Re: System Tool 2011 malware
On Tue December 14 2010, you wrote: Hi John, User know where they were surfing when it hit? Samples can be submitted here: http://www.sunbeltsecurity.com/threat If you want assistance with removal check the box that says I need help . Someone will be happy to help. We're releasing defs something like 13x/day now so shouldn't be too long to get updates for that critter. Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre Home caught it...what's more, it disabled Vipre Home. I'll see if I can get access to the zipped sample so I can resubmit. Thanks! -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: I: System Tool 2011 malware
On Wed December 15 2010, you wrote: Try with Prevx3.0 I'm pretty sure I got rid of it...but was concerned that Vipre (home) and Vipre Rescue didn't catch it... -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: System Tool 2011 malware
Turn off system restore and do another scan John W. Cook Systems Administrator Partnership for Strong Families - Original Message - From: John Aldrich jaldr...@blueridgecarpet.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Tue Dec 14 22:21:39 2010 Subject: System Tool 2011 malware I had a home user who called me to come work on his computer because it kept coming up with the system tool 2011 malware (very similar to the fake antivirus malware.) The system is Windows XP Media Edition, and had Vipre Home installed. I ran Vipre Rescue yesterday and it supposedly cleaned some of it up, but as soon as the user rebooted into normal mode, it was back. Today, I went back and ran MalwareBytes and SpyBot SD. Neither apparently caught it, but looking at the startup entries in SpyBot, I saw a random jumble of letters under c: \documents and settings\all users\application data\ which, when I entered the directory in Windows Explorer, showed the icon for the System Tool 2011 malware. Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I tried to submit a zip of it to the CW Sandbox, but got a response that it couldn't be analyzed... -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
OT: Anyone looking for a new gig for the new year? (Baltimore area)
Hey folks, I've got some openings coming up here in the Baltimore MD area. Some of these are due to expanded headcounts (we are really growing) and one is due to mutually agreed separation. All of these positions would directly or indirectly report to me. HR is going through the usual sources, but I thought I could help cast a wider net. We are pretty much a 100% Windows shop, EMC storage, VMWare infrastructure, and we are looking for: 1) Manager of Server Engineering (my current position - I just received a promotion) 2) Tier 2/3 Technical Support 3) Junior SQL DBA 4) Principal SQL DBA I know this is not a lot to go on, but I don't want to flood the list with job descriptions, etc. Competitive salary, good benefits, EOE, etc. If any of these titles look interesting and you are in the Baltimore MD area (can't do paid relocation, sorry) drop me a note off-list please. Thanks! Jim Jim Holmgren Manager of Server Engineering XLHealth Corporation The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) www.xlhealth.com CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso exclusivo del destinatario(s) y puede contener información confidencial y/o información protegida de salud. En virtud de la Ley Federal (HIPAA), el destinatario tiene la obligación de mantener esta información segura y confidencial. Cualquier divulgación a terceros sin la autorización de los miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley Federal. Si usted no es el destinatario, por favor, póngase en contacto con el remitente por teléfono y destruir todas las copias del mensaje original ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Anyone looking for a new gig for the new year? (Baltimore area)
Congrats Jim. -Original Message- From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: Wednesday, December 15, 2010 8:18 AM To: NT System Admin Issues Subject: OT: Anyone looking for a new gig for the new year? (Baltimore area) (my current position - I just received a promotion) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: System Tool 2011 malware
I had a user get that crap on his PC on Tuesday and it disabled Vipre Enterprise also. The user swears he didn't click on anything and was on MSNBCs site. He was about to get a new PC anyway so I'm not bothering to clean. Its not the first time that user got one of those fake AVs, or the second for that matter. James - Original Message - From: John Aldrich jaldr...@blueridgecarpet.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, December 15, 2010 5:21 AM Subject: Re: System Tool 2011 malware On Tue December 14 2010, you wrote: Hi John, User know where they were surfing when it hit? Samples can be submitted here: http://www.sunbeltsecurity.com/threat If you want assistance with removal check the box that says I need help . Someone will be happy to help. We're releasing defs something like 13x/day now so shouldn't be too long to get updates for that critter. Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre Home caught it...what's more, it disabled Vipre Home. I'll see if I can get access to the zipped sample so I can resubmit. Thanks! -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: System Tool 2011 malware
Yeah... I ended up disabling system restore while in safe mode. What's scary is that none of the standard tools seems to have caught this new variant and that I only apparently got rid of it by deleting the folder containing the bogus malware. 'Course there was a lot of other crap on there too... MyWebSearch and some other junk. The usual tools took care of that stuff. -Original Message- From: John Cook [mailto:john.c...@pfsf.org] Sent: Wednesday, December 15, 2010 7:02 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Turn off system restore and do another scan John W. Cook Systems Administrator Partnership for Strong Families - Original Message - From: John Aldrich jaldr...@blueridgecarpet.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Tue Dec 14 22:21:39 2010 Subject: System Tool 2011 malware I had a home user who called me to come work on his computer because it kept coming up with the system tool 2011 malware (very similar to the fake antivirus malware.) The system is Windows XP Media Edition, and had Vipre Home installed. I ran Vipre Rescue yesterday and it supposedly cleaned some of it up, but as soon as the user rebooted into normal mode, it was back. Today, I went back and ran MalwareBytes and SpyBot SD. Neither apparently caught it, but looking at the startup entries in SpyBot, I saw a random jumble of letters under c: \documents and settings\all users\application data\ which, when I entered the directory in Windows Explorer, showed the icon for the System Tool 2011 malware. Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I tried to submit a zip of it to the CW Sandbox, but got a response that it couldn't be analyzed... -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: System Tool 2011 malware
Steve, et al: I was concerned that Vipre Home and Vipre Rescue didn't catch it. I should point out that I'm aware that *nothing* catches everything, which is why I like to use multiple tools to scan a computer when I suspect a malware outbreak. I was just surprised that Vipre, which seems to be one of the best (if not THE best) anti-malware products didn't catch it, even using the Rescue version. -Original Message- From: Steve Ens [mailto:stevey...@gmail.com] Sent: Tuesday, December 14, 2010 10:47 PM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Hey John Are you asking how to fix it, or why Vipre didn't catch it? If you're trying to fix it, then logon as the administrator (or something other than what the infected profile) and then run the tools...full scans. Steve On Tuesday, December 14, 2010, John Aldrich jaldr...@blueridgecarpet.com wrote: I had a home user who called me to come work on his computer because it kept coming up with the system tool 2011 malware (very similar to the fake antivirus malware.) The system is Windows XP Media Edition, and had Vipre Home installed. I ran Vipre Rescue yesterday and it supposedly cleaned some of it up, but as soon as the user rebooted into normal mode, it was back. Today, I went back and ran MalwareBytes and SpyBot SD. Neither apparently caught it, but looking at the startup entries in SpyBot, I saw a random jumble of letters under c: \documents and settings\all users\application data\ which, when I entered the directory in Windows Explorer, showed the icon for the System Tool 2011 malware. Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I tried to submit a zip of it to the CW Sandbox, but got a response that it couldn't be analyzed... -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: System Tool 2011 malware
I wonder the status of patching on his system, not just Microsoft but Adobe and other applications. I've seen a bit of these fake av type malware gems arrive via suspected 'drive by' website visits, possibly from hitting flash/shockwave vulnerabilities on linked animated advertisements. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' -Original Message- From: James Kerr [mailto:cluster...@gmail.com] Sent: Wednesday, December 15, 2010 8:42 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I had a user get that crap on his PC on Tuesday and it disabled Vipre Enterprise also. The user swears he didn't click on anything and was on MSNBCs site. He was about to get a new PC anyway so I'm not bothering to clean. Its not the first time that user got one of those fake AVs, or the second for that matter. James - Original Message - From: John Aldrich jaldr...@blueridgecarpet.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, December 15, 2010 5:21 AM Subject: Re: System Tool 2011 malware On Tue December 14 2010, you wrote: Hi John, User know where they were surfing when it hit? Samples can be submitted here: http://www.sunbeltsecurity.com/threat If you want assistance with removal check the box that says I need help . Someone will be happy to help. We're releasing defs something like 13x/day now so shouldn't be too long to get updates for that critter. Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre Home caught it...what's more, it disabled Vipre Home. I'll see if I can get access to the zipped sample so I can resubmit. Thanks! -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: System Tool 2011 malware
Reactive anti-malware is increasingly redundant these days...I rely heavily on application whitelisting technologies now. It's very rare our AV goes off at all, and it's mainly on IT tools such as l0phtcrack, pwdump and the like On 15 December 2010 13:47, John Aldrich jaldr...@blueridgecarpet.comwrote: Yeah... I ended up disabling system restore while in safe mode. What's scary is that none of the standard tools seems to have caught this new variant and that I only apparently got rid of it by deleting the folder containing the bogus malware. 'Course there was a lot of other crap on there too... MyWebSearch and some other junk. The usual tools took care of that stuff. -Original Message- From: John Cook [mailto:john.c...@pfsf.org] Sent: Wednesday, December 15, 2010 7:02 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Turn off system restore and do another scan John W. Cook Systems Administrator Partnership for Strong Families - Original Message - From: John Aldrich jaldr...@blueridgecarpet.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Tue Dec 14 22:21:39 2010 Subject: System Tool 2011 malware I had a home user who called me to come work on his computer because it kept coming up with the system tool 2011 malware (very similar to the fake antivirus malware.) The system is Windows XP Media Edition, and had Vipre Home installed. I ran Vipre Rescue yesterday and it supposedly cleaned some of it up, but as soon as the user rebooted into normal mode, it was back. Today, I went back and ran MalwareBytes and SpyBot SD. Neither apparently caught it, but looking at the startup entries in SpyBot, I saw a random jumble of letters under c: \documents and settings\all users\application data\ which, when I entered the directory in Windows Explorer, showed the icon for the System Tool 2011 malware. Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I tried to submit a zip of it to the CW Sandbox, but got a response that it couldn't be analyzed... -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: System Tool 2011 malware
Secunia PSI FTWI've got that down as part of the standard toolset I put on home users' PCs now. It's also not too hard to use, which is a big plus for these kind of jobs On 15 December 2010 13:50, Erik Goldoff egold...@gmail.com wrote: I wonder the status of patching on his system, not just Microsoft but Adobe and other applications. I've seen a bit of these fake av type malware gems arrive via suspected 'drive by' website visits, possibly from hitting flash/shockwave vulnerabilities on linked animated advertisements. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' -Original Message- From: James Kerr [mailto:cluster...@gmail.com] Sent: Wednesday, December 15, 2010 8:42 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I had a user get that crap on his PC on Tuesday and it disabled Vipre Enterprise also. The user swears he didn't click on anything and was on MSNBCs site. He was about to get a new PC anyway so I'm not bothering to clean. Its not the first time that user got one of those fake AVs, or the second for that matter. James - Original Message - From: John Aldrich jaldr...@blueridgecarpet.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, December 15, 2010 5:21 AM Subject: Re: System Tool 2011 malware On Tue December 14 2010, you wrote: Hi John, User know where they were surfing when it hit? Samples can be submitted here: http://www.sunbeltsecurity.com/threat If you want assistance with removal check the box that says I need help . Someone will be happy to help. We're releasing defs something like 13x/day now so shouldn't be too long to get updates for that critter. Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre Home caught it...what's more, it disabled Vipre Home. I'll see if I can get access to the zipped sample so I can resubmit. Thanks! -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: System Tool 2011 malware
I'm starting to recommend that clients periodically search for any EXE in any subdirectory of the 'Documents and Settings' or 'Users' folders, and also check the RUN keys of the registry that point to any profile location for executables. ( Autoruns is a good GUI for not needing to know hives and keys ) Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Wednesday, December 15, 2010 8:47 AM To: NT System Admin Issues Subject: RE: System Tool 2011 malware Yeah... I ended up disabling system restore while in safe mode. What's scary is that none of the standard tools seems to have caught this new variant and that I only apparently got rid of it by deleting the folder containing the bogus malware. 'Course there was a lot of other crap on there too... MyWebSearch and some other junk. The usual tools took care of that stuff. -Original Message- From: John Cook [mailto:john.c...@pfsf.org] Sent: Wednesday, December 15, 2010 7:02 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Turn off system restore and do another scan John W. Cook Systems Administrator Partnership for Strong Families - Original Message - From: John Aldrich jaldr...@blueridgecarpet.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Tue Dec 14 22:21:39 2010 Subject: System Tool 2011 malware I had a home user who called me to come work on his computer because it kept coming up with the system tool 2011 malware (very similar to the fake antivirus malware.) The system is Windows XP Media Edition, and had Vipre Home installed. I ran Vipre Rescue yesterday and it supposedly cleaned some of it up, but as soon as the user rebooted into normal mode, it was back. Today, I went back and ran MalwareBytes and SpyBot SD. Neither apparently caught it, but looking at the startup entries in SpyBot, I saw a random jumble of letters under c: \documents and settings\all users\application data\ which, when I entered the directory in Windows Explorer, showed the icon for the System Tool 2011 malware. Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I tried to submit a zip of it to the CW Sandbox, but got a response that it couldn't be analyzed... -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: System Tool 2011 malware
+1 on drive-by downloading - had a couple users here get nailed maybe 4 months ago thanks to embedded PDFs. Some JS code in a malicious banner ad served up the PDF, the Acrobat plugin launched, and that's all she wrote. Had to wipe both machines. VIPRE blocks the same attack 3 or 4 times a week now. Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 On 12/15/10 8:50 AM, Erik Goldoff egold...@gmail.com wrote: I wonder the status of patching on his system, not just Microsoft but Adobe and other applications. I've seen a bit of these fake av type malware gems arrive via suspected 'drive by' website visits, possibly from hitting flash/shockwave vulnerabilities on linked animated advertisements. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' -Original Message- From: James Kerr [mailto:cluster...@gmail.com] Sent: Wednesday, December 15, 2010 8:42 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I had a user get that crap on his PC on Tuesday and it disabled Vipre Enterprise also. The user swears he didn't click on anything and was on MSNBCs site. He was about to get a new PC anyway so I'm not bothering to clean. Its not the first time that user got one of those fake AVs, or the second for that matter. James - Original Message - From: John Aldrich jaldr...@blueridgecarpet.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, December 15, 2010 5:21 AM Subject: Re: System Tool 2011 malware On Tue December 14 2010, you wrote: Hi John, User know where they were surfing when it hit? Samples can be submitted here: http://www.sunbeltsecurity.com/threat If you want assistance with removal check the box that says I need help . Someone will be happy to help. We're releasing defs something like 13x/day now so shouldn't be too long to get updates for that critter. Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre Home caught it...what's more, it disabled Vipre Home. I'll see if I can get access to the zipped sample so I can resubmit. Thanks! -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: System Tool 2011 malware
We fight Security Tools here on a regular basis. Our users don't run with admin rights, so the damage is limited to their accounts--and it's generally easy to clean (remove the entry from the run key and delete the files Security Tools installed). Still, it's a pain because they so frequently get infected. The makers of Security Tools work hard to stay a step ahead of antimalware software's definitions. In our case, we use Microsoft Forefront Client Security. I ran into a situation earlier this week where FCS's day-old definitions didn't detect a particular version of Security Tools, but when I updated the defs to the current day's version it did. I'm pretty close to implementing software restriction policies for our employees (I already do it for our students). That's the only way I can think of preventing these infections 100% of the time. John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Tuesday, December 14, 2010 10:22 PM To: NT System Admin Issues Subject: System Tool 2011 malware I had a home user who called me to come work on his computer because it kept coming up with the system tool 2011 malware (very similar to the fake antivirus malware.) The system is Windows XP Media Edition, and had Vipre Home installed. I ran Vipre Rescue yesterday and it supposedly cleaned some of it up, but as soon as the user rebooted into normal mode, it was back. Today, I went back and ran MalwareBytes and SpyBot SD. Neither apparently caught it, but looking at the startup entries in SpyBot, I saw a random jumble of letters under c: \documents and settings\all users\application data\ which, when I entered the directory in Windows Explorer, showed the icon for the System Tool 2011 malware. Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I tried to submit a zip of it to the CW Sandbox, but got a response that it couldn't be analyzed... -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Anyone looking for a new gig for the new year? (Baltimore area)
Thanks Jim. I'm looking forward to the challenge. My new position will be more like my position at my previous gig, so I'm pretty excited for the opportunity. This time I'll try to stay on the Sunbelt lists - I missed a couple of years. :) Jim -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Wednesday, December 15, 2010 8:37 AM To: NT System Admin Issues Subject: RE: Anyone looking for a new gig for the new year? (Baltimore area) Congrats Jim. -Original Message- From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: Wednesday, December 15, 2010 8:18 AM To: NT System Admin Issues Subject: OT: Anyone looking for a new gig for the new year? (Baltimore area) (my current position - I just received a promotion) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso exclusivo del destinatario(s) y puede contener información confidencial y/o información protegida de salud. En virtud de la Ley Federal (HIPAA), el destinatario tiene la obligación de mantener esta información segura y confidencial. Cualquier divulgación a terceros sin la autorización de los miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley Federal. Si usted no es el destinatario, por favor, póngase en contacto con el remitente por teléfono y destruir todas las copias del mensaje original ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: System Tool 2011 malware
Could very well be the infection vector. I didn't have time to check on those, however I'll suggest that he double-check those things to make sure he's up-to-date. IIRC, his Acrobat Reader may have popped up a note about needing to get updated. -Original Message- From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, December 15, 2010 8:50 AM To: NT System Admin Issues Subject: RE: System Tool 2011 malware I wonder the status of patching on his system, not just Microsoft but Adobe and other applications. I've seen a bit of these fake av type malware gems arrive via suspected 'drive by' website visits, possibly from hitting flash/shockwave vulnerabilities on linked animated advertisements. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' -Original Message- From: James Kerr [mailto:cluster...@gmail.com] Sent: Wednesday, December 15, 2010 8:42 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I had a user get that crap on his PC on Tuesday and it disabled Vipre Enterprise also. The user swears he didn't click on anything and was on MSNBCs site. He was about to get a new PC anyway so I'm not bothering to clean. Its not the first time that user got one of those fake AVs, or the second for that matter. James - Original Message - From: John Aldrich jaldr...@blueridgecarpet.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, December 15, 2010 5:21 AM Subject: Re: System Tool 2011 malware On Tue December 14 2010, you wrote: Hi John, User know where they were surfing when it hit? Samples can be submitted here: http://www.sunbeltsecurity.com/threat If you want assistance with removal check the box that says I need help . Someone will be happy to help. We're releasing defs something like 13x/day now so shouldn't be too long to get updates for that critter. Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre Home caught it...what's more, it disabled Vipre Home. I'll see if I can get access to the zipped sample so I can resubmit. Thanks! -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: System Tool 2011 malware
Rad.msn.com (as well as doubleclick) were social engineered last week to release malware (see http://www.techeye.net/security/doubleclick-and-msn-serve-up-malware). (Since we run our own DNS servers at home, Jeffrey added a zone for rad.msn.com to block any content from that domain. We previously had a zone created for doubleclick.) Sincerely, Jeffrey and Mary Jane Harris VIPCS -Original Message- From: James Kerr [mailto:cluster...@gmail.com] Sent: Wednesday, December 15, 2010 8:42 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I had a user get that crap on his PC on Tuesday and it disabled Vipre Enterprise also. The user swears he didn't click on anything and was on MSNBCs site. He was about to get a new PC anyway so I'm not bothering to clean. Its not the first time that user got one of those fake AVs, or the second for that matter. James - Original Message - From: John Aldrich jaldr...@blueridgecarpet.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, December 15, 2010 5:21 AM Subject: Re: System Tool 2011 malware On Tue December 14 2010, you wrote: Hi John, User know where they were surfing when it hit? Samples can be submitted here: http://www.sunbeltsecurity.com/threat If you want assistance with removal check the box that says I need help . Someone will be happy to help. We're releasing defs something like 13x/day now so shouldn't be too long to get updates for that critter. Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre Home caught it...what's more, it disabled Vipre Home. I'll see if I can get access to the zipped sample so I can resubmit. Thanks! -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Anyone looking for a new gig for the new year? (Baltimore area)
I think you should send crab cakes to everyone on the list to apologize for those missed years! :) p.s. I will take my usual order from the usual place please. Webster -Original Message- From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Subject: RE: Anyone looking for a new gig for the new year? (Baltimore area) Thanks Jim. I'm looking forward to the challenge. My new position will be more like my position at my previous gig, so I'm pretty excited for the opportunity. This time I'll try to stay on the Sunbelt lists - I missed a couple of years. :) Jim -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Subject: RE: Anyone looking for a new gig for the new year? (Baltimore area) Congrats Jim. -Original Message- From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Subject: OT: Anyone looking for a new gig for the new year? (Baltimore area) (my current position - I just received a promotion) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: System Tool 2011 malware
Interesting. I'll have to add that to the hosts file and block those two. -Original Message- From: VIPCS [mailto:vi...@stny.rr.com] Sent: Wednesday, December 15, 2010 9:41 AM To: NT System Admin Issues Subject: RE: System Tool 2011 malware Rad.msn.com (as well as doubleclick) were social engineered last week to release malware (see http://www.techeye.net/security/doubleclick-and-msn-serve-up-malware). (Since we run our own DNS servers at home, Jeffrey added a zone for rad.msn.com to block any content from that domain. We previously had a zone created for doubleclick.) Sincerely, Jeffrey and Mary Jane Harris VIPCS -Original Message- From: James Kerr [mailto:cluster...@gmail.com] Sent: Wednesday, December 15, 2010 8:42 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I had a user get that crap on his PC on Tuesday and it disabled Vipre Enterprise also. The user swears he didn't click on anything and was on MSNBCs site. He was about to get a new PC anyway so I'm not bothering to clean. Its not the first time that user got one of those fake AVs, or the second for that matter. James - Original Message - From: John Aldrich jaldr...@blueridgecarpet.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, December 15, 2010 5:21 AM Subject: Re: System Tool 2011 malware On Tue December 14 2010, you wrote: Hi John, User know where they were surfing when it hit? Samples can be submitted here: http://www.sunbeltsecurity.com/threat If you want assistance with removal check the box that says I need help . Someone will be happy to help. We're releasing defs something like 13x/day now so shouldn't be too long to get updates for that critter. Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre Home caught it...what's more, it disabled Vipre Home. I'll see if I can get access to the zipped sample so I can resubmit. Thanks! -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Anyone looking for a new gig for the new year? (Baltimore area)
The salary increase was not NEARLY enough to cover the entire list. You sir - are welcome to dine with me at the Olive Grove any time. You just gotta git yer keester up here. :) -Original Message- From: Webster [mailto:carlwebs...@gmail.com] Sent: Wednesday, December 15, 2010 9:46 AM To: NT System Admin Issues Subject: RE: Anyone looking for a new gig for the new year? (Baltimore area) I think you should send crab cakes to everyone on the list to apologize for those missed years! :) p.s. I will take my usual order from the usual place please. Webster -Original Message- From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Subject: RE: Anyone looking for a new gig for the new year? (Baltimore area) Thanks Jim. I'm looking forward to the challenge. My new position will be more like my position at my previous gig, so I'm pretty excited for the opportunity. This time I'll try to stay on the Sunbelt lists - I missed a couple of years. :) Jim -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Subject: RE: Anyone looking for a new gig for the new year? (Baltimore area) Congrats Jim. -Original Message- From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Subject: OT: Anyone looking for a new gig for the new year? (Baltimore area) (my current position - I just received a promotion) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso exclusivo del destinatario(s) y puede contener información confidencial y/o información protegida de salud. En virtud de la Ley Federal (HIPAA), el destinatario tiene la obligación de mantener esta información segura y confidencial. Cualquier divulgación a terceros sin la autorización de los miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley Federal. Si usted no es el destinatario, por favor, póngase en contacto con el remitente por teléfono y destruir todas las copias del mensaje original ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: System Tool 2011 malware
Thanks for the info, guys... I downloaded it and will start using it as part of my regular troubleshooting/cleaning toolkit. :-) From: Scott Weber [mailto:swe...@thanksal.com] Sent: Wednesday, December 15, 2010 10:24 AM To: NT System Admin Issues Subject: RE: System Tool 2011 malware James, Recently (this past weekend) found out about secunia PSI and I like it. +1 Scott From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, December 15, 2010 7:53 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Secunia PSI FTWI've got that down as part of the standard toolset I put on home users' PCs now. It's also not too hard to use, which is a big plus for these kind of jobs On 15 December 2010 13:50, Erik Goldoff egold...@gmail.com wrote: I wonder the status of patching on his system, not just Microsoft but Adobe and other applications. I've seen a bit of these fake av type malware gems arrive via suspected 'drive by' website visits, possibly from hitting flash/shockwave vulnerabilities on linked animated advertisements. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' -Original Message- From: James Kerr [mailto:cluster...@gmail.com] Sent: Wednesday, December 15, 2010 8:42 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I had a user get that crap on his PC on Tuesday and it disabled Vipre Enterprise also. The user swears he didn't click on anything and was on MSNBCs site. He was about to get a new PC anyway so I'm not bothering to clean. Its not the first time that user got one of those fake AVs, or the second for that matter. James - Original Message - From: John Aldrich jaldr...@blueridgecarpet.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, December 15, 2010 5:21 AM Subject: Re: System Tool 2011 malware On Tue December 14 2010, you wrote: Hi John, User know where they were surfing when it hit? Samples can be submitted here: http://www.sunbeltsecurity.com/threat If you want assistance with removal check the box that says I need help . Someone will be happy to help. We're releasing defs something like 13x/day now so shouldn't be too long to get updates for that critter. Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre Home caught it...what's more, it disabled Vipre Home. I'll see if I can get access to the zipped sample so I can resubmit. Thanks! -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: System Tool 2011 malware
Don't forget combofix - taken care of some things that can't be cleaned otherwise. Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 On 12/15/10 10:37 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: Thanks for the info, guys... I downloaded it and will start using it as part of my regular troubleshooting/cleaning toolkit. :-) From: Scott Weber [mailto:swe...@thanksal.com] Sent: Wednesday, December 15, 2010 10:24 AM To: NT System Admin Issues Subject: RE: System Tool 2011 malware James, Recently (this past weekend) found out about secunia PSI and I like it. +1 Scott From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, December 15, 2010 7:53 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Secunia PSI FTWI've got that down as part of the standard toolset I put on home users' PCs now. It's also not too hard to use, which is a big plus for these kind of jobs On 15 December 2010 13:50, Erik Goldoff egold...@gmail.com wrote: I wonder the status of patching on his system, not just Microsoft but Adobe and other applications. I've seen a bit of these fake av type malware gems arrive via suspected 'drive by' website visits, possibly from hitting flash/shockwave vulnerabilities on linked animated advertisements. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' -Original Message- From: James Kerr [mailto:cluster...@gmail.com] Sent: Wednesday, December 15, 2010 8:42 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I had a user get that crap on his PC on Tuesday and it disabled Vipre Enterprise also. The user swears he didn't click on anything and was on MSNBCs site. He was about to get a new PC anyway so I'm not bothering to clean. Its not the first time that user got one of those fake AVs, or the second for that matter. James - Original Message - From: John Aldrich jaldr...@blueridgecarpet.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, December 15, 2010 5:21 AM Subject: Re: System Tool 2011 malware On Tue December 14 2010, you wrote: Hi John, User know where they were surfing when it hit? Samples can be submitted here: http://www.sunbeltsecurity.com/threat If you want assistance with removal check the box that says I need help . Someone will be happy to help. We're releasing defs something like 13x/day now so shouldn't be too long to get updates for that critter. Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre Home caught it...what's more, it disabled Vipre Home. I'll see if I can get access to the zipped sample so I can resubmit. Thanks! -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the
RE: 2K8R2 DNS anomaly
Known issue wrt EDNS... http://support.microsoft.com/kb/832223 From: m b [mailto:midphan12...@gmail.com] Sent: Wednesday, December 15, 2010 9:15 AM To: NT System Admin Issues Subject: 2K8R2 DNS anomaly Within our forest, all domain controllers are DNS servers. We've been working to upgrade from 2K3 to 2K8. Most of those that are upgraded are 2K8R2, while a few are just 2K8. I have heard some reports from users that they were unable to access certain websites that they were able to access from home. Today's example is www.insead.eduhttp://www.insead.edu/. When I do an nslookup against any of our 2K8R2 DNS servers, the lookup fails to resolve. If I do that same lookup against any 2K3 or 2K8 DNS server, it is successful. I'm not seeing any common event log errors/warnings among the 2K8R2 DNS servers. My only hunch is root hints. Anyone experienced something similar? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
2K8R2 DNS anomaly
Within our forest, all domain controllers are DNS servers. We've been working to upgrade from 2K3 to 2K8. Most of those that are upgraded are 2K8R2, while a few are just 2K8. I have heard some reports from users that they were unable to access certain websites that they were able to access from home. Today's example is www.insead.edu. When I do an nslookup against any of our 2K8R2 DNS servers, the lookup fails to resolve. If I do that same lookup against any 2K3 or 2K8 DNS server, it is successful. I'm not seeing any common event log errors/warnings among the 2K8R2 DNS servers. My only hunch is root hints. Anyone experienced something similar? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
OT : Holiday funny...
Frosty the snowman, wasn't too quick on his feet. It was clearly his loss, when he tried to cross, in the middle of the street. http://www.nbcchicago.com/news/local-beat/champaign-urbana-bus-snowman-111815254.html?dr#ixzz1860nu92H -Paul ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: 2K8R2 DNS anomaly
I have in my test environment and it has driven me nuts. The ones I have had issues with off and on are the Microsoft and AMD/ATI websites both places I go to often. From: m b [mailto:midphan12...@gmail.com] Sent: Wednesday, December 15, 2010 8:15 AM To: NT System Admin Issues Subject: 2K8R2 DNS anomaly Within our forest, all domain controllers are DNS servers. We've been working to upgrade from 2K3 to 2K8. Most of those that are upgraded are 2K8R2, while a few are just 2K8. I have heard some reports from users that they were unable to access certain websites that they were able to access from home. Today's example is www.insead.eduhttp://www.insead.edu/. When I do an nslookup against any of our 2K8R2 DNS servers, the lookup fails to resolve. If I do that same lookup against any 2K3 or 2K8 DNS server, it is successful. I'm not seeing any common event log errors/warnings among the 2K8R2 DNS servers. My only hunch is root hints. Anyone experienced something similar? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin /pre-brKey Technology, Inc. Disclaimer Notice - The information and attachment(s) contained in this communication are intended for the addressee only, and may be confidential and/or legally privileged. If you have received this communication in error, please contact the sender immediately, and delete this communication from any computer or network system. Any interception, review, printing, copying, re-transmission, dissemination, or other use of, or taking of any action upon this information by persons or entities other than the intended recipient is strictly prohibited by law and may subject them to criminal or civil liability. Key Technology, Inc. is not liable for the improper and/or incomplete transmission of the information contained in this communication or for any delay in its receipt.brpre ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: System Tool 2011 malware
Jeffrey had to fix malware on a user's system that infected the keyboard drivers, and prevent any keyboard from being used. Combofix was the only tool that detected and fixed the issue (Jeffrey tried Vipre, Vipre Rescue, MalwareBytes, and the Microsoft Malicious Software Removal Tool). That Vipre never even detected the malware concerned Jeffrey more than anything else, even though Jeffrey knew it was malware because of numerous reports on the Internet of other users with the same issue. Sincerely, Jeffrey and Mary Jane Harris VIPCS -Original Message- From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu] Sent: Wednesday, December 15, 2010 11:07 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Don't forget combofix - taken care of some things that can't be cleaned otherwise. Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 On 12/15/10 10:37 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: Thanks for the info, guys... I downloaded it and will start using it as part of my regular troubleshooting/cleaning toolkit. :-) From: Scott Weber [mailto:swe...@thanksal.com] Sent: Wednesday, December 15, 2010 10:24 AM To: NT System Admin Issues Subject: RE: System Tool 2011 malware James, Recently (this past weekend) found out about secunia PSI and I like it. +1 Scott From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, December 15, 2010 7:53 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Secunia PSI FTWI've got that down as part of the standard toolset I put on home users' PCs now. It's also not too hard to use, which is a big plus for these kind of jobs On 15 December 2010 13:50, Erik Goldoff egold...@gmail.com wrote: I wonder the status of patching on his system, not just Microsoft but Adobe and other applications. I've seen a bit of these fake av type malware gems arrive via suspected 'drive by' website visits, possibly from hitting flash/shockwave vulnerabilities on linked animated advertisements. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' -Original Message- From: James Kerr [mailto:cluster...@gmail.com] Sent: Wednesday, December 15, 2010 8:42 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I had a user get that crap on his PC on Tuesday and it disabled Vipre Enterprise also. The user swears he didn't click on anything and was on MSNBCs site. He was about to get a new PC anyway so I'm not bothering to clean. Its not the first time that user got one of those fake AVs, or the second for that matter. James - Original Message - From: John Aldrich jaldr...@blueridgecarpet.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, December 15, 2010 5:21 AM Subject: Re: System Tool 2011 malware On Tue December 14 2010, you wrote: Hi John, User know where they were surfing when it hit? Samples can be submitted here: http://www.sunbeltsecurity.com/threat If you want assistance with removal check the box that says I need help . Someone will be happy to help. We're releasing defs something like 13x/day now so shouldn't be too long to get updates for that critter. Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre Home caught it...what's more, it disabled Vipre Home. I'll see if I can get access to the zipped sample so I can resubmit. Thanks! -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
RE: Vista Printing and GPP
James, I have tried (based on Google/technet forum searches) enabling it in user and computer sections (I understand Win7 moved PP from user to Computer) and disabling it altogether. Disabling it finally worked, so long as you Created and did not Replace it, so much for housekeeping... Fsck, I hate Vista:( I used XP until 7 came out and just skipped it altogether for my own wkst's. Thanks bud, jlc From: James Hill [mailto:james.h...@superamart.com.au] Sent: Tuesday, December 14, 2010 9:02 PM To: NT System Admin Issues Subject: RE: Vista Printing and GPP Ok, next question, what are the GPP settings for your test case? From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wednesday, 15 December 2010 1:56 PM To: NT System Admin Issues Subject: RE: Vista Printing and GPP Same user, and no prompts. Thanks! jlc From: James Hill [mailto:james.h...@superamart.com.au] Sent: Tuesday, December 14, 2010 6:41 PM To: NT System Admin Issues Subject: RE: Vista Printing and GPP When you are browsing to the server are you using the same user account that fails with GPP? Also when browsing to the server do you receive any elevation prompts? From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wednesday, 15 December 2010 8:47 AM To: NT System Admin Issues Subject: RE: Vista Printing and GPP So this gets sillier, a fresh vista machine w/o the driver installed can browse to the server and double click the printer and it installs fine. Using GPP's, it wont, it hangs the login? Any ideas? Thanks, jlc From: James Hill [mailto:james.h...@superamart.com.au] Sent: Monday, December 13, 2010 3:15 PM To: NT System Admin Issues Subject: RE: Vista Printing and GPP Never heard of that requirement(on the server). So once the driver is installed it works ok? If so then you could certainly use a script as you mentioned. Or possibly even add them to your SOE/MOE at the start. From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Tuesday, 14 December 2010 8:13 AM To: NT System Admin Issues Subject: RE: Vista Printing and GPP Bug w/ Vista, spent a few weeks w/ PSS and they agreed, group policies are in order, it's just lousy Vista. Oddly enough, one pss agent said the Point and Print Restrictions policy needs to be applied on the print server itself? Was such a long a tiring case. From: James Hill [mailto:james.h...@superamart.com.au] Sent: Monday, December 13, 2010 3:02 PM To: NT System Admin Issues Subject: RE: Vista Printing and GPP If it works for Win 7 it should work for Vista. Are the Win7 Vista machines getting the same Group Policies applied, in particular the Point and Print Restrictions policy? From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Tuesday, 14 December 2010 5:06 AM To: NT System Admin Issues Subject: Vista Printing and GPP Speaking of printing, I have a mix of XP/Vista/Win7 clients and use GPP's to setup printers for them. The XP and Win7 machines work well with the non-packaged drivers, but Vista does all kinds of things from plain not installing some to hanging at login for others. I was thinking about creating a startup script with a `rundll32 printui.dll,PrintUIEntry /ia` command to get the driver installed, seem like the best approach? This is for the PCL6 drivers for a Ricoh MP 6001 and 2060 SP. Thanks! jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
RE: 2K8R2 DNS anomaly
Jeffrey just tried an nslookup query (results below) on two WS2K8 servers (one is R2) on two different networks and both resolved (both are DCs with DNS installed): Non-authoritative answer: Name:www.insead.edu Address: 213.182.38.52 Is it possible an upstream DNS forwarder is blocking access? Sincerely, Jeffrey and Mary Jane Harris VIPCS _ From: m b [mailto:midphan12...@gmail.com] Sent: Wednesday, December 15, 2010 11:15 AM To: NT System Admin Issues Subject: 2K8R2 DNS anomaly Within our forest, all domain controllers are DNS servers. We've been working to upgrade from 2K3 to 2K8. Most of those that are upgraded are 2K8R2, while a few are just 2K8. I have heard some reports from users that they were unable to access certain websites that they were able to access from home. Today's example is www.insead.edu http://www.insead.edu/ . When I do an nslookup against any of our 2K8R2 DNS servers, the lookup fails to resolve. If I do that same lookup against any 2K3 or 2K8 DNS server, it is successful. I'm not seeing any common event log errors/warnings among the 2K8R2 DNS servers. My only hunch is root hints. Anyone experienced something similar? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT : Holiday funny...
Need another verse about the driver - he was dismissed almost immediately: 1. He crossed into the on-coming traffic lane 2. He could not see if anything or anybody was behind the snow man 3. He had no way to determine if there were rocks, posts, etc within the snow man Not such a happy holiday for him! Maglinger, Paul pmaglin...@scvl.com wrote on 12/15/2010 10:48:43 AM: Frosty the snowman, wasn't too quick on his feet. It was clearly his loss, when he tried to cross, in the middle of the street. http://www.nbcchicago.com/news/local-beat/champaign-urbana-bus- snowman-111815254.html?dr#ixzz1860nu92H -Paul ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software. com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: 2K8R2 DNS anomaly
I think the jest of the KB article is that it is caused by your firewall, I know that I am running a Cisco ASA and there are DNS filters by default. I'm going to check those out now. From: VIPCS [mailto:vi...@stny.rr.com] Sent: Wednesday, December 15, 2010 8:23 AM To: NT System Admin Issues Subject: RE: 2K8R2 DNS anomaly Jeffrey just tried an nslookup query (results below) on two WS2K8 servers (one is R2) on two different networks and both resolved (both are DCs with DNS installed): Non-authoritative answer: Name:www.insead.eduhttp://www.insead.edu Address: 213.182.38.52 Is it possible an upstream DNS forwarder is blocking access? Sincerely, Jeffrey and Mary Jane Harris VIPCS From: m b [mailto:midphan12...@gmail.com] Sent: Wednesday, December 15, 2010 11:15 AM To: NT System Admin Issues Subject: 2K8R2 DNS anomaly Within our forest, all domain controllers are DNS servers. We've been working to upgrade from 2K3 to 2K8. Most of those that are upgraded are 2K8R2, while a few are just 2K8. I have heard some reports from users that they were unable to access certain websites that they were able to access from home. Today's example is www.insead.eduhttp://www.insead.edu/. When I do an nslookup against any of our 2K8R2 DNS servers, the lookup fails to resolve. If I do that same lookup against any 2K3 or 2K8 DNS server, it is successful. I'm not seeing any common event log errors/warnings among the 2K8R2 DNS servers. My only hunch is root hints. Anyone experienced something similar? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin /pre-brKey Technology, Inc. Disclaimer Notice - The information and attachment(s) contained in this communication are intended for the addressee only, and may be confidential and/or legally privileged. If you have received this communication in error, please contact the sender immediately, and delete this communication from any computer or network system. Any interception, review, printing, copying, re-transmission, dissemination, or other use of, or taking of any action upon this information by persons or entities other than the intended recipient is strictly prohibited by law and may subject them to criminal or civil liability. Key Technology, Inc. is not liable for the improper and/or incomplete transmission of the information contained in this communication or for any delay in its receipt.brpre ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: 2K8R2 DNS anomaly
This becomes more interesting. ORCA has set up a reply-size test server ( https://www.dns-oarc.net/oarc/services/replysizetest). The results look backwards to me, but follow the pattern of success/failure. An indication that this does have to do with UDP packet size. I'm hesitant to start applying the workaround turning off EDNS capability. Contacting firewall team for their input. C:\Documents and Settings\menslookup -type=txt rs.dns-oarc.net. (our 2K8 server) Server: (our 2K8 server) Address: (our 2K8 server) DNS request timed out. timeout was 2 seconds. *** Request to (our 2K8 server) timed-out C:\Documents and Settings\menslookup -type=txt rs.dns-oarc.net. (our 2k3 server) Server: (our 2k3 server) Address: (our 2k3 server) DNS request timed out. timeout was 2 seconds. *** Request to (our 2k3 server) timed-out C:\Documents and Settings\menslookup -type=txt rs.dns-oarc.net. (our 2k8r2 server) Server: (our 2k8r2 server) Address: (our 2k8r2 server) Non-authoritative answer: rs.dns-oarc.net canonical name = rst.x3827.rs.dns-oarc.net rst.x3827.rs.dns-oarc.net canonical name = rst.x3837.x3827.rs.dns-oarc.net rst.x3837.x3827.rs.dns-oarc.net canonical name = rst.x3843.x3837.x3827.rs.dns-oa rc.net rst.x3843.x3837.x3827.rs.dns-oarc.net text = (our 2k8r2 server) DNS reply size limit is at least 3843 rst.x3843.x3837.x3827.rs.dns-oarc.net text = (our 2k8r2 server) sent EDNS buffer size 4000 rst.x3843.x3837.x3827.rs.dns-oarc.net text = Tested at 2010-12-15 16:55:15 UTC On Wed, Dec 15, 2010 at 10:23 AM, VIPCS vi...@stny.rr.com wrote: Jeffrey just tried an nslookup query (results below) on two WS2K8 servers (one is R2) on two different networks and both resolved (both are DCs with DNS installed): Non-authoritative answer: Name:www.insead.edu Address: 213.182.38.52 Is it possible an upstream DNS forwarder is blocking access? Sincerely, Jeffrey and Mary Jane Harris VIPCS -- *From:* m b [mailto:midphan12...@gmail.com] *Sent:* Wednesday, December 15, 2010 11:15 AM *To:* NT System Admin Issues *Subject:* 2K8R2 DNS anomaly Within our forest, all domain controllers are DNS servers. We've been working to upgrade from 2K3 to 2K8. Most of those that are upgraded are 2K8R2, while a few are just 2K8. I have heard some reports from users that they were unable to access certain websites that they were able to access from home. Today's example is www.insead.edu. When I do an nslookup against any of our 2K8R2 DNS servers, the lookup fails to resolve. If I do that same lookup against any 2K3 or 2K8 DNS server, it is successful. I'm not seeing any common event log errors/warnings among the 2K8R2 DNS servers. My only hunch is root hints. Anyone experienced something similar? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT : Holiday funny...
The bus driver was manic, while he rolled over Frosty's neck. Now he's quite benign, while he's standing in line, waiting for his unemployment check. From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Wednesday, December 15, 2010 11:03 AM To: NT System Admin Issues Subject: Re: OT : Holiday funny... Need another verse about the driver - he was dismissed almost immediately: 1. He crossed into the on-coming traffic lane 2. He could not see if anything or anybody was behind the snow man 3. He had no way to determine if there were rocks, posts, etc within the snow man Not such a happy holiday for him! Maglinger, Paul pmaglin...@scvl.com wrote on 12/15/2010 10:48:43 AM: Frosty the snowman, wasn't too quick on his feet. It was clearly his loss, when he tried to cross, in the middle of the street. http://www.nbcchicago.com/news/local-beat/champaign-urbana-bus- snowman-111815254.html?dr#ixzz1860nu92H -Paul ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software. com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT : Holiday funny...
The bus driver, while running his route, Decided to take Frosty out But he found to his shame That it wasn't a game, And now a job he's without. While driving his bus down the road He decided to be quite a toad His murder of Frosty To his job was quite costly The street will be his new abode. From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Wednesday, December 15, 2010 11:17 AM To: NT System Admin Issues Subject: RE: OT : Holiday funny... The bus driver was manic, while he rolled over Frosty's neck. Now he's quite benign, while he's standing in line, waiting for his unemployment check. From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Wednesday, December 15, 2010 11:03 AM To: NT System Admin Issues Subject: Re: OT : Holiday funny... Need another verse about the driver - he was dismissed almost immediately: 1. He crossed into the on-coming traffic lane 2. He could not see if anything or anybody was behind the snow man 3. He had no way to determine if there were rocks, posts, etc within the snow man Not such a happy holiday for him! Maglinger, Paul pmaglin...@scvl.com wrote on 12/15/2010 10:48:43 AM: Frosty the snowman, wasn't too quick on his feet. It was clearly his loss, when he tried to cross, in the middle of the street. http://www.nbcchicago.com/news/local-beat/champaign-urbana-bus- snowman-111815254.html?dr#ixzz1860nu92H -Paul ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software. com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: System Tool 2011 malware
Perhaps the user is correct: http://www.securitynewsdaily.com/google-microsoft-ads-spreading-malware-0351/ Roger Wright ___ Never make hard what you can make easy. - Fred W. Frailey On Wed, Dec 15, 2010 at 8:41 AM, James Kerr cluster...@gmail.com wrote: I had a user get that crap on his PC on Tuesday and it disabled Vipre Enterprise also. The user swears he didn't click on anything and was on MSNBCs site. He was about to get a new PC anyway so I'm not bothering to clean. Its not the first time that user got one of those fake AVs, or the second for that matter. James - Original Message - From: John Aldrich jaldr...@blueridgecarpet.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, December 15, 2010 5:21 AM Subject: Re: System Tool 2011 malware On Tue December 14 2010, you wrote: Hi John, User know where they were surfing when it hit? Samples can be submitted here: http://www.sunbeltsecurity.com/threat If you want assistance with removal check the box that says I need help . Someone will be happy to help. We're releasing defs something like 13x/day now so shouldn't be too long to get updates for that critter. Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre Home caught it...what's more, it disabled Vipre Home. I'll see if I can get access to the zipped sample so I can resubmit. Thanks! -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: 2K8R2 DNS anomaly
Your results do indicate the EDNS issue. It is universal...it kills all 2008 servers that I have seen using DNS. As for the 2K3 server, who is it's forwarder? I will bet it's a 2K8 server. From: m b [mailto:midphan12...@gmail.com] Sent: Wednesday, December 15, 2010 12:13 PM To: NT System Admin Issues Subject: Re: 2K8R2 DNS anomaly This becomes more interesting. ORCA has set up a reply-size test server (https://www.dns-oarc.net/oarc/services/replysizetest). The results look backwards to me, but follow the pattern of success/failure. An indication that this does have to do with UDP packet size. I'm hesitant to start applying the workaround turning off EDNS capability. Contacting firewall team for their input. C:\Documents and Settings\menslookup -type=txt rs.dns-oarc.nethttp://rs.dns-oarc.net. (our 2K8 server) Server: (our 2K8 server) Address: (our 2K8 server) DNS request timed out. timeout was 2 seconds. *** Request to (our 2K8 server) timed-out C:\Documents and Settings\menslookup -type=txt rs.dns-oarc.nethttp://rs.dns-oarc.net. (our 2k3 server) Server: (our 2k3 server) Address: (our 2k3 server) DNS request timed out. timeout was 2 seconds. *** Request to (our 2k3 server) timed-out C:\Documents and Settings\menslookup -type=txt rs.dns-oarc.nethttp://rs.dns-oarc.net. (our 2k8r2 server) Server: (our 2k8r2 server) Address: (our 2k8r2 server) Non-authoritative answer: rs.dns-oarc.nethttp://rs.dns-oarc.net canonical name = rst.x3827.rs.dns-oarc.nethttp://rst.x3827.rs.dns-oarc.net rst.x3827.rs.dns-oarc.nethttp://rst.x3827.rs.dns-oarc.net canonical name = rst.x3837.x3827.rs.dns-oarc.nethttp://rst.x3837.x3827.rs.dns-oarc.net rst.x3837.x3827.rs.dns-oarc.nethttp://rst.x3837.x3827.rs.dns-oarc.net canonical name = rst.x3843.x3837.x3827.rs.dns-oa rc.nethttp://rc.net rst.x3843.x3837.x3827.rs.dns-oarc.nethttp://rst.x3843.x3837.x3827.rs.dns-oarc.net text = (our 2k8r2 server) DNS reply size limit is at least 3843 rst.x3843.x3837.x3827.rs.dns-oarc.nethttp://rst.x3843.x3837.x3827.rs.dns-oarc.net text = (our 2k8r2 server) sent EDNS buffer size 4000 rst.x3843.x3837.x3827.rs.dns-oarc.nethttp://rst.x3843.x3837.x3827.rs.dns-oarc.net text = Tested at 2010-12-15 16:55:15 UTC On Wed, Dec 15, 2010 at 10:23 AM, VIPCS vi...@stny.rr.commailto:vi...@stny.rr.com wrote: Jeffrey just tried an nslookup query (results below) on two WS2K8 servers (one is R2) on two different networks and both resolved (both are DCs with DNS installed): Non-authoritative answer: Name:www.insead.eduhttp://www.insead.edu/ Address: 213.182.38.52 Is it possible an upstream DNS forwarder is blocking access? Sincerely, Jeffrey and Mary Jane Harris VIPCS From: m b [mailto:midphan12...@gmail.commailto:midphan12...@gmail.com] Sent: Wednesday, December 15, 2010 11:15 AM To: NT System Admin Issues Subject: 2K8R2 DNS anomaly Within our forest, all domain controllers are DNS servers. We've been working to upgrade from 2K3 to 2K8. Most of those that are upgraded are 2K8R2, while a few are just 2K8. I have heard some reports from users that they were unable to access certain websites that they were able to access from home. Today's example is www.insead.eduhttp://www.insead.edu/. When I do an nslookup against any of our 2K8R2 DNS servers, the lookup fails to resolve. If I do that same lookup against any 2K3 or 2K8 DNS server, it is successful. I'm not seeing any common event log errors/warnings among the 2K8R2 DNS servers. My only hunch is root hints. Anyone experienced something similar? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to
Re: OT : Holiday funny...
Bravo! - Sean On Wed, Dec 15, 2010 at 8:23 AM, Kim Longenbaugh k...@colonialsavings.comwrote: The bus driver, while running his route, Decided to take Frosty out But he found to his shame That it wasn’t a game, And now a job he’s without. While driving his bus down the road He decided to be quite a toad His murder of Frosty To his job was quite costly The street will be his new abode. *From:* Maglinger, Paul [mailto:pmaglin...@scvl.com] *Sent:* Wednesday, December 15, 2010 11:17 AM *To:* NT System Admin Issues *Subject:* RE: OT : Holiday funny... The bus driver was manic, while he rolled over Frosty’s neck. Now he’s quite benign, while he’s standing in line, waiting for his unemployment check. *From:* richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] *Sent:* Wednesday, December 15, 2010 11:03 AM *To:* NT System Admin Issues *Subject:* Re: OT : Holiday funny... Need another verse about the driver - he was dismissed almost immediately: 1. He crossed into the on-coming traffic lane 2. He could not see if anything or anybody was behind the snow man 3. He had no way to determine if there were rocks, posts, etc within the snow man Not such a happy holiday for him! Maglinger, Paul pmaglin...@scvl.com wrote on 12/15/2010 10:48:43 AM: Frosty the snowman, wasn't too quick on his feet. It was clearly his loss, when he tried to cross, in the middle of the street. http://www.nbcchicago.com/news/local-beat/champaign-urbana-bus- snowman-111815254.html?dr#ixzz1860nu92H -Paul ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software. com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: System Tool 2011 malware
I'm quite sure this is a husband and wife sharing the same account, but I can't help but imagine Jeffrey talking in the third person. :) Happy Holidays! - Sean On Wed, Dec 15, 2010 at 7:51 AM, VIPCS vi...@stny.rr.com wrote: Jeffrey had to fix malware on a user's system that infected the keyboard drivers, and prevent any keyboard from being used. Combofix was the only tool that detected and fixed the issue (Jeffrey tried Vipre, Vipre Rescue, MalwareBytes, and the Microsoft Malicious Software Removal Tool). That Vipre never even detected the malware concerned Jeffrey more than anything else, even though Jeffrey knew it was malware because of numerous reports on the Internet of other users with the same issue. Sincerely, Jeffrey and Mary Jane Harris VIPCS -Original Message- From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu] Sent: Wednesday, December 15, 2010 11:07 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Don't forget combofix - taken care of some things that can't be cleaned otherwise. Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 On 12/15/10 10:37 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: Thanks for the info, guys... I downloaded it and will start using it as part of my regular troubleshooting/cleaning toolkit. :-) From: Scott Weber [mailto:swe...@thanksal.com] Sent: Wednesday, December 15, 2010 10:24 AM To: NT System Admin Issues Subject: RE: System Tool 2011 malware James, Recently (this past weekend) found out about secunia PSI and I like it. +1 Scott From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, December 15, 2010 7:53 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Secunia PSI FTWI've got that down as part of the standard toolset I put on home users' PCs now. It's also not too hard to use, which is a big plus for these kind of jobs On 15 December 2010 13:50, Erik Goldoff egold...@gmail.com wrote: I wonder the status of patching on his system, not just Microsoft but Adobe and other applications. I've seen a bit of these fake av type malware gems arrive via suspected 'drive by' website visits, possibly from hitting flash/shockwave vulnerabilities on linked animated advertisements. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' -Original Message- From: James Kerr [mailto:cluster...@gmail.com] Sent: Wednesday, December 15, 2010 8:42 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I had a user get that crap on his PC on Tuesday and it disabled Vipre Enterprise also. The user swears he didn't click on anything and was on MSNBCs site. He was about to get a new PC anyway so I'm not bothering to clean. Its not the first time that user got one of those fake AVs, or the second for that matter. James - Original Message - From: John Aldrich jaldr...@blueridgecarpet.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, December 15, 2010 5:21 AM Subject: Re: System Tool 2011 malware On Tue December 14 2010, you wrote: Hi John, User know where they were surfing when it hit? Samples can be submitted here: http://www.sunbeltsecurity.com/threat If you want assistance with removal check the box that says I need help . Someone will be happy to help. We're releasing defs something like 13x/day now so shouldn't be too long to get updates for that critter. Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre Home caught it...what's more, it disabled Vipre Home. I'll see if I can get access to the zipped sample so I can resubmit. Thanks! -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage,
Re: System Tool 2011 malware
Could be, we are slacking on the Adobe patching front. - Original Message - From: Roger Wright To: NT System Admin Issues Sent: Wednesday, December 15, 2010 1:04 PM Subject: Re: System Tool 2011 malware Perhaps the user is correct: http://www.securitynewsdaily.com/google-microsoft-ads-spreading-malware-0351/ Roger Wright ___ Never make hard what you can make easy. - Fred W. Frailey On Wed, Dec 15, 2010 at 8:41 AM, James Kerr cluster...@gmail.com wrote: I had a user get that crap on his PC on Tuesday and it disabled Vipre Enterprise also. The user swears he didn't click on anything and was on MSNBCs site. He was about to get a new PC anyway so I'm not bothering to clean. Its not the first time that user got one of those fake AVs, or the second for that matter. James - Original Message - From: John Aldrich jaldr...@blueridgecarpet.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, December 15, 2010 5:21 AM Subject: Re: System Tool 2011 malware On Tue December 14 2010, you wrote: Hi John, User know where they were surfing when it hit? Samples can be submitted here: http://www.sunbeltsecurity.com/threat If you want assistance with removal check the box that says I need help . Someone will be happy to help. We're releasing defs something like 13x/day now so shouldn't be too long to get updates for that critter. Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre Home caught it...what's more, it disabled Vipre Home. I'll see if I can get access to the zipped sample so I can resubmit. Thanks! -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: System Tool 2011 malware
SAFE MODE, SAFE MODE, SAFE MODE... Forget SBSD, it sucks these days. Malwarebytes, ESET, and Kasperky. Use those. You'll get *everything*. Use Live CD's if at all possible. But, if you do, be aware of NTFS perms. -- ME2 On Tue, Dec 14, 2010 at 7:47 PM, Steve Ens stevey...@gmail.com wrote: Hey John Are you asking how to fix it, or why Vipre didn't catch it? If you're trying to fix it, then logon as the administrator (or something other than what the infected profile) and then run the tools...full scans. Steve On Tuesday, December 14, 2010, John Aldrich jaldr...@blueridgecarpet.com wrote: I had a home user who called me to come work on his computer because it kept coming up with the system tool 2011 malware (very similar to the fake antivirus malware.) The system is Windows XP Media Edition, and had Vipre Home installed. I ran Vipre Rescue yesterday and it supposedly cleaned some of it up, but as soon as the user rebooted into normal mode, it was back. Today, I went back and ran MalwareBytes and SpyBot SD. Neither apparently caught it, but looking at the startup entries in SpyBot, I saw a random jumble of letters under c: \documents and settings\all users\application data\ which, when I entered the directory in Windows Explorer, showed the icon for the System Tool 2011 malware. Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I tried to submit a zip of it to the CW Sandbox, but got a response that it couldn't be analyzed... -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: 2K8R2 DNS anomaly
I did confirm that running this command: dnscmd /config /enableednsprobes 0 resolves the problem, and that running this command: dnscmd /config /enableednsprobes 1 reintroduces the problem. Amounts to a temporary fix until we address the root cause. I don't know if we want to leave EDNS functionality disabled forever. On Wed, Dec 15, 2010 at 11:09 AM, Trees, Ray rtr...@key.net wrote: I think the jest of the KB article is that it is caused by your firewall, I know that I am running a Cisco ASA and there are DNS filters by default. I’m going to check those out now. *From:* VIPCS [mailto:vi...@stny.rr.com] *Sent:* Wednesday, December 15, 2010 8:23 AM *To:* NT System Admin Issues *Subject:* RE: 2K8R2 DNS anomaly Jeffrey just tried an nslookup query (results below) on two WS2K8 servers (one is R2) on two different networks and both resolved (both are DCs with DNS installed): Non-authoritative answer: Name:www.insead.edu Address: 213.182.38.52 Is it possible an upstream DNS forwarder is blocking access? Sincerely, Jeffrey and Mary Jane Harris VIPCS -- *From:* m b [mailto:midphan12...@gmail.com] *Sent:* Wednesday, December 15, 2010 11:15 AM *To:* NT System Admin Issues *Subject:* 2K8R2 DNS anomaly Within our forest, all domain controllers are DNS servers. We've been working to upgrade from 2K3 to 2K8. Most of those that are upgraded are 2K8R2, while a few are just 2K8. I have heard some reports from users that they were unable to access certain websites that they were able to access from home. Today's example is www.insead.edu. When I do an nslookup against any of our 2K8R2 DNS servers, the lookup fails to resolve. If I do that same lookup against any 2K3 or 2K8 DNS server, it is successful. I'm not seeing any common event log errors/warnings among the 2K8R2 DNS servers. My only hunch is root hints. Anyone experienced something similar? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin - Key Technology, Inc. Disclaimer Notice - The information and attachment(s) contained in this communication are intended for the addressee only, and may be confidential and/or legally privileged. If you have received this communication in error, please contact the sender immediately, and delete this communication from any computer or network system. Any interception, review, printing, copying, re-transmission, dissemination, or other use of, or taking of any action upon this information by persons or entities other than the intended recipient is strictly prohibited by law and may subject them to criminal or civil liability. Key Technology, Inc. is not liable for the improper and/or incomplete transmission of the information contained in this communication or for any delay in its receipt. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: 2K8R2 DNS anomaly
In my experience, I only witnessed reproduced the issue versus Windows 2008 R2 servers. And they will resolve 99.999% of all queries, just a select few that present a problem. So far, none of the problem domain queries have been business-related. On Wed, Dec 15, 2010 at 12:12 PM, Kennedy, Jim kennedy...@elyriaschools.org wrote: Your results do indicate the EDNS issue. It is universal…it kills all 2008 servers that I have seen using DNS. As for the 2K3 server, who is it’s forwarder? I will bet it’s a 2K8 server. *From:* m b [mailto:midphan12...@gmail.com] *Sent:* Wednesday, December 15, 2010 12:13 PM *To:* NT System Admin Issues *Subject:* Re: 2K8R2 DNS anomaly This becomes more interesting. ORCA has set up a reply-size test server ( https://www.dns-oarc.net/oarc/services/replysizetest). The results look backwards to me, but follow the pattern of success/failure. An indication that this does have to do with UDP packet size. I'm hesitant to start applying the workaround turning off EDNS capability. Contacting firewall team for their input. C:\Documents and Settings\menslookup -type=txt rs.dns-oarc.net. (our 2K8 server) Server: (our 2K8 server) Address: (our 2K8 server) DNS request timed out. timeout was 2 seconds. *** Request to (our 2K8 server) timed-out C:\Documents and Settings\menslookup -type=txt rs.dns-oarc.net. (our 2k3 server) Server: (our 2k3 server) Address: (our 2k3 server) DNS request timed out. timeout was 2 seconds. *** Request to (our 2k3 server) timed-out C:\Documents and Settings\menslookup -type=txt rs.dns-oarc.net. (our 2k8r2 server) Server: (our 2k8r2 server) Address: (our 2k8r2 server) Non-authoritative answer: rs.dns-oarc.net canonical name = rst.x3827.rs.dns-oarc.net rst.x3827.rs.dns-oarc.net canonical name = rst.x3837.x3827.rs.dns-oarc.net rst.x3837.x3827.rs.dns-oarc.net canonical name = rst.x3843.x3837.x3827.rs.dns-oa rc.net rst.x3843.x3837.x3827.rs.dns-oarc.net text = (our 2k8r2 server) DNS reply size limit is at least 3843 rst.x3843.x3837.x3827.rs.dns-oarc.net text = (our 2k8r2 server) sent EDNS buffer size 4000 rst.x3843.x3837.x3827.rs.dns-oarc.net text = Tested at 2010-12-15 16:55:15 UTC On Wed, Dec 15, 2010 at 10:23 AM, VIPCS vi...@stny.rr.com wrote: Jeffrey just tried an nslookup query (results below) on two WS2K8 servers (one is R2) on two different networks and both resolved (both are DCs with DNS installed): Non-authoritative answer: Name:www.insead.edu Address: 213.182.38.52 Is it possible an upstream DNS forwarder is blocking access? Sincerely, Jeffrey and Mary Jane Harris VIPCS -- *From:* m b [mailto:midphan12...@gmail.com] *Sent:* Wednesday, December 15, 2010 11:15 AM *To:* NT System Admin Issues *Subject:* 2K8R2 DNS anomaly Within our forest, all domain controllers are DNS servers. We've been working to upgrade from 2K3 to 2K8. Most of those that are upgraded are 2K8R2, while a few are just 2K8. I have heard some reports from users that they were unable to access certain websites that they were able to access from home. Today's example is www.insead.edu. When I do an nslookup against any of our 2K8R2 DNS servers, the lookup fails to resolve. If I do that same lookup against any 2K3 or 2K8 DNS server, it is successful. I'm not seeing any common event log errors/warnings among the 2K8R2 DNS servers. My only hunch is root hints. Anyone experienced something similar? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
RE: 2K8R2 DNS anomaly
EDNS support was released in Server 2003, I think it was SP1. At that time, Yahoo, AOL, and just a couple of others would return lists of IP addresses that wouldn't fit in a standard 512 byte DNS response packet. At THAT TIME, _most_ firewalls would prevent a UDP response packet of greater than 512 bytes being used. This was especially true of Cisco firewalls (PIX at the time) and various SOHO / SMB firewalls. With Cisco, it was an easy fix (protocol fixup dns 2048 - or some such). For responses greater than 512 bytes, you had to switch to TCP. Lots of folks didn't have TCP 53 open to DNS. So... DNS responses would time out. Today, geographically based responses are common (i.e., you query addresses for yahoo.com, you don't get all of them, you only get a few) and most firewalls have relaxed the restrictions to 1024 or 2048 bytes and most companies have TCP 53 open. So, it's rare - but it still can happen - even on the old operating systems. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: m b [mailto:midphan12...@gmail.com] Sent: Wednesday, December 15, 2010 1:42 PM To: NT System Admin Issues Subject: Re: 2K8R2 DNS anomaly In my experience, I only witnessed reproduced the issue versus Windows 2008 R2 servers. And they will resolve 99.999% of all queries, just a select few that present a problem. So far, none of the problem domain queries have been business-related. On Wed, Dec 15, 2010 at 12:12 PM, Kennedy, Jim kennedy...@elyriaschools.orgmailto:kennedy...@elyriaschools.org wrote: Your results do indicate the EDNS issue. It is universal...it kills all 2008 servers that I have seen using DNS. As for the 2K3 server, who is it's forwarder? I will bet it's a 2K8 server. From: m b [mailto:midphan12...@gmail.commailto:midphan12...@gmail.com] Sent: Wednesday, December 15, 2010 12:13 PM To: NT System Admin Issues Subject: Re: 2K8R2 DNS anomaly This becomes more interesting. ORCA has set up a reply-size test server (https://www.dns-oarc.net/oarc/services/replysizetest). The results look backwards to me, but follow the pattern of success/failure. An indication that this does have to do with UDP packet size. I'm hesitant to start applying the workaround turning off EDNS capability. Contacting firewall team for their input. C:\Documents and Settings\menslookup -type=txt rs.dns-oarc.nethttp://rs.dns-oarc.net/. (our 2K8 server) Server: (our 2K8 server) Address: (our 2K8 server) DNS request timed out. timeout was 2 seconds. *** Request to (our 2K8 server) timed-out C:\Documents and Settings\menslookup -type=txt rs.dns-oarc.nethttp://rs.dns-oarc.net/. (our 2k3 server) Server: (our 2k3 server) Address: (our 2k3 server) DNS request timed out. timeout was 2 seconds. *** Request to (our 2k3 server) timed-out C:\Documents and Settings\menslookup -type=txt rs.dns-oarc.nethttp://rs.dns-oarc.net/. (our 2k8r2 server) Server: (our 2k8r2 server) Address: (our 2k8r2 server) Non-authoritative answer: rs.dns-oarc.nethttp://rs.dns-oarc.net/ canonical name = rst.x3827.rs.dns-oarc.nethttp://rst.x3827.rs.dns-oarc.net/ rst.x3827.rs.dns-oarc.nethttp://rst.x3827.rs.dns-oarc.net/ canonical name = rst.x3837.x3827.rs.dns-oarc.nethttp://rst.x3837.x3827.rs.dns-oarc.net/ rst.x3837.x3827.rs.dns-oarc.nethttp://rst.x3837.x3827.rs.dns-oarc.net/ canonical name = rst.x3843.x3837.x3827.rs.dns-oa rc.nethttp://rc.net/ rst.x3843.x3837.x3827.rs.dns-oarc.nethttp://rst.x3843.x3837.x3827.rs.dns-oarc.net/ text = (our 2k8r2 server) DNS reply size limit is at least 3843 rst.x3843.x3837.x3827.rs.dns-oarc.nethttp://rst.x3843.x3837.x3827.rs.dns-oarc.net/ text = (our 2k8r2 server) sent EDNS buffer size 4000 rst.x3843.x3837.x3827.rs.dns-oarc.nethttp://rst.x3843.x3837.x3827.rs.dns-oarc.net/ text = Tested at 2010-12-15 16:55:15 UTC On Wed, Dec 15, 2010 at 10:23 AM, VIPCS vi...@stny.rr.commailto:vi...@stny.rr.com wrote: Jeffrey just tried an nslookup query (results below) on two WS2K8 servers (one is R2) on two different networks and both resolved (both are DCs with DNS installed): Non-authoritative answer: Name:www.insead.eduhttp://www.insead.edu/ Address: 213.182.38.52 Is it possible an upstream DNS forwarder is blocking access? Sincerely, Jeffrey and Mary Jane Harris VIPCS From: m b [mailto:midphan12...@gmail.commailto:midphan12...@gmail.com] Sent: Wednesday, December 15, 2010 11:15 AM To: NT System Admin Issues Subject: 2K8R2 DNS anomaly Within our forest, all domain controllers are DNS servers. We've been working to upgrade from 2K3 to 2K8. Most of those that are upgraded are 2K8R2, while a few are just 2K8. I have heard some reports from users that they were unable to access certain websites that they were able to access from home. Today's example is www.insead.eduhttp://www.insead.edu/. When I do an nslookup against any of our 2K8R2 DNS servers, the
RE: System Tool 2011 malware
Because it is a shared account, Jeffrey does indeed talk in the third person (if he used I, you would not know who the I was, now would you *grin*?). Sincerely, Jeffrey and Mary Jane Harris VIPCS _ From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Wednesday, December 15, 2010 1:25 PM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I'm quite sure this is a husband and wife sharing the same account, but I can't help but imagine Jeffrey talking in the third person. :) Happy Holidays! - Sean On Wed, Dec 15, 2010 at 7:51 AM, VIPCS vi...@stny.rr.com wrote: Jeffrey had to fix malware on a user's system that infected the keyboard drivers, and prevent any keyboard from being used. Combofix was the only tool that detected and fixed the issue (Jeffrey tried Vipre, Vipre Rescue, MalwareBytes, and the Microsoft Malicious Software Removal Tool). That Vipre never even detected the malware concerned Jeffrey more than anything else, even though Jeffrey knew it was malware because of numerous reports on the Internet of other users with the same issue. Sincerely, Jeffrey and Mary Jane Harris VIPCS -Original Message- From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu] Sent: Wednesday, December 15, 2010 11:07 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Don't forget combofix - taken care of some things that can't be cleaned otherwise. Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 On 12/15/10 10:37 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: Thanks for the info, guys... I downloaded it and will start using it as part of my regular troubleshooting/cleaning toolkit. :-) From: Scott Weber [mailto:swe...@thanksal.com] Sent: Wednesday, December 15, 2010 10:24 AM To: NT System Admin Issues Subject: RE: System Tool 2011 malware James, Recently (this past weekend) found out about secunia PSI and I like it. +1 Scott From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, December 15, 2010 7:53 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Secunia PSI FTWI've got that down as part of the standard toolset I put on home users' PCs now. It's also not too hard to use, which is a big plus for these kind of jobs On 15 December 2010 13:50, Erik Goldoff egold...@gmail.com wrote: I wonder the status of patching on his system, not just Microsoft but Adobe and other applications. I've seen a bit of these fake av type malware gems arrive via suspected 'drive by' website visits, possibly from hitting flash/shockwave vulnerabilities on linked animated advertisements. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' -Original Message- From: James Kerr [mailto:cluster...@gmail.com] Sent: Wednesday, December 15, 2010 8:42 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I had a user get that crap on his PC on Tuesday and it disabled Vipre Enterprise also. The user swears he didn't click on anything and was on MSNBCs site. He was about to get a new PC anyway so I'm not bothering to clean. Its not the first time that user got one of those fake AVs, or the second for that matter. James - Original Message - From: John Aldrich jaldr...@blueridgecarpet.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, December 15, 2010 5:21 AM Subject: Re: System Tool 2011 malware On Tue December 14 2010, you wrote: Hi John, User know where they were surfing when it hit? Samples can be submitted here: http://www.sunbeltsecurity.com/threat If you want assistance with removal check the box that says I need help . Someone will be happy to help. We're releasing defs something like 13x/day now so shouldn't be too long to get updates for that critter. Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre Home caught it...what's more, it disabled Vipre Home. I'll see if I can get access to the zipped sample so I can resubmit. Thanks! -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ---
Re: System Tool 2011 malware
Malwarebytes no, but ComboFix yes? I'm not buying it. Something else was happening that broke or blocked Mb from updating. -- ME2 On Wed, Dec 15, 2010 at 8:51 AM, VIPCS vi...@stny.rr.com wrote: Jeffrey had to fix malware on a user's system that infected the keyboard drivers, and prevent any keyboard from being used. Combofix was the only tool that detected and fixed the issue (Jeffrey tried Vipre, Vipre Rescue, MalwareBytes, and the Microsoft Malicious Software Removal Tool). That Vipre never even detected the malware concerned Jeffrey more than anything else, even though Jeffrey knew it was malware because of numerous reports on the Internet of other users with the same issue. Sincerely, Jeffrey and Mary Jane Harris VIPCS -Original Message- From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu] Sent: Wednesday, December 15, 2010 11:07 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Don't forget combofix - taken care of some things that can't be cleaned otherwise. Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 On 12/15/10 10:37 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: Thanks for the info, guys... I downloaded it and will start using it as part of my regular troubleshooting/cleaning toolkit. :-) From: Scott Weber [mailto:swe...@thanksal.com] Sent: Wednesday, December 15, 2010 10:24 AM To: NT System Admin Issues Subject: RE: System Tool 2011 malware James, Recently (this past weekend) found out about secunia PSI and I like it. +1 Scott From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, December 15, 2010 7:53 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Secunia PSI FTWI've got that down as part of the standard toolset I put on home users' PCs now. It's also not too hard to use, which is a big plus for these kind of jobs On 15 December 2010 13:50, Erik Goldoff egold...@gmail.com wrote: I wonder the status of patching on his system, not just Microsoft but Adobe and other applications. I've seen a bit of these fake av type malware gems arrive via suspected 'drive by' website visits, possibly from hitting flash/shockwave vulnerabilities on linked animated advertisements. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' -Original Message- From: James Kerr [mailto:cluster...@gmail.com] Sent: Wednesday, December 15, 2010 8:42 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I had a user get that crap on his PC on Tuesday and it disabled Vipre Enterprise also. The user swears he didn't click on anything and was on MSNBCs site. He was about to get a new PC anyway so I'm not bothering to clean. Its not the first time that user got one of those fake AVs, or the second for that matter. James - Original Message - From: John Aldrich jaldr...@blueridgecarpet.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, December 15, 2010 5:21 AM Subject: Re: System Tool 2011 malware On Tue December 14 2010, you wrote: Hi John, User know where they were surfing when it hit? Samples can be submitted here: http://www.sunbeltsecurity.com/threat If you want assistance with removal check the box that says I need help . Someone will be happy to help. We're releasing defs something like 13x/day now so shouldn't be too long to get updates for that critter. Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre Home caught it...what's more, it disabled Vipre Home. I'll see if I can get access to the zipped sample so I can resubmit. Thanks! -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the
Re: OT: Anyone looking for a new gig for the new year? (Baltimore area)
Would you be my boss? :-) -- ME2 On Wed, Dec 15, 2010 at 5:18 AM, Jim Holmgren jholmg...@xlhealth.comwrote: Hey folks, I've got some openings coming up here in the Baltimore MD area. Some of these are due to expanded headcounts (we are really growing) and one is due to mutually agreed separation. All of these positions would directly or indirectly report to me. HR is going through the usual sources, but I thought I could help cast a wider net. We are pretty much a 100% Windows shop, EMC storage, VMWare infrastructure, and we are looking for: 1) Manager of Server Engineering (my current position - I just received a promotion) 2) Tier 2/3 Technical Support 3) Junior SQL DBA 4) Principal SQL DBA I know this is not a lot to go on, but I don't want to flood the list with job descriptions, etc. Competitive salary, good benefits, EOE, etc. If any of these titles look interesting and you are in the Baltimore MD area (can't do paid relocation, sorry) drop me a note off-list please. Thanks! Jim Jim Holmgren Manager of Server Engineering XLHealth Corporation The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) www.xlhealth.com CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso exclusivo del destinatario(s) y puede contener información confidencial y/o información protegida de salud. En virtud de la Ley Federal (HIPAA), el destinatario tiene la obligación de mantener esta información segura y confidencial. Cualquier divulgación a terceros sin la autorización de los miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley Federal. Si usted no es el destinatario, por favor, póngase en contacto con el remitente por teléfono y destruir todas las copias del mensaje original ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT: Anyone looking for a new gig for the new year? (Baltimore area)
...and, congrats on the promotion! -- ME2 On Wed, Dec 15, 2010 at 11:03 AM, Micheal Espinola Jr michealespin...@gmail.com wrote: Would you be my boss? :-) -- ME2 On Wed, Dec 15, 2010 at 5:18 AM, Jim Holmgren jholmg...@xlhealth.comwrote: Hey folks, I've got some openings coming up here in the Baltimore MD area. Some of these are due to expanded headcounts (we are really growing) and one is due to mutually agreed separation. All of these positions would directly or indirectly report to me. HR is going through the usual sources, but I thought I could help cast a wider net. We are pretty much a 100% Windows shop, EMC storage, VMWare infrastructure, and we are looking for: 1) Manager of Server Engineering (my current position - I just received a promotion) 2) Tier 2/3 Technical Support 3) Junior SQL DBA 4) Principal SQL DBA I know this is not a lot to go on, but I don't want to flood the list with job descriptions, etc. Competitive salary, good benefits, EOE, etc. If any of these titles look interesting and you are in the Baltimore MD area (can't do paid relocation, sorry) drop me a note off-list please. Thanks! Jim Jim Holmgren Manager of Server Engineering XLHealth Corporation The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) www.xlhealth.com CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso exclusivo del destinatario(s) y puede contener información confidencial y/o información protegida de salud. En virtud de la Ley Federal (HIPAA), el destinatario tiene la obligación de mantener esta información segura y confidencial. Cualquier divulgación a terceros sin la autorización de los miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley Federal. Si usted no es el destinatario, por favor, póngase en contacto con el remitente por teléfono y destruir todas las copias del mensaje original ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT : Holiday funny...
+5 *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Wed, Dec 15, 2010 at 1:23 PM, Sean Martin seanmarti...@gmail.com wrote: Bravo! - Sean On Wed, Dec 15, 2010 at 8:23 AM, Kim Longenbaugh k...@colonialsavings.com wrote: The bus driver, while running his route, Decided to take Frosty out But he found to his shame That it wasn’t a game, And now a job he’s without. While driving his bus down the road He decided to be quite a toad His murder of Frosty To his job was quite costly The street will be his new abode. *From:* Maglinger, Paul [mailto:pmaglin...@scvl.com] *Sent:* Wednesday, December 15, 2010 11:17 AM *To:* NT System Admin Issues *Subject:* RE: OT : Holiday funny... The bus driver was manic, while he rolled over Frosty’s neck. Now he’s quite benign, while he’s standing in line, waiting for his unemployment check. *From:* richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] *Sent:* Wednesday, December 15, 2010 11:03 AM *To:* NT System Admin Issues *Subject:* Re: OT : Holiday funny... Need another verse about the driver - he was dismissed almost immediately: 1. He crossed into the on-coming traffic lane 2. He could not see if anything or anybody was behind the snow man 3. He had no way to determine if there were rocks, posts, etc within the snow man Not such a happy holiday for him! Maglinger, Paul pmaglin...@scvl.com wrote on 12/15/2010 10:48:43 AM: Frosty the snowman, wasn't too quick on his feet. It was clearly his loss, when he tried to cross, in the middle of the street. http://www.nbcchicago.com/news/local-beat/champaign-urbana-bus- snowman-111815254.html?dr#ixzz1860nu92H -Paul ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software. com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: System Tool 2011 malware
I didnt claim they are the end-all anything, and I certainly dont say so about Vipre - but Malwarebytes outshines ComboFix. ComboFix is faster, but I have not found it to be more reliable in any provable sense. In fact, my logs show the opposite. I also didnt claim anyone should have a static toolbag, or that ComboFix didnt fix the problem as described. I was raising the issue that there were and perhaps still are other problems on that system that are preventing Malwarebytes from operating properly; which is something I often find on systems that are not running the registered (real-time) version of Malwarebytes. -- ME2 On Wed, Dec 15, 2010 at 11:09 AM, VIPCS vi...@stny.rr.com wrote: As Jeffrey recalls, he had to rename the MB executable just to allow it to run. In any case, even if MB was blocked from operating optimally, you still cannot argue that combofix actually fixed the problem. Jeffrey raised this issue with Vipre support and they said they said the same thing – Vipre and MB are not the be-all and end-all for all malware, and sometimes specialized tools (such as combofix) are essential for some malware removal. Sincerely, Jeffrey and Mary Jane Harris VIPCS -- *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Wednesday, December 15, 2010 2:02 PM *To:* NT System Admin Issues *Subject:* Re: System Tool 2011 malware Malwarebytes no, but ComboFix yes? I'm not buying it. Something else was happening that broke or blocked Mb from updating. -- ME2 On Wed, Dec 15, 2010 at 8:51 AM, VIPCS vi...@stny.rr.com wrote: Jeffrey had to fix malware on a user's system that infected the keyboard drivers, and prevent any keyboard from being used. Combofix was the only tool that detected and fixed the issue (Jeffrey tried Vipre, Vipre Rescue, MalwareBytes, and the Microsoft Malicious Software Removal Tool). That Vipre never even detected the malware concerned Jeffrey more than anything else, even though Jeffrey knew it was malware because of numerous reports on the Internet of other users with the same issue. Sincerely, Jeffrey and Mary Jane Harris VIPCS -Original Message- From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu] Sent: Wednesday, December 15, 2010 11:07 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Don't forget combofix - taken care of some things that can't be cleaned otherwise. Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 On 12/15/10 10:37 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: Thanks for the info, guys... I downloaded it and will start using it as part of my regular troubleshooting/cleaning toolkit. :-) From: Scott Weber [mailto:swe...@thanksal.com] Sent: Wednesday, December 15, 2010 10:24 AM To: NT System Admin Issues Subject: RE: System Tool 2011 malware James, Recently (this past weekend) found out about secunia PSI and I like it. +1 Scott From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, December 15, 2010 7:53 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Secunia PSI FTWI've got that down as part of the standard toolset I put on home users' PCs now. It's also not too hard to use, which is a big plus for these kind of jobs On 15 December 2010 13:50, Erik Goldoff egold...@gmail.com wrote: I wonder the status of patching on his system, not just Microsoft but Adobe and other applications. I've seen a bit of these fake av type malware gems arrive via suspected 'drive by' website visits, possibly from hitting flash/shockwave vulnerabilities on linked animated advertisements. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' -Original Message- From: James Kerr [mailto:cluster...@gmail.com] Sent: Wednesday, December 15, 2010 8:42 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I had a user get that crap on his PC on Tuesday and it disabled Vipre Enterprise also. The user swears he didn't click on anything and was on MSNBCs site. He was about to get a new PC anyway so I'm not bothering to clean. Its not the first time that user got one of those fake AVs, or the second for that matter. James - Original Message - From: John Aldrich jaldr...@blueridgecarpet.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, December 15, 2010 5:21 AM Subject: Re: System Tool 2011 malware On Tue December 14 2010, you wrote: Hi John, User know where they were surfing when it hit? Samples can be submitted here: http://www.sunbeltsecurity.com/threat If you want assistance with removal check the box that says I need help . Someone will be happy to help. We're releasing defs
RE: OT : Holiday funny...
OK, since this is all in my little town (nothing to do with Paul Simon - the song writer or the late senator)... Here is from today's local newspaper. Check out the name of the police lieutenant. YOU CAN'T MAKE THIS STUFF UP! http://www.news-gazette.com/news/courts-police-and-fire/2010-12-15/transit-agency-says-viral-snowman-video-old-news.html -- richard Kim Longenbaugh k...@colonialsavings.com wrote on 12/15/2010 11:23:20 AM: The bus driver, while running his route, Decided to take Frosty out But he found to his shame That it wasn?t a game, And now a job he?s without. While driving his bus down the road He decided to be quite a toad His murder of Frosty To his job was quite costly The street will be his new abode. From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Wednesday, December 15, 2010 11:17 AM To: NT System Admin Issues Subject: RE: OT : Holiday funny... The bus driver was manic, while he rolled over Frosty?s neck. Now he?s quite benign, while he?s standing in line, waiting for his unemployment check. From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Wednesday, December 15, 2010 11:03 AM To: NT System Admin Issues Subject: Re: OT : Holiday funny... Need another verse about the driver - he was dismissed almost immediately: 1. He crossed into the on-coming traffic lane 2. He could not see if anything or anybody was behind the snow man 3. He had no way to determine if there were rocks, posts, etc within the snow man Not such a happy holiday for him! Maglinger, Paul pmaglin...@scvl.com wrote on 12/15/2010 10:48:43 AM: Frosty the snowman, wasn't too quick on his feet. It was clearly his loss, when he tried to cross, in the middle of the street. http://www.nbcchicago.com/news/local-beat/champaign-urbana-bus- snowman-111815254.html?dr#ixzz1860nu92H -Paul ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software. com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software. com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software. com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software. com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: System Tool 2011 malware
I would recommend other tools for startup scanning. I mean this with all sincerity, compared to other tools you can scan your system with, SBSD is a waste of scanning time. Its not top of the food chain anymore. Also, Tea-Timer (if utilized) is a major performance drag on your system, and its not even a system service. Ultimately, the security you get from SBSD should not be trusted. I think that autoruns would be a better tool for startup inspection - Its fast and well organized. A simple script can quickly open the hosts file for you on any system. Scripts could also automate basic inspecting of the hosts file contents being altered. -- ME2 On Wed, Dec 15, 2010 at 11:21 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: Well, SpyBot has a couple things going for it that the others don’t – the ability to see what’s in the startup and the “hosts” file. Sure there are other apps that’ll install a hosts file for you, but it’s really easy to do with SpyBot, plus it’s easy to see what’s in the startup that *doesn't* show up with MSCONFIG or simply looking at the startup folder in the start menu. I could tell that something was auto-starting, but I couldn’t see what it was without loading up SpyBot. :-) I'll grant you that other things may do a better job of cleaning, but I think it's still a useful tool. From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, December 15, 2010 1:37 PM To: NT System Admin Issues Subject: Re: System Tool 2011 malware SAFE MODE, SAFE MODE, SAFE MODE... Forget SBSD, it sucks these days. Malwarebytes, ESET, and Kasperky. Use those. You'll get *everything*. Use Live CD's if at all possible. But, if you do, be aware of NTFS perms. -- ME2 On Tue, Dec 14, 2010 at 7:47 PM, Steve Ens stevey...@gmail.com wrote: Hey John Are you asking how to fix it, or why Vipre didn't catch it? If you're trying to fix it, then logon as the administrator (or something other than what the infected profile) and then run the tools...full scans. Steve On Tuesday, December 14, 2010, John Aldrich jaldr...@blueridgecarpet.com wrote: I had a home user who called me to come work on his computer because it kept coming up with the system tool 2011 malware (very similar to the fake antivirus malware.) The system is Windows XP Media Edition, and had Vipre Home installed. I ran Vipre Rescue yesterday and it supposedly cleaned some of it up, but as soon as the user rebooted into normal mode, it was back. Today, I went back and ran MalwareBytes and SpyBot SD. Neither apparently caught it, but looking at the startup entries in SpyBot, I saw a random jumble of letters under c: \documents and settings\all users\application data\ which, when I entered the directory in Windows Explorer, showed the icon for the System Tool 2011 malware. Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I tried to submit a zip of it to the CW Sandbox, but got a response that it couldn't be analyzed... -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: System Tool 2011 malware
Jeffrey was confused by your not buying it comment. No personal slights were intended. Each of the other programs (except Vipre) found something, but it was left to combofix to actually resolve the basic issue of the keyboard not working. Sincerely, Jeffrey and Mary Jane Harris VIPCS _ From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, December 15, 2010 2:23 PM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I didnt claim they are the end-all anything, and I certainly dont say so about Vipre - but Malwarebytes outshines ComboFix. ComboFix is faster, but I have not found it to be more reliable in any provable sense. In fact, my logs show the opposite. I also didnt claim anyone should have a static toolbag, or that ComboFix didnt fix the problem as described. I was raising the issue that there were and perhaps still are other problems on that system that are preventing Malwarebytes from operating properly; which is something I often find on systems that are not running the registered (real-time) version of Malwarebytes. -- ME2 On Wed, Dec 15, 2010 at 11:09 AM, VIPCS vi...@stny.rr.com wrote: As Jeffrey recalls, he had to rename the MB executable just to allow it to run. In any case, even if MB was blocked from operating optimally, you still cannot argue that combofix actually fixed the problem. Jeffrey raised this issue with Vipre support and they said they said the same thing - Vipre and MB are not the be-all and end-all for all malware, and sometimes specialized tools (such as combofix) are essential for some malware removal. Sincerely, Jeffrey and Mary Jane Harris VIPCS _ From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, December 15, 2010 2:02 PM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Malwarebytes no, but ComboFix yes? I'm not buying it. Something else was happening that broke or blocked Mb from updating. -- ME2 On Wed, Dec 15, 2010 at 8:51 AM, VIPCS vi...@stny.rr.com wrote: Jeffrey had to fix malware on a user's system that infected the keyboard drivers, and prevent any keyboard from being used. Combofix was the only tool that detected and fixed the issue (Jeffrey tried Vipre, Vipre Rescue, MalwareBytes, and the Microsoft Malicious Software Removal Tool). That Vipre never even detected the malware concerned Jeffrey more than anything else, even though Jeffrey knew it was malware because of numerous reports on the Internet of other users with the same issue. Sincerely, Jeffrey and Mary Jane Harris VIPCS -Original Message- From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu] Sent: Wednesday, December 15, 2010 11:07 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Don't forget combofix - taken care of some things that can't be cleaned otherwise. Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 On 12/15/10 10:37 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: Thanks for the info, guys... I downloaded it and will start using it as part of my regular troubleshooting/cleaning toolkit. :-) From: Scott Weber [mailto:swe...@thanksal.com] Sent: Wednesday, December 15, 2010 10:24 AM To: NT System Admin Issues Subject: RE: System Tool 2011 malware James, Recently (this past weekend) found out about secunia PSI and I like it. +1 Scott From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, December 15, 2010 7:53 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Secunia PSI FTWI've got that down as part of the standard toolset I put on home users' PCs now. It's also not too hard to use, which is a big plus for these kind of jobs On 15 December 2010 13:50, Erik Goldoff egold...@gmail.com wrote: I wonder the status of patching on his system, not just Microsoft but Adobe and other applications. I've seen a bit of these fake av type malware gems arrive via suspected 'drive by' website visits, possibly from hitting flash/shockwave vulnerabilities on linked animated advertisements. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' -Original Message- From: James Kerr [mailto:cluster...@gmail.com] Sent: Wednesday, December 15, 2010 8:42 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I had a user get that crap on his PC on Tuesday and it disabled Vipre Enterprise also. The user swears he didn't click on anything and was on MSNBCs site. He was about to get a new PC anyway so I'm not bothering to clean. Its not the first time that user got one of those fake AVs, or the second for that matter. James - Original Message - From: John Aldrich jaldr...@blueridgecarpet.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, December 15, 2010 5:21
RE: System Tool 2011 malware
As Jeffrey recalls, he had to rename the MB executable just to allow it to run. In any case, even if MB was blocked from operating optimally, you still cannot argue that combofix actually fixed the problem. Jeffrey raised this issue with Vipre support and they said they said the same thing - Vipre and MB are not the be-all and end-all for all malware, and sometimes specialized tools (such as combofix) are essential for some malware removal. Sincerely, Jeffrey and Mary Jane Harris VIPCS _ From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, December 15, 2010 2:02 PM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Malwarebytes no, but ComboFix yes? I'm not buying it. Something else was happening that broke or blocked Mb from updating. -- ME2 On Wed, Dec 15, 2010 at 8:51 AM, VIPCS vi...@stny.rr.com wrote: Jeffrey had to fix malware on a user's system that infected the keyboard drivers, and prevent any keyboard from being used. Combofix was the only tool that detected and fixed the issue (Jeffrey tried Vipre, Vipre Rescue, MalwareBytes, and the Microsoft Malicious Software Removal Tool). That Vipre never even detected the malware concerned Jeffrey more than anything else, even though Jeffrey knew it was malware because of numerous reports on the Internet of other users with the same issue. Sincerely, Jeffrey and Mary Jane Harris VIPCS -Original Message- From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu] Sent: Wednesday, December 15, 2010 11:07 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Don't forget combofix - taken care of some things that can't be cleaned otherwise. Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 On 12/15/10 10:37 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: Thanks for the info, guys... I downloaded it and will start using it as part of my regular troubleshooting/cleaning toolkit. :-) From: Scott Weber [mailto:swe...@thanksal.com] Sent: Wednesday, December 15, 2010 10:24 AM To: NT System Admin Issues Subject: RE: System Tool 2011 malware James, Recently (this past weekend) found out about secunia PSI and I like it. +1 Scott From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, December 15, 2010 7:53 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Secunia PSI FTWI've got that down as part of the standard toolset I put on home users' PCs now. It's also not too hard to use, which is a big plus for these kind of jobs On 15 December 2010 13:50, Erik Goldoff egold...@gmail.com wrote: I wonder the status of patching on his system, not just Microsoft but Adobe and other applications. I've seen a bit of these fake av type malware gems arrive via suspected 'drive by' website visits, possibly from hitting flash/shockwave vulnerabilities on linked animated advertisements. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' -Original Message- From: James Kerr [mailto:cluster...@gmail.com] Sent: Wednesday, December 15, 2010 8:42 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I had a user get that crap on his PC on Tuesday and it disabled Vipre Enterprise also. The user swears he didn't click on anything and was on MSNBCs site. He was about to get a new PC anyway so I'm not bothering to clean. Its not the first time that user got one of those fake AVs, or the second for that matter. James - Original Message - From: John Aldrich jaldr...@blueridgecarpet.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, December 15, 2010 5:21 AM Subject: Re: System Tool 2011 malware On Tue December 14 2010, you wrote: Hi John, User know where they were surfing when it hit? Samples can be submitted here: http://www.sunbeltsecurity.com/threat If you want assistance with removal check the box that says I need help . Someone will be happy to help. We're releasing defs something like 13x/day now so shouldn't be too long to get updates for that critter. Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre Home caught it...what's more, it disabled Vipre Home. I'll see if I can get access to the zipped sample so I can resubmit. Thanks! -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click
Re: EXTERNAL:Re: psexec wont' accept login/password to execute locally
Is The filename, directory name, or volume label syntax is incorrect. a result from all attempts at PSEXEC use on that system? How about locally? It could be an issue with the service itself. -- ME2 On Tue, Dec 14, 2010 at 2:49 PM, Alverson, Tom (XETRON) tom.alver...@ngc.com wrote: The filename, directory name, or volume label syntax is incorrect. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: System Tool 2011 malware
Or just create a shortcut to %windir%\system32\drives\etc\hosts, and save it with your anti-malware toolkit files. Sincerely, Jeffrey and Mary Jane Harris VIPCS _ From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, December 15, 2010 2:34 PM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I would recommend other tools for startup scanning. I mean this with all sincerity, compared to other tools you can scan your system with, SBSD is a waste of scanning time. Its not top of the food chain anymore. Also, Tea-Timer (if utilized) is a major performance drag on your system, and its not even a system service. Ultimately, the security you get from SBSD should not be trusted. I think that autoruns would be a better tool for startup inspection - Its fast and well organized. A simple script can quickly open the hosts file for you on any system. Scripts could also automate basic inspecting of the hosts file contents being altered. -- ME2 On Wed, Dec 15, 2010 at 11:21 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: Well, SpyBot has a couple things going for it that the others don't - the ability to see what's in the startup and the hosts file. Sure there are other apps that'll install a hosts file for you, but it's really easy to do with SpyBot, plus it's easy to see what's in the startup that *doesn't* show up with MSCONFIG or simply looking at the startup folder in the start menu. I could tell that something was auto-starting, but I couldn't see what it was without loading up SpyBot. :-) I'll grant you that other things may do a better job of cleaning, but I think it's still a useful tool. From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, December 15, 2010 1:37 PM To: NT System Admin Issues Subject: Re: System Tool 2011 malware SAFE MODE, SAFE MODE, SAFE MODE... Forget SBSD, it sucks these days. Malwarebytes, ESET, and Kasperky. Use those. You'll get *everything*. Use Live CD's if at all possible. But, if you do, be aware of NTFS perms. -- ME2 On Tue, Dec 14, 2010 at 7:47 PM, Steve Ens stevey...@gmail.com wrote: Hey John Are you asking how to fix it, or why Vipre didn't catch it? If you're trying to fix it, then logon as the administrator (or something other than what the infected profile) and then run the tools...full scans. Steve On Tuesday, December 14, 2010, John Aldrich jaldr...@blueridgecarpet.com wrote: I had a home user who called me to come work on his computer because it kept coming up with the system tool 2011 malware (very similar to the fake antivirus malware.) The system is Windows XP Media Edition, and had Vipre Home installed. I ran Vipre Rescue yesterday and it supposedly cleaned some of it up, but as soon as the user rebooted into normal mode, it was back. Today, I went back and ran MalwareBytes and SpyBot SD. Neither apparently caught it, but looking at the startup entries in SpyBot, I saw a random jumble of letters under c: \documents and settings\all users\application data\ which, when I entered the directory in Windows Explorer, showed the icon for the System Tool 2011 malware. Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I tried to submit a zip of it to the CW Sandbox, but got a response that it couldn't be analyzed... -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com
RE: System Tool 2011 malware /OT
Lol, every mail you type starts with jeffrey, are you Mary, and do you actually handle all of jeffreys email or is Jeffrey an illeist? I get a small kick out of following this, lol... /me Thinks Joseph needs a Mary of his own, heh:) From: VIPCS [mailto:vi...@stny.rr.com] Sent: Wednesday, December 15, 2010 12:35 PM To: NT System Admin Issues Subject: RE: System Tool 2011 malware Jeffrey was confused by your not buying it comment. No personal slights were intended. Each of the other programs (except Vipre) found something, but it was left to combofix to actually resolve the basic issue of the keyboard not working. Sincerely, Jeffrey and Mary Jane Harris VIPCS From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, December 15, 2010 2:23 PM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I didnt claim they are the end-all anything, and I certainly dont say so about Vipre - but Malwarebytes outshines ComboFix. ComboFix is faster, but I have not found it to be more reliable in any provable sense. In fact, my logs show the opposite. I also didnt claim anyone should have a static toolbag, or that ComboFix didnt fix the problem as described. I was raising the issue that there were and perhaps still are other problems on that system that are preventing Malwarebytes from operating properly; which is something I often find on systems that are not running the registered (real-time) version of Malwarebytes. -- ME2 On Wed, Dec 15, 2010 at 11:09 AM, VIPCS vi...@stny.rr.commailto:vi...@stny.rr.com wrote: As Jeffrey recalls, he had to rename the MB executable just to allow it to run. In any case, even if MB was blocked from operating optimally, you still cannot argue that combofix actually fixed the problem. Jeffrey raised this issue with Vipre support and they said they said the same thing - Vipre and MB are not the be-all and end-all for all malware, and sometimes specialized tools (such as combofix) are essential for some malware removal. Sincerely, Jeffrey and Mary Jane Harris VIPCS From: Micheal Espinola Jr [mailto:michealespin...@gmail.commailto:michealespin...@gmail.com] Sent: Wednesday, December 15, 2010 2:02 PM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Malwarebytes no, but ComboFix yes? I'm not buying it. Something else was happening that broke or blocked Mb from updating. -- ME2 On Wed, Dec 15, 2010 at 8:51 AM, VIPCS vi...@stny.rr.commailto:vi...@stny.rr.com wrote: Jeffrey had to fix malware on a user's system that infected the keyboard drivers, and prevent any keyboard from being used. Combofix was the only tool that detected and fixed the issue (Jeffrey tried Vipre, Vipre Rescue, MalwareBytes, and the Microsoft Malicious Software Removal Tool). That Vipre never even detected the malware concerned Jeffrey more than anything else, even though Jeffrey knew it was malware because of numerous reports on the Internet of other users with the same issue. Sincerely, Jeffrey and Mary Jane Harris VIPCS -Original Message- From: Kramer, Jack [mailto:jack.kra...@ur.msu.edumailto:jack.kra...@ur.msu.edu] Sent: Wednesday, December 15, 2010 11:07 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Don't forget combofix - taken care of some things that can't be cleaned otherwise. Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 On 12/15/10 10:37 AM, John Aldrich jaldr...@blueridgecarpet.commailto:jaldr...@blueridgecarpet.com wrote: Thanks for the info, guys... I downloaded it and will start using it as part of my regular troubleshooting/cleaning toolkit. :-) From: Scott Weber [mailto:swe...@thanksal.commailto:swe...@thanksal.com] Sent: Wednesday, December 15, 2010 10:24 AM To: NT System Admin Issues Subject: RE: System Tool 2011 malware James, Recently (this past weekend) found out about secunia PSI and I like it. +1 Scott From: James Rankin [mailto:kz2...@googlemail.commailto:kz2...@googlemail.com] Sent: Wednesday, December 15, 2010 7:53 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Secunia PSI FTWI've got that down as part of the standard toolset I put on home users' PCs now. It's also not too hard to use, which is a big plus for these kind of jobs On 15 December 2010 13:50, Erik Goldoff egold...@gmail.commailto:egold...@gmail.com wrote: I wonder the status of patching on his system, not just Microsoft but Adobe and other applications. I've seen a bit of these fake av type malware gems arrive via suspected 'drive by' website visits, possibly from hitting flash/shockwave vulnerabilities on linked animated advertisements. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' -Original Message- From: James Kerr
RE: OT: Anyone looking for a new gig for the new year? (Baltimore area)
Move to Baltimore and I'd strongly consider it...but I probably couldn't afford you. ;) (and thanks on the congrats - I took this current job as a step-down from my old job with an eye on this new position when it opened up, just didn't know it would be so soon) Jim From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, December 15, 2010 2:04 PM To: NT System Admin Issues Subject: Re: OT: Anyone looking for a new gig for the new year? (Baltimore area) ...and, congrats on the promotion! -- ME2 On Wed, Dec 15, 2010 at 11:03 AM, Micheal Espinola Jr michealespin...@gmail.com wrote: Would you be my boss? :-) -- ME2 On Wed, Dec 15, 2010 at 5:18 AM, Jim Holmgren jholmg...@xlhealth.com wrote: Hey folks, I've got some openings coming up here in the Baltimore MD area. Some of these are due to expanded headcounts (we are really growing) and one is due to mutually agreed separation. All of these positions would directly or indirectly report to me. HR is going through the usual sources, but I thought I could help cast a wider net. We are pretty much a 100% Windows shop, EMC storage, VMWare infrastructure, and we are looking for: 1) Manager of Server Engineering (my current position - I just received a promotion) 2) Tier 2/3 Technical Support 3) Junior SQL DBA 4) Principal SQL DBA I know this is not a lot to go on, but I don't want to flood the list with job descriptions, etc. Competitive salary, good benefits, EOE, etc. If any of these titles look interesting and you are in the Baltimore MD area (can't do paid relocation, sorry) drop me a note off-list please. Thanks! Jim Jim Holmgren Manager of Server Engineering XLHealth Corporation The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) www.xlhealth.com CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso exclusivo del destinatario(s) y puede contener información confidencial y/o información protegida de salud. En virtud de la Ley Federal (HIPAA), el destinatario tiene la obligación de mantener esta información segura y confidencial. Cualquier divulgación a terceros sin la autorización de los miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley Federal. Si usted no es el destinatario, por favor, póngase en contacto con el remitente por teléfono y destruir todas las copias del mensaje original ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso exclusivo del destinatario(s) y puede contener información confidencial y/o información protegida de salud. En virtud de la Ley Federal (HIPAA), el destinatario tiene la obligación de mantener esta información segura y confidencial. Cualquier divulgación a terceros sin la autorización de los miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley Federal. Si usted no es el destinatario, por favor, póngase en contacto con el remitente por teléfono y destruir todas las copias del mensaje original ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
Re: System Tool 2011 malware /OT
Richard learned a new word today. On Wed, Dec 15, 2010 at 2:43 PM, Joseph L. Casale jcas...@activenetwerx.com wrote: Lol, every mail you type starts with “jeffrey”, are you Mary, and do you actually handle all of jeffreys email or is Jeffrey an illeist? I get a small kick out of following this, lol… /me Thinks Joseph needs a Mary of his own, hehJ *From:* VIPCS [mailto:vi...@stny.rr.com] *Sent:* Wednesday, December 15, 2010 12:35 PM *To:* NT System Admin Issues *Subject:* RE: System Tool 2011 malware Jeffrey was confused by your “not buying it” comment. No personal slights were intended. Each of the other programs (except Vipre) found something, but it was left to combofix to actually resolve the basic issue of the keyboard not working. Sincerely, Jeffrey and Mary Jane Harris VIPCS -- *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Wednesday, December 15, 2010 2:23 PM *To:* NT System Admin Issues *Subject:* Re: System Tool 2011 malware I didnt claim they are the end-all anything, and I certainly dont say so about Vipre - but Malwarebytes outshines ComboFix. ComboFix is faster, but I have not found it to be more reliable in any provable sense. In fact, my logs show the opposite. I also didnt claim anyone should have a static toolbag, or that ComboFix didnt fix the problem as described. I was raising the issue that there were and perhaps still are other problems on that system that are preventing Malwarebytes from operating properly; which is something I often find on systems that are not running the registered (real-time) version of Malwarebytes. -- ME2 On Wed, Dec 15, 2010 at 11:09 AM, VIPCS vi...@stny.rr.com wrote: As Jeffrey recalls, he had to rename the MB executable just to allow it to run. In any case, even if MB was blocked from operating optimally, you still cannot argue that combofix actually fixed the problem. Jeffrey raised this issue with Vipre support and they said they said the same thing – Vipre and MB are not the be-all and end-all for all malware, and sometimes specialized tools (such as combofix) are essential for some malware removal. Sincerely, Jeffrey and Mary Jane Harris VIPCS -- *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Wednesday, December 15, 2010 2:02 PM *To:* NT System Admin Issues *Subject:* Re: System Tool 2011 malware Malwarebytes no, but ComboFix yes? I'm not buying it. Something else was happening that broke or blocked Mb from updating. -- ME2 On Wed, Dec 15, 2010 at 8:51 AM, VIPCS vi...@stny.rr.com wrote: Jeffrey had to fix malware on a user's system that infected the keyboard drivers, and prevent any keyboard from being used. Combofix was the only tool that detected and fixed the issue (Jeffrey tried Vipre, Vipre Rescue, MalwareBytes, and the Microsoft Malicious Software Removal Tool). That Vipre never even detected the malware concerned Jeffrey more than anything else, even though Jeffrey knew it was malware because of numerous reports on the Internet of other users with the same issue. Sincerely, Jeffrey and Mary Jane Harris VIPCS -Original Message- From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu] Sent: Wednesday, December 15, 2010 11:07 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Don't forget combofix - taken care of some things that can't be cleaned otherwise. Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 On 12/15/10 10:37 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: Thanks for the info, guys... I downloaded it and will start using it as part of my regular troubleshooting/cleaning toolkit. :-) From: Scott Weber [mailto:swe...@thanksal.com] Sent: Wednesday, December 15, 2010 10:24 AM To: NT System Admin Issues Subject: RE: System Tool 2011 malware James, Recently (this past weekend) found out about secunia PSI and I like it. +1 Scott From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, December 15, 2010 7:53 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Secunia PSI FTWI've got that down as part of the standard toolset I put on home users' PCs now. It's also not too hard to use, which is a big plus for these kind of jobs On 15 December 2010 13:50, Erik Goldoff egold...@gmail.com wrote: I wonder the status of patching on his system, not just Microsoft but Adobe and other applications. I've seen a bit of these fake av type malware gems arrive via suspected 'drive by' website visits, possibly from hitting flash/shockwave vulnerabilities on linked animated advertisements. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! '
Re: OT : Holiday funny...
Patton said a lot of the Internet commenters do not know all of the facts surrounding the video. I'm speculating here. In other words, the snowman was built with the intent of the bus crashing into it to make a good video. The video seemed to be too well planned from a timing perspective. Yes, one could argue that a random car might crash into it, creating a similar circumstance. One could also argue that a professional driver wouldn't purposely drive into oncoming lane of traffic to hit an object, unless he was assured it would be safe. Nice find, btw. On Wed, Dec 15, 2010 at 2:28 PM, richardmccl...@aspca.org wrote: OK, since this is all in my little town (nothing to do with Paul Simon - the song writer or the late senator)... Here is from today's local newspaper. Check out the name of the police lieutenant. YOU CAN'T MAKE THIS STUFF UP! http://www.news-gazette.com/news/courts-police-and-fire/2010-12-15/transit-agency-says-viral-snowman-video-old-news.html -- richard Kim Longenbaugh k...@colonialsavings.com wrote on 12/15/2010 11:23:20 AM: The bus driver, while running his route, Decided to take Frosty out But he found to his shame That it wasn’t a game, And now a job he’s without. While driving his bus down the road He decided to be quite a toad His murder of Frosty To his job was quite costly The street will be his new abode. From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Wednesday, December 15, 2010 11:17 AM To: NT System Admin Issues Subject: RE: OT : Holiday funny... The bus driver was manic, while he rolled over Frosty’s neck. Now he’s quite benign, while he’s standing in line, waiting for his unemployment check. From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Wednesday, December 15, 2010 11:03 AM To: NT System Admin Issues Subject: Re: OT : Holiday funny... Need another verse about the driver - he was dismissed almost immediately: 1. He crossed into the on-coming traffic lane 2. He could not see if anything or anybody was behind the snow man 3. He had no way to determine if there were rocks, posts, etc within the snow man Not such a happy holiday for him! Maglinger, Paul pmaglin...@scvl.com wrote on 12/15/2010 10:48:43 AM: Frosty the snowman, wasn't too quick on his feet. It was clearly his loss, when he tried to cross, in the middle of the street. http://www.nbcchicago.com/news/local-beat/champaign-urbana-bus- snowman-111815254.html?dr#ixzz1860nu92H -Paul ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software. com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software. com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software. com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software. com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Rename WDS Server?
We have a server now formally used for multiple services but now utilized for Windows Deployment Services only. We'd like to rename the box but are concerned that this may break WDS. Any experience along these lines? Roger Wright ___ Never make hard what you can make easy. - Fred W. Frailey ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: EXTERNAL:Re: psexec wont' accept login/password to execute locally
Is the vb code on the system and in the path if not directly referenced in the psexec command? I've also seen where wierd stuff like this happens, so I've set up batch jobs to copy the code and anything it may need to the target system in a directory, and then i launch the psexec pointing to that target path. From: Micheal Espinola Jr michealespin...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Wed, December 15, 2010 1:39:18 PM Subject: Re: EXTERNAL:Re: psexec wont' accept login/password to execute locally Is The filename, directory name, or volume label syntax is incorrect. a result from all attempts at PSEXEC use on that system? How about locally? It could be an issue with the service itself. -- ME2 On Tue, Dec 14, 2010 at 2:49 PM, Alverson, Tom (XETRON) tom.alver...@ngc.com wrote: The filename, directory name, or volume label syntax is incorrect. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
DriveSavers Data Recovery
Just thought I'd pass on a good report: I've recently had a successful data recovery process with DriveSavers in California. Very professional, quick turn around, and thorough recovery (over 860 GB on a 1 TB dual-drive array with physical platter damage). Not inexpensive ($4000+) but I did get a 10% discount via the link on the WD site. Roger Wright ___ Never make hard what you can make easy. - Fred W. Frailey ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: System Tool 2011 malware
I wasn't even using SpyBot to scan so much as to see what, in registry, etc was set to start. What do you recommend that's got the nice, easy to use interface listing what's set to start up automagically and allow you to enable/disable with a simple click? That way you don't have to *delete* it, just disable it from starting. From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, December 15, 2010 2:34 PM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I would recommend other tools for startup scanning. I mean this with all sincerity, compared to other tools you can scan your system with, SBSD is a waste of scanning time. Its not top of the food chain anymore. Also, Tea-Timer (if utilized) is a major performance drag on your system, and its not even a system service. Ultimately, the security you get from SBSD should not be trusted. I think that autoruns would be a better tool for startup inspection - Its fast and well organized. A simple script can quickly open the hosts file for you on any system. Scripts could also automate basic inspecting of the hosts file contents being altered. -- ME2 On Wed, Dec 15, 2010 at 11:21 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: Well, SpyBot has a couple things going for it that the others dont the ability to see whats in the startup and the hosts file. Sure there are other apps thatll install a hosts file for you, but its really easy to do with SpyBot, plus its easy to see whats in the startup that *doesn't* show up with MSCONFIG or simply looking at the startup folder in the start menu. I could tell that something was auto-starting, but I couldnt see what it was without loading up SpyBot. :-) I'll grant you that other things may do a better job of cleaning, but I think it's still a useful tool. From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, December 15, 2010 1:37 PM To: NT System Admin Issues Subject: Re: System Tool 2011 malware SAFE MODE, SAFE MODE, SAFE MODE... Forget SBSD, it sucks these days. Malwarebytes, ESET, and Kasperky. Use those. You'll get *everything*. Use Live CD's if at all possible. But, if you do, be aware of NTFS perms. -- ME2 On Tue, Dec 14, 2010 at 7:47 PM, Steve Ens stevey...@gmail.com wrote: Hey John Are you asking how to fix it, or why Vipre didn't catch it? If you're trying to fix it, then logon as the administrator (or something other than what the infected profile) and then run the tools...full scans. Steve On Tuesday, December 14, 2010, John Aldrich jaldr...@blueridgecarpet.com wrote: I had a home user who called me to come work on his computer because it kept coming up with the system tool 2011 malware (very similar to the fake antivirus malware.) The system is Windows XP Media Edition, and had Vipre Home installed. I ran Vipre Rescue yesterday and it supposedly cleaned some of it up, but as soon as the user rebooted into normal mode, it was back. Today, I went back and ran MalwareBytes and SpyBot SD. Neither apparently caught it, but looking at the startup entries in SpyBot, I saw a random jumble of letters under c: \documents and settings\all users\application data\ which, when I entered the directory in Windows Explorer, showed the icon for the System Tool 2011 malware. Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I tried to submit a zip of it to the CW Sandbox, but got a response that it couldn't be analyzed... -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage
LSI SATA RAID issue
SO I have a client with HP ML310 with SATA drives running SBS 2003. The machine has been slow and disks show severe fragmentation. They had a power issue yesterday and when I was onsite and booted the machine I noticed that the pre-windows load screen mentioned that the LSI array was failed or degraded. It booted into windows before I had time to hit the function key and I couldn't take it down any longer during business hours. Itmight have just been degraded due to power failure...or maybe something else. I can't seem to find any way to see RAID status on this server while in windows. I don't think the standard HP array manager software supports the LSI onboard controller. Mt google-fu is failing. any way to see status of the array without taking the machine down? Thanks for any input. Bill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: System Tool 2011 malware
Not trying to get argumentative here, but what tool would you use to replace SpyBot's ability to see *everything* in the system startup? As I said, this didn't show up in the MSCONFIG display, and I know SpyBot does a good job of showing what's in the startup list, so that's what I use. If you can recommend something else that easily and clearly shows what's set to startup, I'll be more than happy to switch. I just don't know of anything else, myself. From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, December 15, 2010 2:34 PM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I would recommend other tools for startup scanning. I mean this with all sincerity, compared to other tools you can scan your system with, SBSD is a waste of scanning time. Its not top of the food chain anymore. Also, Tea-Timer (if utilized) is a major performance drag on your system, and its not even a system service. Ultimately, the security you get from SBSD should not be trusted. I think that autoruns would be a better tool for startup inspection - Its fast and well organized. A simple script can quickly open the hosts file for you on any system. Scripts could also automate basic inspecting of the hosts file contents being altered. -- ME2 On Wed, Dec 15, 2010 at 11:21 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: Well, SpyBot has a couple things going for it that the others dont the ability to see whats in the startup and the hosts file. Sure there are other apps thatll install a hosts file for you, but its really easy to do with SpyBot, plus its easy to see whats in the startup that *doesn't* show up with MSCONFIG or simply looking at the startup folder in the start menu. I could tell that something was auto-starting, but I couldnt see what it was without loading up SpyBot. :-) I'll grant you that other things may do a better job of cleaning, but I think it's still a useful tool. From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, December 15, 2010 1:37 PM To: NT System Admin Issues Subject: Re: System Tool 2011 malware SAFE MODE, SAFE MODE, SAFE MODE... Forget SBSD, it sucks these days. Malwarebytes, ESET, and Kasperky. Use those. You'll get *everything*. Use Live CD's if at all possible. But, if you do, be aware of NTFS perms. -- ME2 On Tue, Dec 14, 2010 at 7:47 PM, Steve Ens stevey...@gmail.com wrote: Hey John Are you asking how to fix it, or why Vipre didn't catch it? If you're trying to fix it, then logon as the administrator (or something other than what the infected profile) and then run the tools...full scans. Steve On Tuesday, December 14, 2010, John Aldrich jaldr...@blueridgecarpet.com wrote: I had a home user who called me to come work on his computer because it kept coming up with the system tool 2011 malware (very similar to the fake antivirus malware.) The system is Windows XP Media Edition, and had Vipre Home installed. I ran Vipre Rescue yesterday and it supposedly cleaned some of it up, but as soon as the user rebooted into normal mode, it was back. Today, I went back and ran MalwareBytes and SpyBot SD. Neither apparently caught it, but looking at the startup entries in SpyBot, I saw a random jumble of letters under c: \documents and settings\all users\application data\ which, when I entered the directory in Windows Explorer, showed the icon for the System Tool 2011 malware. Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I tried to submit a zip of it to the CW Sandbox, but got a response that it couldn't be analyzed... -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful
Re: System Tool 2011 malware
Autoruns. Terrible name, great utility. live.sysinternals.com On Wed, Dec 15, 2010 at 3:18 PM, John Aldrich jaldr...@blueridgecarpet.comwrote: I wasn't even using SpyBot to scan so much as to see what, in registry, etc was set to start. What do you recommend that's got the nice, easy to use interface listing what's set to start up automagically and allow you to enable/disable with a simple click? That way you don't have to *delete* it, just disable it from starting. From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, December 15, 2010 2:34 PM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I would recommend other tools for startup scanning. I mean this with all sincerity, compared to other tools you can scan your system with, SBSD is a waste of scanning time. Its not top of the food chain anymore. Also, Tea-Timer (if utilized) is a major performance drag on your system, and its not even a system service. Ultimately, the security you get from SBSD should not be trusted. I think that autoruns would be a better tool for startup inspection - Its fast and well organized. A simple script can quickly open the hosts file for you on any system. Scripts could also automate basic inspecting of the hosts file contents being altered. -- ME2 On Wed, Dec 15, 2010 at 11:21 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: Well, SpyBot has a couple things going for it that the others don’t – the ability to see what’s in the startup and the “hosts” file. Sure there are other apps that’ll install a hosts file for you, but it’s really easy to do with SpyBot, plus it’s easy to see what’s in the startup that *doesn't* show up with MSCONFIG or simply looking at the startup folder in the start menu. I could tell that something was auto-starting, but I couldn’t see what it was without loading up SpyBot. :-) I'll grant you that other things may do a better job of cleaning, but I think it's still a useful tool. From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, December 15, 2010 1:37 PM To: NT System Admin Issues Subject: Re: System Tool 2011 malware SAFE MODE, SAFE MODE, SAFE MODE... Forget SBSD, it sucks these days. Malwarebytes, ESET, and Kasperky. Use those. You'll get *everything*. Use Live CD's if at all possible. But, if you do, be aware of NTFS perms. -- ME2 On Tue, Dec 14, 2010 at 7:47 PM, Steve Ens stevey...@gmail.com wrote: Hey John Are you asking how to fix it, or why Vipre didn't catch it? If you're trying to fix it, then logon as the administrator (or something other than what the infected profile) and then run the tools...full scans. Steve On Tuesday, December 14, 2010, John Aldrich jaldr...@blueridgecarpet.com wrote: I had a home user who called me to come work on his computer because it kept coming up with the system tool 2011 malware (very similar to the fake antivirus malware.) The system is Windows XP Media Edition, and had Vipre Home installed. I ran Vipre Rescue yesterday and it supposedly cleaned some of it up, but as soon as the user rebooted into normal mode, it was back. Today, I went back and ran MalwareBytes and SpyBot SD. Neither apparently caught it, but looking at the startup entries in SpyBot, I saw a random jumble of letters under c: \documents and settings\all users\application data\ which, when I entered the directory in Windows Explorer, showed the icon for the System Tool 2011 malware. Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I tried to submit a zip of it to the CW Sandbox, but got a response that it couldn't be analyzed... -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
Re: System Tool 2011 malware
+1 on Autoruns! Richard Stovall rich...@gmail.com wrote on 12/15/2010 02:20:47 PM: Autoruns. Terrible name, great utility. live.sysinternals.com On Wed, Dec 15, 2010 at 3:18 PM, John Aldrich jaldr...@blueridgecarpet.com wrote: I wasn't even using SpyBot to scan so much as to see what, in registry, etc was set to start. What do you recommend that's got the nice, easy to use interface listing what's set to start up automagically and allow you to enable/disable with a simple click? That way you don't have to *delete* it, just disable it from starting. From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, December 15, 2010 2:34 PM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I would recommend other tools for startup scanning. I mean this with all sincerity, compared to other tools you can scan your system with, SBSD is a waste of scanning time. Its not top of the food chain anymore. Also, Tea-Timer (if utilized) is a major performance drag on your system, and its not even a system service. Ultimately, the security you get from SBSD should not be trusted. I think that autoruns would be a better tool for startup inspection - Its fast and well organized. A simple script can quickly open the hosts file for you on any system. Scripts could also automate basic inspecting of the hosts file contents being altered. -- ME2 On Wed, Dec 15, 2010 at 11:21 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: Well, SpyBot has a couple things going for it that the others don?t ? the ability to see what?s in the startup and the ?hosts? file. Sure there are other apps that?ll install a hosts file for you, but it?s really easy to do with SpyBot, plus it?s easy to see what?s in the startup that *doesn't* show up with MSCONFIG or simply looking at the startup folder in the start menu. I could tell that something was auto-starting, but I couldn?t see what it was without loading up SpyBot. :-) I'll grant you that other things may do a better job of cleaning, but I think it's still a useful tool. From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, December 15, 2010 1:37 PM To: NT System Admin Issues Subject: Re: System Tool 2011 malware SAFE MODE, SAFE MODE, SAFE MODE... Forget SBSD, it sucks these days. Malwarebytes, ESET, and Kasperky. Use those. You'll get *everything*. Use Live CD's if at all possible. But, if you do, be aware of NTFS perms. -- ME2 On Tue, Dec 14, 2010 at 7:47 PM, Steve Ens stevey...@gmail.com wrote: Hey John Are you asking how to fix it, or why Vipre didn't catch it? If you're trying to fix it, then logon as the administrator (or something other than what the infected profile) and then run the tools...full scans. Steve On Tuesday, December 14, 2010, John Aldrich jaldr...@blueridgecarpet.com wrote: I had a home user who called me to come work on his computer because it kept coming up with the system tool 2011 malware (very similar to the fake antivirus malware.) The system is Windows XP Media Edition, and had Vipre Home installed. I ran Vipre Rescue yesterday and it supposedly cleaned some of it up, but as soon as the user rebooted into normal mode, it was back. Today, I went back and ran MalwareBytes and SpyBot SD. Neither apparently caught it, but looking at the startup entries in SpyBot, I saw a random jumble of letters under c: \documents and settings\all users\application data\ which, when I entered the directory in Windows Explorer, showed the icon for the System Tool 2011 malware. Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I tried to submit a zip of it to the CW Sandbox, but got a response that it couldn't be analyzed... -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
Re: System Tool 2011 malware
+*∞* On Wed, Dec 15, 2010 at 3:20 PM, Richard Stovall rich...@gmail.com wrote: Autoruns. Terrible name, great utility. live.sysinternals.com On Wed, Dec 15, 2010 at 3:18 PM, John Aldrich jaldr...@blueridgecarpet.com wrote: I wasn't even using SpyBot to scan so much as to see what, in registry, etc was set to start. What do you recommend that's got the nice, easy to use interface listing what's set to start up automagically and allow you to enable/disable with a simple click? That way you don't have to *delete* it, just disable it from starting. From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, December 15, 2010 2:34 PM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I would recommend other tools for startup scanning. I mean this with all sincerity, compared to other tools you can scan your system with, SBSD is a waste of scanning time. Its not top of the food chain anymore. Also, Tea-Timer (if utilized) is a major performance drag on your system, and its not even a system service. Ultimately, the security you get from SBSD should not be trusted. I think that autoruns would be a better tool for startup inspection - Its fast and well organized. A simple script can quickly open the hosts file for you on any system. Scripts could also automate basic inspecting of the hosts file contents being altered. -- ME2 On Wed, Dec 15, 2010 at 11:21 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: Well, SpyBot has a couple things going for it that the others don’t – the ability to see what’s in the startup and the “hosts” file. Sure there are other apps that’ll install a hosts file for you, but it’s really easy to do with SpyBot, plus it’s easy to see what’s in the startup that *doesn't* show up with MSCONFIG or simply looking at the startup folder in the start menu. I could tell that something was auto-starting, but I couldn’t see what it was without loading up SpyBot. :-) I'll grant you that other things may do a better job of cleaning, but I think it's still a useful tool. From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, December 15, 2010 1:37 PM To: NT System Admin Issues Subject: Re: System Tool 2011 malware SAFE MODE, SAFE MODE, SAFE MODE... Forget SBSD, it sucks these days. Malwarebytes, ESET, and Kasperky. Use those. You'll get *everything*. Use Live CD's if at all possible. But, if you do, be aware of NTFS perms. -- ME2 On Tue, Dec 14, 2010 at 7:47 PM, Steve Ens stevey...@gmail.com wrote: Hey John Are you asking how to fix it, or why Vipre didn't catch it? If you're trying to fix it, then logon as the administrator (or something other than what the infected profile) and then run the tools...full scans. Steve On Tuesday, December 14, 2010, John Aldrich jaldr...@blueridgecarpet.com wrote: I had a home user who called me to come work on his computer because it kept coming up with the system tool 2011 malware (very similar to the fake antivirus malware.) The system is Windows XP Media Edition, and had Vipre Home installed. I ran Vipre Rescue yesterday and it supposedly cleaned some of it up, but as soon as the user rebooted into normal mode, it was back. Today, I went back and ran MalwareBytes and SpyBot SD. Neither apparently caught it, but looking at the startup entries in SpyBot, I saw a random jumble of letters under c: \documents and settings\all users\application data\ which, when I entered the directory in Windows Explorer, showed the icon for the System Tool 2011 malware. Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I tried to submit a zip of it to the CW Sandbox, but got a response that it couldn't be analyzed... -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
Re: LSI SATA RAID issue
Reaching into my way back machine, I haven't touched an HP server in 8 years. If the Agents are installed Insight Manager should be able to do this. If the agents are not installed, IIRC installing will require a reboot. On Wed, Dec 15, 2010 at 3:19 PM, Bill Humphries nt...@hedgedigger.comwrote: SO I have a client with HP ML310 with SATA drives running SBS 2003. The machine has been slow and disks show severe fragmentation. They had a power issue yesterday and when I was onsite and booted the machine I noticed that the pre-windows load screen mentioned that the LSI array was failed or degraded. It booted into windows before I had time to hit the function key and I couldn't take it down any longer during business hours. Itmight have just been degraded due to power failure...or maybe something else. I can't seem to find any way to see RAID status on this server while in windows. I don't think the standard HP array manager software supports the LSI onboard controller. Mt google-fu is failing. any way to see status of the array without taking the machine down? Thanks for any input. Bill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: LSI SATA RAID issue
Can you call HP Support and ask them the question? Sincerely, Jeffrey and Mary Jane Harris VIPCS -Original Message- From: Bill Humphries [mailto:nt...@hedgedigger.com] Sent: Wednesday, December 15, 2010 3:20 PM To: NT System Admin Issues Subject: LSI SATA RAID issue SO I have a client with HP ML310 with SATA drives running SBS 2003. The machine has been slow and disks show severe fragmentation. They had a power issue yesterday and when I was onsite and booted the machine I noticed that the pre-windows load screen mentioned that the LSI array was failed or degraded. It booted into windows before I had time to hit the function key and I couldn't take it down any longer during business hours. Itmight have just been degraded due to power failure...or maybe something else. I can't seem to find any way to see RAID status on this server while in windows. I don't think the standard HP array manager software supports the LSI onboard controller. Mt google-fu is failing. any way to see status of the array without taking the machine down? Thanks for any input. Bill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: LSI SATA RAID issue
Heh. This thing is way out of warranty. The SATA drives are atleast 4 years old...so that adds tp my concern regarding array status. They want to make it through this next tax season with this server. VIPCS wrote: Can you call HP Support and ask them the question? Sincerely, Jeffrey and Mary Jane Harris VIPCS -Original Message- From: Bill Humphries [mailto:nt...@hedgedigger.com] Sent: Wednesday, December 15, 2010 3:20 PM To: NT System Admin Issues Subject: LSI SATA RAID issue SO I have a client with HP ML310 with SATA drives running SBS 2003. The machine has been slow and disks show severe fragmentation. They had a power issue yesterday and when I was onsite and booted the machine I noticed that the pre-windows load screen mentioned that the LSI array was failed or degraded. It booted into windows before I had time to hit the function key and I couldn't take it down any longer during business hours. Itmight have just been degraded due to power failure...or maybe something else. I can't seem to find any way to see RAID status on this server while in windows. I don't think the standard HP array manager software supports the LSI onboard controller. Mt google-fu is failing. any way to see status of the array without taking the machine down? Thanks for any input. Bill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: LSI SATA RAID issue
See if you can get them to sign something acknowledging that they're aware their thriftiness is putting their data at risk. Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 On 12/15/10 3:47 PM, Bill Humphries nt...@hedgedigger.com wrote: Heh. This thing is way out of warranty. The SATA drives are atleast 4 years old...so that adds tp my concern regarding array status. They want to make it through this next tax season with this server. VIPCS wrote: Can you call HP Support and ask them the question? Sincerely, Jeffrey and Mary Jane Harris VIPCS -Original Message- From: Bill Humphries [mailto:nt...@hedgedigger.com] Sent: Wednesday, December 15, 2010 3:20 PM To: NT System Admin Issues Subject: LSI SATA RAID issue SO I have a client with HP ML310 with SATA drives running SBS 2003. The machine has been slow and disks show severe fragmentation. They had a power issue yesterday and when I was onsite and booted the machine I noticed that the pre-windows load screen mentioned that the LSI array was failed or degraded. It booted into windows before I had time to hit the function key and I couldn't take it down any longer during business hours. Itmight have just been degraded due to power failure...or maybe something else. I can't seem to find any way to see RAID status on this server while in windows. I don't think the standard HP array manager software supports the LSI onboard controller. Mt google-fu is failing. any way to see status of the array without taking the machine down? Thanks for any input. Bill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: LSI SATA RAID issue
Like John said, if you have the smartpack installed, it will likely include the hpadu/acu (diagnostic/config utility) and you can query this info from it. If not, you can fetch it online, not sure if it needs a reboot, I doubt it. jlc -Original Message- From: Bill Humphries [mailto:nt...@hedgedigger.com] Sent: Wednesday, December 15, 2010 1:48 PM To: NT System Admin Issues Subject: Re: LSI SATA RAID issue Heh. This thing is way out of warranty. The SATA drives are atleast 4 years old...so that adds tp my concern regarding array status. They want to make it through this next tax season with this server. VIPCS wrote: Can you call HP Support and ask them the question? Sincerely, Jeffrey and Mary Jane Harris VIPCS -Original Message- From: Bill Humphries [mailto:nt...@hedgedigger.com] Sent: Wednesday, December 15, 2010 3:20 PM To: NT System Admin Issues Subject: LSI SATA RAID issue SO I have a client with HP ML310 with SATA drives running SBS 2003. The machine has been slow and disks show severe fragmentation. They had a power issue yesterday and when I was onsite and booted the machine I noticed that the pre-windows load screen mentioned that the LSI array was failed or degraded. It booted into windows before I had time to hit the function key and I couldn't take it down any longer during business hours. Itmight have just been degraded due to power failure...or maybe something else. I can't seem to find any way to see RAID status on this server while in windows. I don't think the standard HP array manager software supports the LSI onboard controller. Mt google-fu is failing. any way to see status of the array without taking the machine down? Thanks for any input. Bill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: LSI SATA RAID issue
Absofragginlutely nuts. So, tax prep services. Full accounting practice? Provide bookkeeping and accounting services? What happens when operations stop due to a failure? How much are they billing out daily? During the tax season daily? What's the cost of downtime at their busiest point? One would surmise that the cost of downtime would exceed the cost of a new server, easily. On Wed, Dec 15, 2010 at 3:47 PM, Bill Humphries nt...@hedgedigger.comwrote: Heh. This thing is way out of warranty. The SATA drives are atleast 4 years old...so that adds tp my concern regarding array status. They want to make it through this next tax season with this server. VIPCS wrote: Can you call HP Support and ask them the question? Sincerely, Jeffrey and Mary Jane Harris VIPCS -Original Message- From: Bill Humphries [mailto:nt...@hedgedigger.com] Sent: Wednesday, December 15, 2010 3:20 PM To: NT System Admin Issues Subject: LSI SATA RAID issue SO I have a client with HP ML310 with SATA drives running SBS 2003. The machine has been slow and disks show severe fragmentation. They had a power issue yesterday and when I was onsite and booted the machine I noticed that the pre-windows load screen mentioned that the LSI array was failed or degraded. It booted into windows before I had time to hit the function key and I couldn't take it down any longer during business hours. Itmight have just been degraded due to power failure...or maybe something else. I can't seem to find any way to see RAID status on this server while in windows. I don't think the standard HP array manager software supports the LSI onboard controller. Mt google-fu is failing. any way to see status of the array without taking the machine down? Thanks for any input. Bill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: System Tool 2011 malware /OT
We are pleased. We are very pleased. On Wed, Dec 15, 2010 at 2:58 PM, Richard Stovall rich...@gmail.com wrote: Richard learned a new word today. On Wed, Dec 15, 2010 at 2:43 PM, Joseph L. Casale jcas...@activenetwerx.com wrote: Lol, every mail you type starts with “jeffrey”, are you Mary, and do you actually handle all of jeffreys email or is Jeffrey an illeist? I get a small kick out of following this, lol… /me Thinks Joseph needs a Mary of his own, hehJ *From:* VIPCS [mailto:vi...@stny.rr.com] *Sent:* Wednesday, December 15, 2010 12:35 PM *To:* NT System Admin Issues *Subject:* RE: System Tool 2011 malware Jeffrey was confused by your “not buying it” comment. No personal slights were intended. Each of the other programs (except Vipre) found something, but it was left to combofix to actually resolve the basic issue of the keyboard not working. Sincerely, Jeffrey and Mary Jane Harris VIPCS -- *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Wednesday, December 15, 2010 2:23 PM *To:* NT System Admin Issues *Subject:* Re: System Tool 2011 malware I didnt claim they are the end-all anything, and I certainly dont say so about Vipre - but Malwarebytes outshines ComboFix. ComboFix is faster, but I have not found it to be more reliable in any provable sense. In fact, my logs show the opposite. I also didnt claim anyone should have a static toolbag, or that ComboFix didnt fix the problem as described. I was raising the issue that there were and perhaps still are other problems on that system that are preventing Malwarebytes from operating properly; which is something I often find on systems that are not running the registered (real-time) version of Malwarebytes. -- ME2 On Wed, Dec 15, 2010 at 11:09 AM, VIPCS vi...@stny.rr.com wrote: As Jeffrey recalls, he had to rename the MB executable just to allow it to run. In any case, even if MB was blocked from operating optimally, you still cannot argue that combofix actually fixed the problem. Jeffrey raised this issue with Vipre support and they said they said the same thing – Vipre and MB are not the be-all and end-all for all malware, and sometimes specialized tools (such as combofix) are essential for some malware removal. Sincerely, Jeffrey and Mary Jane Harris VIPCS -- *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Wednesday, December 15, 2010 2:02 PM *To:* NT System Admin Issues *Subject:* Re: System Tool 2011 malware Malwarebytes no, but ComboFix yes? I'm not buying it. Something else was happening that broke or blocked Mb from updating. -- ME2 On Wed, Dec 15, 2010 at 8:51 AM, VIPCS vi...@stny.rr.com wrote: Jeffrey had to fix malware on a user's system that infected the keyboard drivers, and prevent any keyboard from being used. Combofix was the only tool that detected and fixed the issue (Jeffrey tried Vipre, Vipre Rescue, MalwareBytes, and the Microsoft Malicious Software Removal Tool). That Vipre never even detected the malware concerned Jeffrey more than anything else, even though Jeffrey knew it was malware because of numerous reports on the Internet of other users with the same issue. Sincerely, Jeffrey and Mary Jane Harris VIPCS -Original Message- From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu] Sent: Wednesday, December 15, 2010 11:07 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Don't forget combofix - taken care of some things that can't be cleaned otherwise. Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 On 12/15/10 10:37 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: Thanks for the info, guys... I downloaded it and will start using it as part of my regular troubleshooting/cleaning toolkit. :-) From: Scott Weber [mailto:swe...@thanksal.com] Sent: Wednesday, December 15, 2010 10:24 AM To: NT System Admin Issues Subject: RE: System Tool 2011 malware James, Recently (this past weekend) found out about secunia PSI and I like it. +1 Scott From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, December 15, 2010 7:53 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Secunia PSI FTWI've got that down as part of the standard toolset I put on home users' PCs now. It's also not too hard to use, which is a big plus for these kind of jobs On 15 December 2010 13:50, Erik Goldoff egold...@gmail.com wrote: I wonder the status of patching on his system, not just Microsoft but Adobe and other applications. I've seen a bit of these fake av type malware gems arrive via suspected 'drive by' website visits, possibly from hitting flash/shockwave vulnerabilities on linked animated advertisements. Erik Goldoff IT
RE: LSI SATA RAID issue
Even if it is out of warranty, the worst that HP will do is say sorry, the server is out of warranty; I cannot provide you with assistance.. Usually you can tell the drive status by looking at the lights on the drives. If they are hot pluggable and there is a RAID configuration, you can swap out a drive (if you have a spare). Sincerely, Jeffrey and Mary Jane Harris VIPCS -Original Message- From: Bill Humphries [mailto:nt...@hedgedigger.com] Sent: Wednesday, December 15, 2010 3:48 PM To: NT System Admin Issues Subject: Re: LSI SATA RAID issue Heh. This thing is way out of warranty. The SATA drives are atleast 4 years old...so that adds tp my concern regarding array status. They want to make it through this next tax season with this server. VIPCS wrote: Can you call HP Support and ask them the question? Sincerely, Jeffrey and Mary Jane Harris VIPCS -Original Message- From: Bill Humphries [mailto:nt...@hedgedigger.com] Sent: Wednesday, December 15, 2010 3:20 PM To: NT System Admin Issues Subject: LSI SATA RAID issue SO I have a client with HP ML310 with SATA drives running SBS 2003. The machine has been slow and disks show severe fragmentation. They had a power issue yesterday and when I was onsite and booted the machine I noticed that the pre-windows load screen mentioned that the LSI array was failed or degraded. It booted into windows before I had time to hit the function key and I couldn't take it down any longer during business hours. Itmight have just been degraded due to power failure...or maybe something else. I can't seem to find any way to see RAID status on this server while in windows. I don't think the standard HP array manager software supports the LSI onboard controller. Mt google-fu is failing. any way to see status of the array without taking the machine down? Thanks for any input. Bill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Vista Printing and GPP
Glad you got it sorted. FWIW, 7 has its issues too :) From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Thursday, 16 December 2010 2:56 AM To: NT System Admin Issues Subject: RE: Vista Printing and GPP James, I have tried (based on Google/technet forum searches) enabling it in user and computer sections (I understand Win7 moved PP from user to Computer) and disabling it altogether. Disabling it finally worked, so long as you Created and did not Replace it, so much for housekeeping... Fsck, I hate Vista:( I used XP until 7 came out and just skipped it altogether for my own wkst's. Thanks bud, jlc From: James Hill [mailto:james.h...@superamart.com.au] Sent: Tuesday, December 14, 2010 9:02 PM To: NT System Admin Issues Subject: RE: Vista Printing and GPP Ok, next question, what are the GPP settings for your test case? From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wednesday, 15 December 2010 1:56 PM To: NT System Admin Issues Subject: RE: Vista Printing and GPP Same user, and no prompts. Thanks! jlc From: James Hill [mailto:james.h...@superamart.com.au] Sent: Tuesday, December 14, 2010 6:41 PM To: NT System Admin Issues Subject: RE: Vista Printing and GPP When you are browsing to the server are you using the same user account that fails with GPP? Also when browsing to the server do you receive any elevation prompts? From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wednesday, 15 December 2010 8:47 AM To: NT System Admin Issues Subject: RE: Vista Printing and GPP So this gets sillier, a fresh vista machine w/o the driver installed can browse to the server and double click the printer and it installs fine. Using GPP's, it wont, it hangs the login? Any ideas? Thanks, jlc From: James Hill [mailto:james.h...@superamart.com.au] Sent: Monday, December 13, 2010 3:15 PM To: NT System Admin Issues Subject: RE: Vista Printing and GPP Never heard of that requirement(on the server). So once the driver is installed it works ok? If so then you could certainly use a script as you mentioned. Or possibly even add them to your SOE/MOE at the start. From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Tuesday, 14 December 2010 8:13 AM To: NT System Admin Issues Subject: RE: Vista Printing and GPP Bug w/ Vista, spent a few weeks w/ PSS and they agreed, group policies are in order, it's just lousy Vista. Oddly enough, one pss agent said the Point and Print Restrictions policy needs to be applied on the print server itself? Was such a long a tiring case. From: James Hill [mailto:james.h...@superamart.com.au] Sent: Monday, December 13, 2010 3:02 PM To: NT System Admin Issues Subject: RE: Vista Printing and GPP If it works for Win 7 it should work for Vista. Are the Win7 Vista machines getting the same Group Policies applied, in particular the Point and Print Restrictions policy? From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Tuesday, 14 December 2010 5:06 AM To: NT System Admin Issues Subject: Vista Printing and GPP Speaking of printing, I have a mix of XP/Vista/Win7 clients and use GPP's to setup printers for them. The XP and Win7 machines work well with the non-packaged drivers, but Vista does all kinds of things from plain not installing some to hanging at login for others. I was thinking about creating a startup script with a `rundll32 printui.dll,PrintUIEntry /ia` command to get the driver installed, seem like the best approach? This is for the PCL6 drivers for a Ricoh MP 6001 and 2060 SP. Thanks! jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the
RE: System Tool 2011 malware
Already stated : I think that autoruns would be a better tool for startup inspection Part of the sysinternals tools. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Wednesday, December 15, 2010 3:20 PM To: NT System Admin Issues Subject: RE: System Tool 2011 malware Not trying to get argumentative here, but what tool would you use to replace SpyBot's ability to see *everything* in the system startup? As I said, this didn't show up in the MSCONFIG display, and I know SpyBot does a good job of showing what's in the startup list, so that's what I use. If you can recommend something else that easily and clearly shows what's set to startup, I'll be more than happy to switch. I just don't know of anything else, myself. From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, December 15, 2010 2:34 PM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I would recommend other tools for startup scanning. I mean this with all sincerity, compared to other tools you can scan your system with, SBSD is a waste of scanning time. Its not top of the food chain anymore. Also, Tea-Timer (if utilized) is a major performance drag on your system, and its not even a system service. Ultimately, the security you get from SBSD should not be trusted. I think that autoruns would be a better tool for startup inspection - Its fast and well organized. A simple script can quickly open the hosts file for you on any system. Scripts could also automate basic inspecting of the hosts file contents being altered. -- ME2 On Wed, Dec 15, 2010 at 11:21 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: Well, SpyBot has a couple things going for it that the others don’t – the ability to see what’s in the startup and the “hosts” file. Sure there are other apps that’ll install a hosts file for you, but it’s really easy to do with SpyBot, plus it’s easy to see what’s in the startup that *doesn't* show up with MSCONFIG or simply looking at the startup folder in the start menu. I could tell that something was auto-starting, but I couldn’t see what it was without loading up SpyBot. :-) I'll grant you that other things may do a better job of cleaning, but I think it's still a useful tool. From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, December 15, 2010 1:37 PM To: NT System Admin Issues Subject: Re: System Tool 2011 malware SAFE MODE, SAFE MODE, SAFE MODE... Forget SBSD, it sucks these days. Malwarebytes, ESET, and Kasperky. Use those. You'll get *everything*. Use Live CD's if at all possible. But, if you do, be aware of NTFS perms. -- ME2 On Tue, Dec 14, 2010 at 7:47 PM, Steve Ens stevey...@gmail.com wrote: Hey John Are you asking how to fix it, or why Vipre didn't catch it? If you're trying to fix it, then logon as the administrator (or something other than what the infected profile) and then run the tools...full scans. Steve On Tuesday, December 14, 2010, John Aldrich jaldr...@blueridgecarpet.com wrote: I had a home user who called me to come work on his computer because it kept coming up with the system tool 2011 malware (very similar to the fake antivirus malware.) The system is Windows XP Media Edition, and had Vipre Home installed. I ran Vipre Rescue yesterday and it supposedly cleaned some of it up, but as soon as the user rebooted into normal mode, it was back. Today, I went back and ran MalwareBytes and SpyBot SD. Neither apparently caught it, but looking at the startup entries in SpyBot, I saw a random jumble of letters under c: \documents and settings\all users\application data\ which, when I entered the directory in Windows Explorer, showed the icon for the System Tool 2011 malware. Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I tried to submit a zip of it to the CW Sandbox, but got a response that it couldn't be analyzed... -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or
Switches
Folks, I'm in the market for a few new switches for a new remote office. 1 GIG with POE will be fine for this site. I don't need anything fancy, just basic L3 and VLANs. In the past I've used 3COM 5500G series, but this time I'm thinking HP since you folks on this list seem to give HP switches high reviews. Looking at the various HP switches, I think the E2910al series will due. It's hard to tell looking at HPs site the differences between the E2910 and the A series. Both are listed as fixed port L3 managed ethernet switches. Any of you HP folks care to clarify this for me? Regards, Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Switches
Try the comparison tool at: http://h17007.www1.hp.com/us/en/products/switches/selector/index.aspx On Wed, Dec 15, 2010 at 4:04 PM, Tom Miller tmil...@hnncsb.org wrote: Folks, I'm in the market for a few new switches for a new remote office. 1 GIG with POE will be fine for this site. I don't need anything fancy, just basic L3 and VLANs. In the past I've used 3COM 5500G series, but this time I'm thinking HP since you folks on this list seem to give HP switches high reviews. Looking at the various HP switches, I think the E2910al series will due. It's hard to tell looking at HPs site the differences between the E2910 and the A series. Both are listed as fixed port L3 managed ethernet switches. Any of you HP folks care to clarify this for me? Regards, Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Switches
Thanks, funny thing is the utility recommended the E5500G - my 3COM switch that HP sells! Richard Stovall rich...@gmail.com 12/15/2010 4:08 PM Try the comparison tool at: http://h17007.www1.hp.com/us/en/products/switches/selector/index.aspx On Wed, Dec 15, 2010 at 4:04 PM, Tom Miller tmil...@hnncsb.org wrote: Folks, I'm in the market for a few new switches for a new remote office. 1 GIG with POE will be fine for this site. I don't need anything fancy, just basic L3 and VLANs. In the past I've used 3COM 5500G series, but this time I'm thinking HP since you folks on this list seem to give HP switches high reviews. Looking at the various HP switches, I think the E2910al series will due. It's hard to tell looking at HPs site the differences between the E2910 and the A series. Both are listed as fixed port L3 managed ethernet switches. Any of you HP folks care to clarify this for me? Regards, Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Switches
When I put in Fixed port, blank for port count, Smart Managed, Layer 3 lite, Gigabit Cooper, blank for uplink type, PoE, and blank for HA, I come up with V1910-24G-PoE(170W) and V1910-24G-PoE(365W). Note that the V series doesn't appear to have that fantabulous lifetime warranty everyone loves. On Wed, Dec 15, 2010 at 4:11 PM, Tom Miller tmil...@hnncsb.org wrote: Thanks, funny thing is the utility recommended the E5500G - my 3COM switch that HP sells! Richard Stovall rich...@gmail.com 12/15/2010 4:08 PM Try the comparison tool at: http://h17007.www1.hp.com/us/en/products/switches/selector/index.aspx On Wed, Dec 15, 2010 at 4:04 PM, Tom Miller tmil...@hnncsb.org wrote: Folks, I'm in the market for a few new switches for a new remote office. 1 GIG with POE will be fine for this site. I don't need anything fancy, just basic L3 and VLANs. In the past I've used 3COM 5500G series, but this time I'm thinking HP since you folks on this list seem to give HP switches high reviews. Looking at the various HP switches, I think the E2910al series will due. It's hard to tell looking at HPs site the differences between the E2910 and the A series. Both are listed as fixed port L3 managed ethernet switches. Any of you HP folks care to clarify this for me? Regards, Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Switches
Just as a point of interest...I was told that Cisco has a 24 port POE switch on promo right now (In Canada at least) On Wed, Dec 15, 2010 at 4:18 PM, Richard Stovall rich...@gmail.com wrote: When I put in Fixed port, blank for port count, Smart Managed, Layer 3 lite, Gigabit Cooper, blank for uplink type, PoE, and blank for HA, I come up with V1910-24G-PoE(170W) and V1910-24G-PoE(365W). Note that the V series doesn't appear to have that fantabulous lifetime warranty everyone loves. On Wed, Dec 15, 2010 at 4:11 PM, Tom Miller tmil...@hnncsb.org wrote: Thanks, funny thing is the utility recommended the E5500G - my 3COM switch that HP sells! Richard Stovall rich...@gmail.com 12/15/2010 4:08 PM Try the comparison tool at: http://h17007.www1.hp.com/us/en/products/switches/selector/index.aspx On Wed, Dec 15, 2010 at 4:04 PM, Tom Miller tmil...@hnncsb.org wrote: Folks, I'm in the market for a few new switches for a new remote office. 1 GIG with POE will be fine for this site. I don't need anything fancy, just basic L3 and VLANs. In the past I've used 3COM 5500G series, but this time I'm thinking HP since you folks on this list seem to give HP switches high reviews. Looking at the various HP switches, I think the E2910al series will due. It's hard to tell looking at HPs site the differences between the E2910 and the A series. Both are listed as fixed port L3 managed ethernet switches. Any of you HP folks care to clarify this for me? Regards, Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Removing internal host and IP addresses from message headers
In my upgrade to Exchange 2010, I noticed internal stuff is back in the headers. I remember back in the day it was good practice to remove this. What the take on this now? This is an interesting article on the pros and cons. but I'm still not quite sure. Doesn't feel right leaving them in there. http://exchangepedia.com/blog/2008/05/removing-internal-host-names-and-ip.ht ml Sam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: System Tool 2011 malware
John, On Wed, 15 Dec 2010 15:20:24 -0500, John Aldrich wrote: Not trying to get argumentative here, but what tool would you use to replace SpyBot's ability to see *everything* in the system startup? As I said, this didn't show up in the MSCONFIG display, and I know SpyBot does a good job of showing what's in the startup list, so that's what I use. If you can recommend something else that easily and clearly shows what's set to startup, I'll be more than happy to switch. I just don't know of anything else, myself. I've been using Mike Lin's StartupMonitor for many years. A great tool which uses very few system resoucres. http://www.mlin.net/StartupMonitor.shtml I use it in conjunction with his Startup Control Panel http://www.mlin.net/StartupCPL.shtml Another great (but more complex tool) I like is Mark Jacobs' MJ Registry Watcher http://www.jacobsm.com/mjsoft.htm#rgwtchr From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, December 15, 2010 2:34 PM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I would recommend other tools for startup scanning. I mean this with all sincerity, compared to other tools you can scan your system with, SBSD is a waste of scanning time. Its not top of the food chain anymore. Also, Tea-Timer (if utilized) is a major performance drag on your system, and its not even a system service. Ultimately, the security you get from SBSD should not be trusted. I think that autoruns would be a better tool for startup inspection - Its fast and well organized. A simple script can quickly open the hosts file for you on any system. Scripts could also automate basic inspecting of the hosts file contents being altered. -- ME2 On Wed, Dec 15, 2010 at 11:21 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: Well, SpyBot has a couple things going for it that the others dont the ability to see whats in the startup and the hosts file. Sure there are other apps thatll install a hosts file for you, but its really easy to do with SpyBot, plus its easy to see whats in the startup that *doesn't* show up with MSCONFIG or simply looking at the startup folder in the start menu. I could tell that something was auto-starting, but I couldnt see what it was without loading up SpyBot. :-) I'll grant you that other things may do a better job of cleaning, but I think it's still a useful tool. From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, December 15, 2010 1:37 PM To: NT System Admin Issues Subject: Re: System Tool 2011 malware SAFE MODE, SAFE MODE, SAFE MODE... Forget SBSD, it sucks these days. Malwarebytes, ESET, and Kasperky. Use those. You'll get *everything*. Use Live CD's if at all possible. But, if you do, be aware of NTFS perms. -- ME2 On Tue, Dec 14, 2010 at 7:47 PM, Steve Ens stevey...@gmail.com wrote: Hey John Are you asking how to fix it, or why Vipre didn't catch it? If you're trying to fix it, then logon as the administrator (or something other than what the infected profile) and then run the tools...full scans. Steve On Tuesday, December 14, 2010, John Aldrich jaldr...@blueridgecarpet.com wrote: I had a home user who called me to come work on his computer because it kept coming up with the system tool 2011 malware (very similar to the fake antivirus malware.) The system is Windows XP Media Edition, and had Vipre Home installed. I ran Vipre Rescue yesterday and it supposedly cleaned some of it up, but as soon as the user rebooted into normal mode, it was back. Today, I went back and ran MalwareBytes and SpyBot SD. Neither apparently caught it, but looking at the startup entries in SpyBot, I saw a random jumble of letters under c: \documents and settings\all users\application data\ which, when I entered the directory in Windows Explorer, showed the icon for the System Tool 2011 malware. Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I tried to submit a zip of it to the CW Sandbox, but got a response that it couldn't be analyzed... -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE- Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE- Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE- Enterprise/ ~ --- To manage subscriptions click here:
Re: LSI SATA RAID issue
ACU is already on the box and doesn't see the array. I don't think it works with that controller. Joseph L. Casale wrote: Like John said, if you have the smartpack installed, it will likely include the hpadu/acu (diagnostic/config utility) and you can query this info from it. If not, you can fetch it online, not sure if it needs a reboot, I doubt it. jlc -Original Message- From: Bill Humphries [mailto:nt...@hedgedigger.com] Sent: Wednesday, December 15, 2010 1:48 PM To: NT System Admin Issues Subject: Re: LSI SATA RAID issue Heh. This thing is way out of warranty. The SATA drives are atleast 4 years old...so that adds tp my concern regarding array status. They want to make it through this next tax season with this server. VIPCS wrote: Can you call HP Support and ask them the question? Sincerely, Jeffrey and Mary Jane Harris VIPCS -Original Message- From: Bill Humphries [mailto:nt...@hedgedigger.com] Sent: Wednesday, December 15, 2010 3:20 PM To: NT System Admin Issues Subject: LSI SATA RAID issue SO I have a client with HP ML310 with SATA drives running SBS 2003. The machine has been slow and disks show severe fragmentation. They had a power issue yesterday and when I was onsite and booted the machine I noticed that the pre-windows load screen mentioned that the LSI array was failed or degraded. It booted into windows before I had time to hit the function key and I couldn't take it down any longer during business hours. Itmight have just been degraded due to power failure...or maybe something else. I can't seem to find any way to see RAID status on this server while in windows. I don't think the standard HP array manager software supports the LSI onboard controller. Mt google-fu is failing. any way to see status of the array without taking the machine down? Thanks for any input. Bill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: System Tool 2011 malware /OT
Richard thinks that might be the royal illeism y'all are using. On Wed, Dec 15, 2010 at 3:55 PM, Jonathan Link jonathan.l...@gmail.comwrote: We are pleased. We are very pleased. On Wed, Dec 15, 2010 at 2:58 PM, Richard Stovall rich...@gmail.comwrote: Richard learned a new word today. On Wed, Dec 15, 2010 at 2:43 PM, Joseph L. Casale jcas...@activenetwerx.com wrote: Lol, every mail you type starts with “jeffrey”, are you Mary, and do you actually handle all of jeffreys email or is Jeffrey an illeist? I get a small kick out of following this, lol… /me Thinks Joseph needs a Mary of his own, hehJ *From:* VIPCS [mailto:vi...@stny.rr.com] *Sent:* Wednesday, December 15, 2010 12:35 PM *To:* NT System Admin Issues *Subject:* RE: System Tool 2011 malware Jeffrey was confused by your “not buying it” comment. No personal slights were intended. Each of the other programs (except Vipre) found something, but it was left to combofix to actually resolve the basic issue of the keyboard not working. Sincerely, Jeffrey and Mary Jane Harris VIPCS -- *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Wednesday, December 15, 2010 2:23 PM *To:* NT System Admin Issues *Subject:* Re: System Tool 2011 malware I didnt claim they are the end-all anything, and I certainly dont say so about Vipre - but Malwarebytes outshines ComboFix. ComboFix is faster, but I have not found it to be more reliable in any provable sense. In fact, my logs show the opposite. I also didnt claim anyone should have a static toolbag, or that ComboFix didnt fix the problem as described. I was raising the issue that there were and perhaps still are other problems on that system that are preventing Malwarebytes from operating properly; which is something I often find on systems that are not running the registered (real-time) version of Malwarebytes. -- ME2 On Wed, Dec 15, 2010 at 11:09 AM, VIPCS vi...@stny.rr.com wrote: As Jeffrey recalls, he had to rename the MB executable just to allow it to run. In any case, even if MB was blocked from operating optimally, you still cannot argue that combofix actually fixed the problem. Jeffrey raised this issue with Vipre support and they said they said the same thing – Vipre and MB are not the be-all and end-all for all malware, and sometimes specialized tools (such as combofix) are essential for some malware removal. Sincerely, Jeffrey and Mary Jane Harris VIPCS -- *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Wednesday, December 15, 2010 2:02 PM *To:* NT System Admin Issues *Subject:* Re: System Tool 2011 malware Malwarebytes no, but ComboFix yes? I'm not buying it. Something else was happening that broke or blocked Mb from updating. -- ME2 On Wed, Dec 15, 2010 at 8:51 AM, VIPCS vi...@stny.rr.com wrote: Jeffrey had to fix malware on a user's system that infected the keyboard drivers, and prevent any keyboard from being used. Combofix was the only tool that detected and fixed the issue (Jeffrey tried Vipre, Vipre Rescue, MalwareBytes, and the Microsoft Malicious Software Removal Tool). That Vipre never even detected the malware concerned Jeffrey more than anything else, even though Jeffrey knew it was malware because of numerous reports on the Internet of other users with the same issue. Sincerely, Jeffrey and Mary Jane Harris VIPCS -Original Message- From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu] Sent: Wednesday, December 15, 2010 11:07 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Don't forget combofix - taken care of some things that can't be cleaned otherwise. Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 On 12/15/10 10:37 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: Thanks for the info, guys... I downloaded it and will start using it as part of my regular troubleshooting/cleaning toolkit. :-) From: Scott Weber [mailto:swe...@thanksal.com] Sent: Wednesday, December 15, 2010 10:24 AM To: NT System Admin Issues Subject: RE: System Tool 2011 malware James, Recently (this past weekend) found out about secunia PSI and I like it. +1 Scott From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, December 15, 2010 7:53 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Secunia PSI FTWI've got that down as part of the standard toolset I put on home users' PCs now. It's also not too hard to use, which is a big plus for these kind of jobs On 15 December 2010 13:50, Erik Goldoff egold...@gmail.com wrote: I wonder the status of patching on his system, not just Microsoft but Adobe and other applications. I've seen a bit of these fake av type malware gems arrive via
Re: Switches
Do you need layer 3? The Procurve 2520 series is the Procurve layer 2 PoE switch line. I'm looking at getting some of these for WiFi AP/IP Phone deployment. The 2520-24G-PoE might be what you're looking for. I'm curious, what is the need for Gigabit PoE? High speed 802.11n networking? --Matt Ross Ephrata School District - Original Message - From: Richard Stovall [mailto:rich...@gmail.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Wed, 15 Dec 2010 13:18:31 -0800 Subject: Re: Switches When I put in Fixed port, blank for port count, Smart Managed, Layer 3 lite, Gigabit Cooper, blank for uplink type, PoE, and blank for HA, I come up with V1910-24G-PoE(170W) and V1910-24G-PoE(365W). Note that the V series doesn't appear to have that fantabulous lifetime warranty everyone loves. On Wed, Dec 15, 2010 at 4:11 PM, Tom Miller tmil...@hnncsb.org wrote: Thanks, funny thing is the utility recommended the E5500G - my 3COM switch that HP sells! Richard Stovall rich...@gmail.com 12/15/2010 4:08 PM Try the comparison tool at: http://h17007.www1.hp.com/us/en/products/switches/selector/index.aspx On Wed, Dec 15, 2010 at 4:04 PM, Tom Miller tmil...@hnncsb.org wrote: Folks, I'm in the market for a few new switches for a new remote office. 1 GIG with POE will be fine for this site. I don't need anything fancy, just basic L3 and VLANs. In the past I've used 3COM 5500G series, but this time I'm thinking HP since you folks on this list seem to give HP switches high reviews. Looking at the various HP switches, I think the E2910al series will due. It's hard to tell looking at HPs site the differences between the E2910 and the A series. Both are listed as fixed port L3 managed ethernet switches. Any of you HP folks care to clarify this for me? Regards, Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: LSI SATA RAID issue
If it is an LSI, then download their MegaRaid Storage Manager utility. That should allow you to see the status of the drives. The latest version works with the older cards - I am using it with an old Perc 5i (which is LSI) on Windows 2008 R2, although it detects it as Windows Vista. Simon. -- Simon Butler MVP: Exchange, MCSE Sembee Ltd. e: si...@sembee.co.uk w: http://www.sembee.co.uk/ w: http://www.amset.info/ w: http://blog.sembee.co.uk/ Need cheap certificates for Exchange, compatible with the iPhone? http://CertificatesForExchange.com/ for certificates from just $26.99. Need a domain for your certificate? http://DomainsForExchange.net/ Exchange Resources: http://exbpa.com/ -Original Message- From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: 15 December 2010 20:55 To: NT System Admin Issues Subject: RE: LSI SATA RAID issue Like John said, if you have the smartpack installed, it will likely include the hpadu/acu (diagnostic/config utility) and you can query this info from it. If not, you can fetch it online, not sure if it needs a reboot, I doubt it. jlc -Original Message- From: Bill Humphries [mailto:nt...@hedgedigger.com] Sent: Wednesday, December 15, 2010 1:48 PM To: NT System Admin Issues Subject: Re: LSI SATA RAID issue Heh. This thing is way out of warranty. The SATA drives are atleast 4 years old...so that adds tp my concern regarding array status. They want to make it through this next tax season with this server. VIPCS wrote: Can you call HP Support and ask them the question? Sincerely, Jeffrey and Mary Jane Harris VIPCS -Original Message- From: Bill Humphries [mailto:nt...@hedgedigger.com] Sent: Wednesday, December 15, 2010 3:20 PM To: NT System Admin Issues Subject: LSI SATA RAID issue SO I have a client with HP ML310 with SATA drives running SBS 2003. The machine has been slow and disks show severe fragmentation. They had a power issue yesterday and when I was onsite and booted the machine I noticed that the pre-windows load screen mentioned that the LSI array was failed or degraded. It booted into windows before I had time to hit the function key and I couldn't take it down any longer during business hours. Itmight have just been degraded due to power failure...or maybe something else. I can't seem to find any way to see RAID status on this server while in windows. I don't think the standard HP array manager software supports the LSI onboard controller. Mt google-fu is failing. any way to see status of the array without taking the machine down? Thanks for any input. Bill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Removing internal host and IP addresses from message headers
I think it isn't worth the trouble. But you can set the security on the connectors and get rid of it, if you really care. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Sam Cayze [mailto:sca...@gmail.com] Sent: Wednesday, December 15, 2010 4:31 PM To: NT System Admin Issues Subject: Removing internal host and IP addresses from message headers In my upgrade to Exchange 2010, I noticed internal stuff is back in the headers. I remember back in the day it was good practice to remove this. What the take on this now? This is an interesting article on the pros and cons... but I'm still not quite sure. Doesn't feel right leaving them in there. http://exchangepedia.com/blog/2008/05/removing-internal-host-names-and-ip.html Sam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
New Policy UPN vs samAccountname
Trying to draft new policy for user accounts? What is the most effecitve advice? samAccountname - which is generally truncated, cryptic version of realname or nice and clean UPN which is i.e. first.lastn...@gmail.com. Certainly UPN seems scalable, cloud friendly and future proof? Any thoughts or incompatibilites experienced? Thanks in advance, ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: LSI SATA RAID issue
Simon, thanks and awesome. I downloaded and installed. It looks like we have degraded RAID 1 on our hands. Simon Butler wrote: If it is an LSI, then download their MegaRaid Storage Manager utility. That should allow you to see the status of the drives. The latest version works with the older cards - I am using it with an old Perc 5i (which is LSI) on Windows 2008 R2, although it detects it as Windows Vista. Simon. -- Simon Butler MVP: Exchange, MCSE Sembee Ltd. e: si...@sembee.co.uk w: http://www.sembee.co.uk/ w: http://www.amset.info/ w: http://blog.sembee.co.uk/ Need cheap certificates for Exchange, compatible with the iPhone? http://CertificatesForExchange.com/ for certificates from just $26.99. Need a domain for your certificate? http://DomainsForExchange.net/ Exchange Resources: http://exbpa.com/ -Original Message- From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: 15 December 2010 20:55 To: NT System Admin Issues Subject: RE: LSI SATA RAID issue Like John said, if you have the smartpack installed, it will likely include the hpadu/acu (diagnostic/config utility) and you can query this info from it. If not, you can fetch it online, not sure if it needs a reboot, I doubt it. jlc -Original Message- From: Bill Humphries [mailto:nt...@hedgedigger.com] Sent: Wednesday, December 15, 2010 1:48 PM To: NT System Admin Issues Subject: Re: LSI SATA RAID issue Heh. This thing is way out of warranty. The SATA drives are atleast 4 years old...so that adds tp my concern regarding array status. They want to make it through this next tax season with this server. VIPCS wrote: Can you call HP Support and ask them the question? Sincerely, Jeffrey and Mary Jane Harris VIPCS -Original Message- From: Bill Humphries [mailto:nt...@hedgedigger.com] Sent: Wednesday, December 15, 2010 3:20 PM To: NT System Admin Issues Subject: LSI SATA RAID issue SO I have a client with HP ML310 with SATA drives running SBS 2003. The machine has been slow and disks show severe fragmentation. They had a power issue yesterday and when I was onsite and booted the machine I noticed that the pre-windows load screen mentioned that the LSI array was failed or degraded. It booted into windows before I had time to hit the function key and I couldn't take it down any longer during business hours. Itmight have just been degraded due to power failure...or maybe something else. I can't seem to find any way to see RAID status on this server while in windows. I don't think the standard HP array manager software supports the LSI onboard controller. Mt google-fu is failing. any way to see status of the array without taking the machine down? Thanks for any input. Bill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Rename WDS Server?
I've done it before with no issues. I think it was just a matter of changing the server name in the bootstrap.ini file, I don't have access to the server anymore to verify. You'll need to rebuild the boot image again. I can't remember if there were any settings in the registry or not. T typed slowly on HTC Desire On 15 Dec 2010 20:05, Roger Wright rhw...@gmail.com wrote: We have a server now formally used for multiple services but now utilized for Windows Deployment Services only. We'd like to rename the box but are concerned that this may break WDS. Any experience along these lines? Roger Wright ___ Never make hard what you can make easy. - Fred W. Frailey ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: System Tool 2011 malware
^^^ This -- ME2 On Wed, Dec 15, 2010 at 12:20 PM, Richard Stovall rich...@gmail.com wrote: Autoruns. Terrible name, great utility. live.sysinternals.com On Wed, Dec 15, 2010 at 3:18 PM, John Aldrich jaldr...@blueridgecarpet.com wrote: I wasn't even using SpyBot to scan so much as to see what, in registry, etc was set to start. What do you recommend that's got the nice, easy to use interface listing what's set to start up automagically and allow you to enable/disable with a simple click? That way you don't have to *delete* it, just disable it from starting. From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, December 15, 2010 2:34 PM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I would recommend other tools for startup scanning. I mean this with all sincerity, compared to other tools you can scan your system with, SBSD is a waste of scanning time. Its not top of the food chain anymore. Also, Tea-Timer (if utilized) is a major performance drag on your system, and its not even a system service. Ultimately, the security you get from SBSD should not be trusted. I think that autoruns would be a better tool for startup inspection - Its fast and well organized. A simple script can quickly open the hosts file for you on any system. Scripts could also automate basic inspecting of the hosts file contents being altered. -- ME2 On Wed, Dec 15, 2010 at 11:21 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: Well, SpyBot has a couple things going for it that the others don’t – the ability to see what’s in the startup and the “hosts” file. Sure there are other apps that’ll install a hosts file for you, but it’s really easy to do with SpyBot, plus it’s easy to see what’s in the startup that *doesn't* show up with MSCONFIG or simply looking at the startup folder in the start menu. I could tell that something was auto-starting, but I couldn’t see what it was without loading up SpyBot. :-) I'll grant you that other things may do a better job of cleaning, but I think it's still a useful tool. From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, December 15, 2010 1:37 PM To: NT System Admin Issues Subject: Re: System Tool 2011 malware SAFE MODE, SAFE MODE, SAFE MODE... Forget SBSD, it sucks these days. Malwarebytes, ESET, and Kasperky. Use those. You'll get *everything*. Use Live CD's if at all possible. But, if you do, be aware of NTFS perms. -- ME2 On Tue, Dec 14, 2010 at 7:47 PM, Steve Ens stevey...@gmail.com wrote: Hey John Are you asking how to fix it, or why Vipre didn't catch it? If you're trying to fix it, then logon as the administrator (or something other than what the infected profile) and then run the tools...full scans. Steve On Tuesday, December 14, 2010, John Aldrich jaldr...@blueridgecarpet.com wrote: I had a home user who called me to come work on his computer because it kept coming up with the system tool 2011 malware (very similar to the fake antivirus malware.) The system is Windows XP Media Edition, and had Vipre Home installed. I ran Vipre Rescue yesterday and it supposedly cleaned some of it up, but as soon as the user rebooted into normal mode, it was back. Today, I went back and ran MalwareBytes and SpyBot SD. Neither apparently caught it, but looking at the startup entries in SpyBot, I saw a random jumble of letters under c: \documents and settings\all users\application data\ which, when I entered the directory in Windows Explorer, showed the icon for the System Tool 2011 malware. Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I tried to submit a zip of it to the CW Sandbox, but got a response that it couldn't be analyzed... -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
Re: System Tool 2011 malware /OT
/Micheal thinks that he has a bad habit of typing things in a way that sounds personal when it really isnt. No worries. -- ME2 On Wed, Dec 15, 2010 at 11:43 AM, Joseph L. Casale jcas...@activenetwerx.com wrote: Lol, every mail you type starts with “jeffrey”, are you Mary, and do you actually handle all of jeffreys email or is Jeffrey an illeist? I get a small kick out of following this, lol… /me Thinks Joseph needs a Mary of his own, hehJ *From:* VIPCS [mailto:vi...@stny.rr.com] *Sent:* Wednesday, December 15, 2010 12:35 PM *To:* NT System Admin Issues *Subject:* RE: System Tool 2011 malware Jeffrey was confused by your “not buying it” comment. No personal slights were intended. Each of the other programs (except Vipre) found something, but it was left to combofix to actually resolve the basic issue of the keyboard not working. Sincerely, Jeffrey and Mary Jane Harris VIPCS -- *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Wednesday, December 15, 2010 2:23 PM *To:* NT System Admin Issues *Subject:* Re: System Tool 2011 malware I didnt claim they are the end-all anything, and I certainly dont say so about Vipre - but Malwarebytes outshines ComboFix. ComboFix is faster, but I have not found it to be more reliable in any provable sense. In fact, my logs show the opposite. I also didnt claim anyone should have a static toolbag, or that ComboFix didnt fix the problem as described. I was raising the issue that there were and perhaps still are other problems on that system that are preventing Malwarebytes from operating properly; which is something I often find on systems that are not running the registered (real-time) version of Malwarebytes. -- ME2 On Wed, Dec 15, 2010 at 11:09 AM, VIPCS vi...@stny.rr.com wrote: As Jeffrey recalls, he had to rename the MB executable just to allow it to run. In any case, even if MB was blocked from operating optimally, you still cannot argue that combofix actually fixed the problem. Jeffrey raised this issue with Vipre support and they said they said the same thing – Vipre and MB are not the be-all and end-all for all malware, and sometimes specialized tools (such as combofix) are essential for some malware removal. Sincerely, Jeffrey and Mary Jane Harris VIPCS -- *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Wednesday, December 15, 2010 2:02 PM *To:* NT System Admin Issues *Subject:* Re: System Tool 2011 malware Malwarebytes no, but ComboFix yes? I'm not buying it. Something else was happening that broke or blocked Mb from updating. -- ME2 On Wed, Dec 15, 2010 at 8:51 AM, VIPCS vi...@stny.rr.com wrote: Jeffrey had to fix malware on a user's system that infected the keyboard drivers, and prevent any keyboard from being used. Combofix was the only tool that detected and fixed the issue (Jeffrey tried Vipre, Vipre Rescue, MalwareBytes, and the Microsoft Malicious Software Removal Tool). That Vipre never even detected the malware concerned Jeffrey more than anything else, even though Jeffrey knew it was malware because of numerous reports on the Internet of other users with the same issue. Sincerely, Jeffrey and Mary Jane Harris VIPCS -Original Message- From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu] Sent: Wednesday, December 15, 2010 11:07 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Don't forget combofix - taken care of some things that can't be cleaned otherwise. Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 On 12/15/10 10:37 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: Thanks for the info, guys... I downloaded it and will start using it as part of my regular troubleshooting/cleaning toolkit. :-) From: Scott Weber [mailto:swe...@thanksal.com] Sent: Wednesday, December 15, 2010 10:24 AM To: NT System Admin Issues Subject: RE: System Tool 2011 malware James, Recently (this past weekend) found out about secunia PSI and I like it. +1 Scott From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, December 15, 2010 7:53 AM To: NT System Admin Issues Subject: Re: System Tool 2011 malware Secunia PSI FTWI've got that down as part of the standard toolset I put on home users' PCs now. It's also not too hard to use, which is a big plus for these kind of jobs On 15 December 2010 13:50, Erik Goldoff egold...@gmail.com wrote: I wonder the status of patching on his system, not just Microsoft but Adobe and other applications. I've seen a bit of these fake av type malware gems arrive via suspected 'drive by' website visits, possibly from hitting flash/shockwave vulnerabilities on linked animated advertisements. Erik Goldoff IT Consultant
RE: New Policy UPN vs samAccountname
My advice hasn't changed since 2004. :-) http://theessentialexchange.com/blogs/michael/archive/2009/04/07/handling-the-userprincipalname-in-powershell.aspx http://theessentialexchange.com/blogs/michael/archive/2007/11/13/the-user-principle-name-and-you.aspx Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Juned Shaikh [jsha...@gmail.com] Sent: Wednesday, December 15, 2010 5:57 PM To: NT System Admin Issues Subject: New Policy UPN vs samAccountname Trying to draft new policy for user accounts? What is the most effecitve advice? samAccountname - which is generally truncated, cryptic version of realname or nice and clean UPN which is i.e. first.lastn...@gmail.com. Certainly UPN seems scalable, cloud friendly and future proof? Any thoughts or incompatibilites experienced? Thanks in advance, ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: New Policy UPN vs samAccountname
Fantastic! Thanks Michael.. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin