hidden in HK_Current_User\Software hives. (Perhaps this painful, irritating nature is why they are called hives!) I've found all kinds of crud either as major hives, or I've found things in .\Microsoft\Windows\CurrentVersion\Run (which, again, show only when that user is logged in). 2. I found a really nasty one a couple of months ago that VIPRE missed. (It now finds this, BTW.) Look in the \Windows, the \Windows\System, and the \Windows\System32 folders for recent files, especially DLL, COM, or EXE files with weird names (randon string of letters). Both #1 and #2 (as well as numerous others) will stay kind-of hidden but continue to download crud. The AV scans find what the malware downloads, but they miss the downloaders. -- Richard D. McClary Systems Administrator, Information Technology Group ASPCAR 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 richardmccl...@aspca.org P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 http://www.aspca.org/ www.aspca.org The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to AnimalsR (ASPCAR) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote on 09/15/2010 11:20:06 AM: The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software. com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadminimage001.jpgimage002.jpg
RE: #*$% Security Tools Malware
Cool Can I add that as an alternative to my ISP's DNS in my Active Directory, or should I just push that out through DHCP? From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:58 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Btw, we update the malware URLs of these rogues right into ClearCloud. Feel free to and the ClearCloud DNS server as a replacement to your existing DNS: http://clearclouddns.com/ Its still beta, but I think youll find it works quite well. And its free. Alex From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:55 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware http://vipre.malwarebytes.org/ Free. And the combination really works. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and were having trouble stopping it. They dont run with admin rights, so theres no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and Im tired of my technicians having to waste time on it. Our antimalware software is Microsofts Forefront Client Security, and its having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitionsbut the EXEs used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCSs definitions. I can think of a couple of options that I know would stop it, like blocking all EXEs at our web filter or using group policy to limit the running of EXEsbut this would also prevent users from doing things like installing safe plug-ins from websites, so its not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: #*$% Security Tools Malware
Woah don't do that. You want your AD DNS so that clients point to your domain controllers/AD DNS servers and your DNS servers either use Sunbelt as forwarders, or root hints. Alex, ignoring the IP addresses are those boxes on anycast or something? -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: 15 September 2010 18:49 To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Cool... Can I add that as an alternative to my ISP's DNS in my Active Directory, or should I just push that out through DHCP? From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:58 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Btw, we update the malware URLs of these rogues right into ClearCloud. Feel free to and the ClearCloud DNS server as a replacement to your existing DNS: http://clearclouddns.com/ It's still beta, but I think you'll find it works quite well. And it's free. Alex From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:55 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware http://vipre.malwarebytes.org/ Free. And the combination really works. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: #*$% Security Tools Malware
If you have a Windows AD domain, your DHCP scopes should point your clients to your INTERNAL DNS servers. Use your ISP's or ClearCloud as forwarders. On Wed, Sep 15, 2010 at 1:48 PM, John Aldrich jaldr...@blueridgecarpet.comwrote: Cool… Can I add that as an alternative to my ISP's DNS in my Active Directory, or should I just push that out through DHCP? From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:58 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Btw, we update the malware URLs of these rogues right into ClearCloud. Feel free to and the ClearCloud DNS server as a replacement to your existing DNS: http://clearclouddns.com/ It’s still beta, but I think you’ll find it works quite well. And it’s free. Alex From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:55 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware http://vipre.malwarebytes.org/ Free. And the combination really works. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The “Security Tools” malware is about to drive me insane. My users keep managing to infect themselves with it, and we’re having trouble stopping it. They don’t run with admin rights, so there’s no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I’m tired of my technicians having to waste time on it. Our antimalware software is Microsoft’s Forefront Client Security, and it’s having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions—but the EXE’s used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS’s definitions. I can think of a couple of options that I know would stop it, like blocking all EXE’s at our web filter or using group policy to limit the running of EXE’s—but this would also prevent users from doing things like installing safe plug-ins from websites, so it’s not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: #*$% Security Tools Malware
From what I've seen in digging into Security Tools, the .exe's aren't stored in the IT temp folder. I'm finding them elsewhere under the user's profile \application data\local settings. Some random folder name... From: Roger Wright [mailto:rhw...@gmail.com] Sent: Wednesday, September 15, 2010 12:30 PM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware An occasional one manages to slip past VIPRE but they're rare. We've also found that they tend to appear after a reboot even when the user is diligent and immediately kills iexplore.exe. We set a GP to automatically delete Temp Internet Files when IE is closed - this eliminates those 123456457.exe downloads that are called from registry entries. Since doing so we've have far fewer infections. Roger Wright ___ When it's GOOD there ain't nothin' like it, and when it's BAD there ain't nothin' like it! On Wed, Sep 15, 2010 at 12:20 PM, John Hornbuckle john.hornbuc...@taylor.k12.fl.usmailto:john.hornbuc...@taylor.k12.fl.us wrote: The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.ushttp://www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: #*$% Security Tools Malware
So I would replace the ISP's DNS servers in my DCs with ClearCloud's DNS servers, and continue to let the client machines contact the DCs for DNS, right? -Original Message- From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Wednesday, September 15, 2010 1:52 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Woah don't do that. You want your AD DNS so that clients point to your domain controllers/AD DNS servers and your DNS servers either use Sunbelt as forwarders, or root hints. Alex, ignoring the IP addresses are those boxes on anycast or something? -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: 15 September 2010 18:49 To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Cool... Can I add that as an alternative to my ISP's DNS in my Active Directory, or should I just push that out through DHCP? From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:58 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Btw, we update the malware URLs of these rogues right into ClearCloud. Feel free to and the ClearCloud DNS server as a replacement to your existing DNS: http://clearclouddns.com/ It's still beta, but I think you'll find it works quite well. And it's free. Alex From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:55 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware http://vipre.malwarebytes.org/ Free. And the combination really works. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http
RE: #*$% Security Tools Malware
They are on anycast nodes -Original Message- From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Wednesday, September 15, 2010 1:52 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Woah don't do that. You want your AD DNS so that clients point to your domain controllers/AD DNS servers and your DNS servers either use Sunbelt as forwarders, or root hints. Alex, ignoring the IP addresses are those boxes on anycast or something? -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: 15 September 2010 18:49 To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Cool... Can I add that as an alternative to my ISP's DNS in my Active Directory, or should I just push that out through DHCP? From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:58 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Btw, we update the malware URLs of these rogues right into ClearCloud. Feel free to and the ClearCloud DNS server as a replacement to your existing DNS: http://clearclouddns.com/ It's still beta, but I think you'll find it works quite well. And it's free. Alex From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:55 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware http://vipre.malwarebytes.org/ Free. And the combination really works. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com
RE: #*$% Security Tools Malware
Correct From: Richard Stovall [mailto:rich...@gmail.com] Sent: Wednesday, September 15, 2010 1:53 PM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware If you have a Windows AD domain, your DHCP scopes should point your clients to your INTERNAL DNS servers. Use your ISP's or ClearCloud as forwarders. On Wed, Sep 15, 2010 at 1:48 PM, John Aldrich jaldr...@blueridgecarpet.commailto:jaldr...@blueridgecarpet.com wrote: Cool... Can I add that as an alternative to my ISP's DNS in my Active Directory, or should I just push that out through DHCP? From: Alex Eckelberry [mailto:al...@sunbelt-software.commailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:58 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Btw, we update the malware URLs of these rogues right into ClearCloud. Feel free to and the ClearCloud DNS server as a replacement to your existing DNS: http://clearclouddns.com/ It's still beta, but I think you'll find it works quite well. And it's free. Alex From: Alex Eckelberry [mailto:al...@sunbelt-software.commailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:55 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware http://vipre.malwarebytes.org/ Free. And the combination really works. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.usmailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.ushttp://www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body
RE: #*$% Security Tools Malware
Pretty much. Your internal clients should always point to your DC's (if they don't things will stop working and you'll have a very bad day), your DC's then would have the ClearCloud DNS servers set as their forwarders. Looks an interesting and very useful service if the intention is pure DNS other than blocking malware sites and no advertising every time you mistype a URL etc. -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: 15 September 2010 18:59 To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware So I would replace the ISP's DNS servers in my DCs with ClearCloud's DNS servers, and continue to let the client machines contact the DCs for DNS, right? -Original Message- From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Wednesday, September 15, 2010 1:52 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Woah don't do that. You want your AD DNS so that clients point to your domain controllers/AD DNS servers and your DNS servers either use Sunbelt as forwarders, or root hints. Alex, ignoring the IP addresses are those boxes on anycast or something? -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: 15 September 2010 18:49 To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Cool... Can I add that as an alternative to my ISP's DNS in my Active Directory, or should I just push that out through DHCP? From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:58 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Btw, we update the malware URLs of these rogues right into ClearCloud. Feel free to and the ClearCloud DNS server as a replacement to your existing DNS: http://clearclouddns.com/ It's still beta, but I think you'll find it works quite well. And it's free. Alex From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:55 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware http://vipre.malwarebytes.org/ Free. And the combination really works. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU
RE: #*$% Security Tools Malware
Thanks. I added ClearCloud as the first and second forwarders on one of my DCs. I then proceeded to test it out and voila! It worked. :-) I'm going to have to go add that to the second DC. :-) -Original Message- From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Wednesday, September 15, 2010 2:03 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Pretty much. Your internal clients should always point to your DC's (if they don't things will stop working and you'll have a very bad day), your DC's then would have the ClearCloud DNS servers set as their forwarders. Looks an interesting and very useful service if the intention is pure DNS other than blocking malware sites and no advertising every time you mistype a URL etc. -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: 15 September 2010 18:59 To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware So I would replace the ISP's DNS servers in my DCs with ClearCloud's DNS servers, and continue to let the client machines contact the DCs for DNS, right? -Original Message- From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Wednesday, September 15, 2010 1:52 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Woah don't do that. You want your AD DNS so that clients point to your domain controllers/AD DNS servers and your DNS servers either use Sunbelt as forwarders, or root hints. Alex, ignoring the IP addresses are those boxes on anycast or something? -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: 15 September 2010 18:49 To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Cool... Can I add that as an alternative to my ISP's DNS in my Active Directory, or should I just push that out through DHCP? From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:58 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Btw, we update the malware URLs of these rogues right into ClearCloud. Feel free to and the ClearCloud DNS server as a replacement to your existing DNS: http://clearclouddns.com/ It's still beta, but I think you'll find it works quite well. And it's free. Alex From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:55 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware http://vipre.malwarebytes.org/ Free. And the combination really works. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe
Re: #*$% Security Tools Malware
On 15 Sep 2010 at 13:11, Jeff Frantz wrote: I have not tried it yet but Trend Micro has a free browser add-on which is supposed protect the browser from infiltrations. It may be worth a try on one or two PCs where the users are malware magnets. http://free.antivirus.com/web-protection-add-on/ -Jeff Dell also has a KACE browser that's supposed to protect your ID-ten-T users. Secure Browser - Dell KACE http://www.kace.com/products/freetools/secure-browser/ -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-895-3270 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: #*$% Security Tools Malware
On 15 Sep 2010 at 12:55, Alex Eckelberry wrote: http://vipre.malwarebytes.org/ Free. And the combination really works. Just remember, only the VIPRE part of that page is free. On that page, quite prominently, is this: (Malwarebytes' Anti-Malware is free for non-commercial use)! -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: #*$% Security Tools Malware
Huh? You add it to DNS servers, not DCs. Not all DCs are DNS Servers and vice versa. Also, you can add it from the same DNS snap-in. IIRC, it should see all DNS servers in your org. Definitely do not add it to the DNS server settings on the NIC of any of your DC's, you'll begin having troubles. On Wed, Sep 15, 2010 at 2:06 PM, John Aldrich jaldr...@blueridgecarpet.comwrote: Thanks. I added ClearCloud as the first and second forwarders on one of my DCs. I then proceeded to test it out and voila! It worked. :-) I'm going to have to go add that to the second DC. :-) -Original Message- From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Wednesday, September 15, 2010 2:03 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Pretty much. Your internal clients should always point to your DC's (if they don't things will stop working and you'll have a very bad day), your DC's then would have the ClearCloud DNS servers set as their forwarders. Looks an interesting and very useful service if the intention is pure DNS other than blocking malware sites and no advertising every time you mistype a URL etc. -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: 15 September 2010 18:59 To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware So I would replace the ISP's DNS servers in my DCs with ClearCloud's DNS servers, and continue to let the client machines contact the DCs for DNS, right? -Original Message- From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Wednesday, September 15, 2010 1:52 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Woah don't do that. You want your AD DNS so that clients point to your domain controllers/AD DNS servers and your DNS servers either use Sunbelt as forwarders, or root hints. Alex, ignoring the IP addresses are those boxes on anycast or something? -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: 15 September 2010 18:49 To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Cool... Can I add that as an alternative to my ISP's DNS in my Active Directory, or should I just push that out through DHCP? From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:58 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Btw, we update the malware URLs of these rogues right into ClearCloud. Feel free to and the ClearCloud DNS server as a replacement to your existing DNS: http://clearclouddns.com/ It's still beta, but I think you'll find it works quite well. And it's free. Alex From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:55 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware http://vipre.malwarebytes.org/ Free. And the combination really works. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage
RE: #*$% Security Tools Malware
In this case, our DCs *are* the DNS servers... but good point. Thanks for bringing that up. There may be other folks who's situation is different from mine. Thanks, John Aldrich IT Manager, Blueridge Carpet 706-276-2001, Ext. 2233 From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Wednesday, September 15, 2010 2:14 PM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware Huh? You add it to DNS servers, not DCs. Not all DCs are DNS Servers and vice versa. Also, you can add it from the same DNS snap-in. IIRC, it should see all DNS servers in your org. Definitely do not add it to the DNS server settings on the NIC of any of your DC's, you'll begin having troubles. On Wed, Sep 15, 2010 at 2:06 PM, John Aldrich jaldr...@blueridgecarpet.com wrote: Thanks. I added ClearCloud as the first and second forwarders on one of my DCs. I then proceeded to test it out and voila! It worked. :-) I'm going to have to go add that to the second DC. :-) -Original Message- From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Wednesday, September 15, 2010 2:03 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Pretty much. Your internal clients should always point to your DC's (if they don't things will stop working and you'll have a very bad day), your DC's then would have the ClearCloud DNS servers set as their forwarders. Looks an interesting and very useful service if the intention is pure DNS other than blocking malware sites and no advertising every time you mistype a URL etc. -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: 15 September 2010 18:59 To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware So I would replace the ISP's DNS servers in my DCs with ClearCloud's DNS servers, and continue to let the client machines contact the DCs for DNS, right? -Original Message- From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Wednesday, September 15, 2010 1:52 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Woah don't do that. You want your AD DNS so that clients point to your domain controllers/AD DNS servers and your DNS servers either use Sunbelt as forwarders, or root hints. Alex, ignoring the IP addresses are those boxes on anycast or something? -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: 15 September 2010 18:49 To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Cool... Can I add that as an alternative to my ISP's DNS in my Active Directory, or should I just push that out through DHCP? From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:58 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware Btw, we update the malware URLs of these rogues right into ClearCloud. Feel free to and the ClearCloud DNS server as a replacement to your existing DNS: http://clearclouddns.com/ It's still beta, but I think you'll find it works quite well. And it's free. Alex From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 12:55 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware http://vipre.malwarebytes.org/ Free. And the combination really works. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*$% Security Tools Malware The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from
RE: #*$% Security Tools Malware
In my discussions with Malwarebytes, they have indicated that they are ok with the use of Malwarebytes in a commercial environment for a one-time use to clean an infected system -- at least as it regards the website vipre.malwarebytes.org. However, you're correct, the Malwarebytes business model is to have a free version and charge for corporate/business customers. It should ultimately be purchased. Alex -Original Message- From: Angus Scott-Fleming [mailto:angu...@geoapps.com] Sent: Wednesday, September 15, 2010 2:10 PM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware On 15 Sep 2010 at 12:55, Alex Eckelberry wrote: http://vipre.malwarebytes.org/ Free. And the combination really works. Just remember, only the VIPRE part of that page is free. On that page, quite prominently, is this: (Malwarebytes' Anti-Malware is free for non-commercial use)! -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: #*$% Security Tools Malware
Alex, Any chance of education pricing for Malwarebytes? We are forced to use Symantec here. When - and I do mean when - they get infected, I use Vipre Rescue and Malwarebytes to clean them. I've eliminated the issue w/student computers by using DeepFreeze, but I'd like to have Malwarebytes for all faculty and staff machines. (Vipre at home :-) ) On Wed, Sep 15, 2010 at 1:45 PM, Alex Eckelberry al...@sunbelt-software.com wrote: In my discussions with Malwarebytes, they have indicated that they are ok with the use of Malwarebytes in a commercial environment for a one-time use to clean an infected system -- at least as it regards the website vipre.malwarebytes.org. However, you're correct, the Malwarebytes business model is to have a free version and charge for corporate/business customers. It should ultimately be purchased. Alex -Original Message- From: Angus Scott-Fleming [mailto:angu...@geoapps.com] Sent: Wednesday, September 15, 2010 2:10 PM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware On 15 Sep 2010 at 12:55, Alex Eckelberry wrote: http://vipre.malwarebytes.org/ Free. And the combination really works. Just remember, only the VIPRE part of that page is free. On that page, quite prominently, is this: (Malwarebytes' Anti-Malware is free for non-commercial use)! -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Organization and good planning are just crutches for people that can't handle stress and caffeine. - unknown ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: #*$% Security Tools Malware
But it doesnt run in real-time unless you buy it. And, these days, its a useless security product unless you do. Otherwise you are only scanning what is already on your computer. You want something like Malwarebytes to prevent that from happening in the first place. Otherwise, those buggers are already hiding and disabling system components. All the major problems I am finding in San Diego are malware infections that are the result of drive-by exploits against IE. Malwarebytes would have protected them all. Malwarebytes is the best $25 dollars you'll ever spend on a computer. (tm) I've found s many systems infected with malware that all the major AV vendors could not catch - that Malwarebytes does, or outright blocks the IPs that are the sources of the malware. SUNBELT: PLEASE BUY/INTERGRATE MALWAREBYTES INTO VIPRE! -- ME2 On Wed, Sep 15, 2010 at 11:10 AM, Angus Scott-Fleming angu...@geoapps.comwrote: On 15 Sep 2010 at 12:55, Alex Eckelberry wrote: http://vipre.malwarebytes.org/ Free. And the combination really works. Just remember, only the VIPRE part of that page is free. On that page, quite prominently, is this: (Malwarebytes' Anti-Malware is free for non-commercial use)! -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: #*$% Security Tools Malware
SUNBELT = GFI Shook From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, September 15, 2010 3:36 PM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware But it doesnt run in real-time unless you buy it. And, these days, its a useless security product unless you do. Otherwise you are only scanning what is already on your computer. You want something like Malwarebytes to prevent that from happening in the first place. Otherwise, those buggers are already hiding and disabling system components. All the major problems I am finding in San Diego are malware infections that are the result of drive-by exploits against IE. Malwarebytes would have protected them all. Malwarebytes is the best $25 dollars you'll ever spend on a computer. (tm) I've found s many systems infected with malware that all the major AV vendors could not catch - that Malwarebytes does, or outright blocks the IPs that are the sources of the malware. SUNBELT: PLEASE BUY/INTERGRATE MALWAREBYTES INTO VIPRE! -- ME2 On Wed, Sep 15, 2010 at 11:10 AM, Angus Scott-Fleming angu...@geoapps.commailto:angu...@geoapps.com wrote: On 15 Sep 2010 at 12:55, Alex Eckelberry wrote: http://vipre.malwarebytes.org/ Free. And the combination really works. Just remember, only the VIPRE part of that page is free. On that page, quite prominently, is this: (Malwarebytes' Anti-Malware is free for non-commercial use)! -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: #*$% Security Tools Malware
SHOOK = FWB -- ME2 On Wed, Sep 15, 2010 at 12:43 PM, Andy Shook andy.sh...@peak10.com wrote: SUNBELT = GFI Shook *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Wednesday, September 15, 2010 3:36 PM *To:* NT System Admin Issues *Subject:* Re: #*$% Security Tools Malware But it doesnt run in real-time unless you buy it. And, these days, its a useless security product unless you do. Otherwise you are only scanning what is already on your computer. You want something like Malwarebytes to prevent that from happening in the first place. Otherwise, those buggers are already hiding and disabling system components. All the major problems I am finding in San Diego are malware infections that are the result of drive-by exploits against IE. Malwarebytes would have protected them all. Malwarebytes is the best $25 dollars you'll ever spend on a computer. (tm) I've found s many systems infected with malware that all the major AV vendors could not catch - that Malwarebytes does, or outright blocks the IPs that are the sources of the malware. SUNBELT: PLEASE BUY/INTERGRATE MALWAREBYTES INTO VIPRE! -- ME2 On Wed, Sep 15, 2010 at 11:10 AM, Angus Scott-Fleming angu...@geoapps.com wrote: On 15 Sep 2010 at 12:55, Alex Eckelberry wrote: http://vipre.malwarebytes.org/ Free. And the combination really works. Just remember, only the VIPRE part of that page is free. On that page, quite prominently, is this: (Malwarebytes' Anti-Malware is free for non-commercial use)! -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: #*$% Security Tools Malware
I have tried twice to contact Malwarebytes via their corporate pricing link and twice have got nothing back... Dave -Original Message- From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 11:46 AM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware In my discussions with Malwarebytes, they have indicated that they are ok with the use of Malwarebytes in a commercial environment for a one-time use to clean an infected system -- at least as it regards the website vipre.malwarebytes.org. However, you're correct, the Malwarebytes business model is to have a free version and charge for corporate/business customers. It should ultimately be purchased. Alex -Original Message- From: Angus Scott-Fleming [mailto:angu...@geoapps.com] Sent: Wednesday, September 15, 2010 2:10 PM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware On 15 Sep 2010 at 12:55, Alex Eckelberry wrote: http://vipre.malwarebytes.org/ Free. And the combination really works. Just remember, only the VIPRE part of that page is free. On that page, quite prominently, is this: (Malwarebytes' Anti-Malware is free for non-commercial use)! -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: #*$% Security Tools Malware
I've pinged them on yours and Vicky's questions. -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Wednesday, September 15, 2010 4:28 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware I have tried twice to contact Malwarebytes via their corporate pricing link and twice have got nothing back... Dave -Original Message- From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, September 15, 2010 11:46 AM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware In my discussions with Malwarebytes, they have indicated that they are ok with the use of Malwarebytes in a commercial environment for a one-time use to clean an infected system -- at least as it regards the website vipre.malwarebytes.org. However, you're correct, the Malwarebytes business model is to have a free version and charge for corporate/business customers. It should ultimately be purchased. Alex -Original Message- From: Angus Scott-Fleming [mailto:angu...@geoapps.com] Sent: Wednesday, September 15, 2010 2:10 PM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware On 15 Sep 2010 at 12:55, Alex Eckelberry wrote: http://vipre.malwarebytes.org/ Free. And the combination really works. Just remember, only the VIPRE part of that page is free. On that page, quite prominently, is this: (Malwarebytes' Anti-Malware is free for non-commercial use)! -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: #*$% Security Tools Malware
John is absolutely correct. My brother got this a couple of weeks ago and asked me for help.I found it by going into task manager and looking at all the processes. I noticed one with a very long name and noted its location and it was exactly where John said it was found. So we shut it down and rebooted, and it was back again, but with a new name. Went to its location and this time deleted the folder with the 2 executables. Deleted the folder and that solved the problem. At least my brother hasn't called me back, and he rebooted his machine a number of times to make sure that we had cleansed his laptop. One question, has anyone found anything in the registry relating to this? My brother was satisfied that his laptop was clean, so we didn't look into the registry. Murray _ From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, September 15, 2010 12:56 PM To: NT System Admin Issues Subject: RE: #*$% Security Tools Malware From what I've seen in digging into Security Tools, the .exe's aren't stored in the IT temp folder. I'm finding them elsewhere under the user's profile \application data\local settings. Some random folder name. From: Roger Wright [mailto:rhw...@gmail.com] Sent: Wednesday, September 15, 2010 12:30 PM To: NT System Admin Issues Subject: Re: #*$% Security Tools Malware An occasional one manages to slip past VIPRE but they're rare. We've also found that they tend to appear after a reboot even when the user is diligent and immediately kills iexplore.exe. We set a GP to automatically delete Temp Internet Files when IE is closed - this eliminates those 123456457.exe downloads that are called from registry entries. Since doing so we've have far fewer infections. Roger Wright ___ When it's GOOD there ain't nothin' like it, and when it's BAD there ain't nothin' like it! On Wed, Sep 15, 2010 at 12:20 PM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: The Security Tools malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. No virus found in this incoming message. Checked by AVG - www.avg.com Version: 9.0.851 / Virus Database: 271.1.1/3136 - Release Date: 09/15/10 01:34:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: #*$% Security Tools Malware
On 15 Sep 2010 at 14:45, Alex Eckelberry wrote: In my discussions with Malwarebytes, they have indicated that they are ok with the use of Malwarebytes in a commercial environment for a one-time use to clean an infected system -- at least as it regards the website vipre.malwarebytes.org. Having that made explicit on the vipre.malwarebytes.org page would be a Good Thing. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin