Re: System Tool 2011 malware

2010-12-15 Thread John Aldrich 
On Tue December 14 2010, you wrote:
 Hi John,
 
 User know where they were surfing when it hit?
 
 Samples can be submitted here:
 
 http://www.sunbeltsecurity.com/threat
 
 If you want assistance with removal check the box that says I need help
 . Someone will be happy to help.
 
 We're releasing defs something like 13x/day now so shouldn't be too long
 to get updates for that critter.
 
Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre 
Home caught it...what's more, it disabled Vipre Home. I'll see if I can get 
access to the zipped sample so I can resubmit.

Thanks!

-- 
Thanks,
John Aldrich
Blueridge Industries
IT Manager

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: I: System Tool 2011 malware

2010-12-15 Thread John Aldrich 
On Wed December 15 2010, you wrote:
 Try with Prevx3.0
 
 
I'm pretty sure I got rid of it...but was concerned that Vipre (home) and 
Vipre Rescue didn't catch it...

-- 
Thanks,
John Aldrich
Blueridge Industries
IT Manager

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: System Tool 2011 malware

2010-12-15 Thread John Cook 
Turn off system restore and do another scan
John W. Cook
Systems Administrator
Partnership for Strong Families

- Original Message -
From: John Aldrich jaldr...@blueridgecarpet.com
To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
Sent: Tue Dec 14 22:21:39 2010
Subject: System Tool 2011 malware

I had a home user who called me to come work on his computer because it
kept coming up with the system tool 2011 malware (very similar to the
fake antivirus malware.)
The system is Windows XP Media Edition, and had Vipre Home installed. I ran
Vipre Rescue yesterday and it supposedly cleaned some of it up, but as soon
as the user rebooted into normal mode, it was back. Today, I went back and
ran MalwareBytes and SpyBot SD.  Neither apparently caught it, but looking
at the startup entries in SpyBot, I saw a random jumble of letters under c:
\documents and settings\all users\application data\ which, when I entered
the directory in Windows Explorer, showed the icon for the System Tool 2011
malware.
Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I
tried to submit a zip of it to the CW Sandbox, but got a response that it
couldn't be analyzed...
--
Thanks,
John Aldrich
Blueridge Industries
IT Manager

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
 Consider the environment. Please don't print this e-mail unless you really 
need to.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

OT: Anyone looking for a new gig for the new year? (Baltimore area)

2010-12-15 Thread Jim Holmgren 
Hey folks,
I've got some openings coming up here in the Baltimore MD area.  Some of
these are due to expanded headcounts (we are really growing) and one is
due to mutually agreed separation.   All of these positions would
directly or indirectly report to me.

HR is going through the usual sources, but I thought I could help cast a
wider net.  We are pretty much a 100% Windows shop, EMC storage, VMWare
infrastructure, and we are looking for:

1) Manager of Server Engineering (my current position - I just received
a promotion) 
2) Tier 2/3 Technical Support 
3) Junior SQL DBA
4) Principal SQL DBA

I know this is not a lot to go on, but I don't want to flood the list
with job descriptions, etc.  Competitive salary, good benefits, EOE,
etc.

If any of these titles look interesting and you are in the Baltimore MD
area (can't do paid relocation, sorry) drop me a note off-list please.

Thanks!
Jim


Jim Holmgren
Manager of Server Engineering
XLHealth Corporation
The Warehouse at Camden Yards
351 West Camden Street, Suite 100
Baltimore, MD 21201 
410.625.2200 (main)
443.524.8573 (direct)
443-506.2400 (cell)
www.xlhealth.com




CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use 
of the intended recipient(s) and may contain confidential and/or protected 
health information. Under the Federal Law (HIPAA), the intended recipient is 
obligated to keep this information secure and confidential. Any disclosure to 
third parties without authorization from the member of as permitted by law is 
prohibited and punishable under Federal Law. If you are not the intended 
recipient, please contact the sender by reply e-mail and destroy all copies of 
the original message.

NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso 
exclusivo del destinatario(s) y puede contener información confidencial y/o 
información protegida de salud. En virtud de la Ley Federal (HIPAA), el 
destinatario tiene la obligación de mantener esta información segura y 
confidencial. Cualquier divulgación a terceros sin la autorización de los 
miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley 
Federal. Si usted no es el destinatario, por favor, póngase en contacto con el 
remitente por teléfono y destruir todas las copias del mensaje original

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Anyone looking for a new gig for the new year? (Baltimore area)

2010-12-15 Thread Kennedy, Jim 
Congrats Jim.

-Original Message-
From: Jim Holmgren [mailto:jholmg...@xlhealth.com] 
Sent: Wednesday, December 15, 2010 8:18 AM
To: NT System Admin Issues
Subject: OT: Anyone looking for a new gig for the new year? (Baltimore area)

 (my current position - I just received a promotion)


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: System Tool 2011 malware

2010-12-15 Thread James Kerr 
I had a user get that crap on his PC on Tuesday and it disabled Vipre 
Enterprise also. The user swears he didn't click on anything and was on 
MSNBCs site. He was about to get a new PC anyway so I'm not bothering to 
clean. Its not the first time that user got one of those fake AVs, or the 
second for that matter.


James



- Original Message - 
From: John Aldrich jaldr...@blueridgecarpet.com

To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
Sent: Wednesday, December 15, 2010 5:21 AM
Subject: Re: System Tool 2011 malware



On Tue December 14 2010, you wrote:

Hi John,

User know where they were surfing when it hit?

Samples can be submitted here:

http://www.sunbeltsecurity.com/threat

If you want assistance with removal check the box that says I need help
. Someone will be happy to help.

We're releasing defs something like 13x/day now so shouldn't be too long
to get updates for that critter.


Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre
Home caught it...what's more, it disabled Vipre Home. I'll see if I can 
get

access to the zipped sample so I can resubmit.

Thanks!

--
Thanks,
John Aldrich
Blueridge Industries
IT Manager

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/

or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: System Tool 2011 malware

2010-12-15 Thread John Aldrich 
Yeah... I ended up disabling system restore while in safe mode. What's scary
is that none of the standard tools seems to have caught this new variant and
that I only apparently got rid of it by deleting the folder containing the
bogus malware. 'Course there was a lot of other crap on there too...
MyWebSearch and some other junk. The usual tools took care of that stuff.



-Original Message-
From: John Cook [mailto:john.c...@pfsf.org] 
Sent: Wednesday, December 15, 2010 7:02 AM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

Turn off system restore and do another scan
John W. Cook
Systems Administrator
Partnership for Strong Families

- Original Message -
From: John Aldrich jaldr...@blueridgecarpet.com
To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
Sent: Tue Dec 14 22:21:39 2010
Subject: System Tool 2011 malware

I had a home user who called me to come work on his computer because it
kept coming up with the system tool 2011 malware (very similar to the
fake antivirus malware.)
The system is Windows XP Media Edition, and had Vipre Home installed. I ran
Vipre Rescue yesterday and it supposedly cleaned some of it up, but as soon
as the user rebooted into normal mode, it was back. Today, I went back and
ran MalwareBytes and SpyBot SD.  Neither apparently caught it, but looking
at the startup entries in SpyBot, I saw a random jumble of letters under c:
\documents and settings\all users\application data\ which, when I entered
the directory in Windows Explorer, showed the icon for the System Tool 2011
malware.
Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I
tried to submit a zip of it to the CW Sandbox, but got a response that it
couldn't be analyzed...
--
Thanks,
John Aldrich
Blueridge Industries
IT Manager

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

CONFIDENTIALITY STATEMENT: The information transmitted, or contained or
attached to or with this Notice is intended only for the person or entity to
which it is addressed and may contain Protected Health Information (PHI),
confidential and/or privileged material. Any review, transmission,
dissemination, or other use of, and taking any action in reliance upon this
information by persons or entities other than the intended recipient without
the express written consent of the sender are prohibited. This information
may be protected by the Health Insurance Portability and Accountability Act
of 1996 (HIPAA), and other Federal and Florida laws. Improper or
unauthorized use or disclosure of this information could result in civil
and/or criminal penalties.
 Consider the environment. Please don't print this e-mail unless you really
need to.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: System Tool 2011 malware

2010-12-15 Thread John Aldrich 
Steve, et al:
I  was concerned that Vipre Home and Vipre Rescue didn't catch it. I should
point out that I'm aware that *nothing* catches everything, which is why I
like to use multiple tools to scan a computer when I suspect a malware
outbreak. I was just surprised that Vipre, which seems to be one of the best
(if not THE best) anti-malware products didn't catch it, even using the
Rescue version.




-Original Message-
From: Steve Ens [mailto:stevey...@gmail.com] 
Sent: Tuesday, December 14, 2010 10:47 PM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

Hey John
Are you asking how to fix it, or why Vipre didn't catch it?  If you're
trying to fix it, then logon as the administrator (or something other
than what the infected profile) and then run the tools...full scans.
Steve


On Tuesday, December 14, 2010, John Aldrich
jaldr...@blueridgecarpet.com wrote:
 I had a home user who called me to come work on his computer because it
 kept coming up with the system tool 2011 malware (very similar to the
 fake antivirus malware.)
 The system is Windows XP Media Edition, and had Vipre Home installed. I
ran
 Vipre Rescue yesterday and it supposedly cleaned some of it up, but as
soon
 as the user rebooted into normal mode, it was back. Today, I went back and
 ran MalwareBytes and SpyBot SD.  Neither apparently caught it, but
looking
 at the startup entries in SpyBot, I saw a random jumble of letters under
c:
 \documents and settings\all users\application data\ which, when I entered
 the directory in Windows Explorer, showed the icon for the System Tool
2011
 malware.
 Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I
 tried to submit a zip of it to the CW Sandbox, but got a response that it
 couldn't be analyzed...
 --
 Thanks,
 John Aldrich
 Blueridge Industries
 IT Manager

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: System Tool 2011 malware

2010-12-15 Thread Erik Goldoff 
I wonder the status of patching on his system, not just Microsoft but Adobe and 
other applications.  I've seen a bit of these fake av type malware gems arrive 
via suspected 'drive by' website visits, possibly from hitting flash/shockwave 
vulnerabilities on linked animated advertisements.


Erik Goldoff
IT  Consultant
Systems, Networks,  Security 

'  Security is an ongoing process, not a one time event ! '



-Original Message-
From: James Kerr [mailto:cluster...@gmail.com] 
Sent: Wednesday, December 15, 2010 8:42 AM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

I had a user get that crap on his PC on Tuesday and it disabled Vipre 
Enterprise also. The user swears he didn't click on anything and was on 
MSNBCs site. He was about to get a new PC anyway so I'm not bothering to 
clean. Its not the first time that user got one of those fake AVs, or the 
second for that matter.

James



- Original Message - 
From: John Aldrich jaldr...@blueridgecarpet.com
To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
Sent: Wednesday, December 15, 2010 5:21 AM
Subject: Re: System Tool 2011 malware


 On Tue December 14 2010, you wrote:
 Hi John,

 User know where they were surfing when it hit?

 Samples can be submitted here:

 http://www.sunbeltsecurity.com/threat

 If you want assistance with removal check the box that says I need help
 . Someone will be happy to help.

 We're releasing defs something like 13x/day now so shouldn't be too long
 to get updates for that critter.

 Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre
 Home caught it...what's more, it disabled Vipre Home. I'll see if I can 
 get
 access to the zipped sample so I can resubmit.

 Thanks!

 -- 
 Thanks,
 John Aldrich
 Blueridge Industries
 IT Manager

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here: 
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: System Tool 2011 malware

2010-12-15 Thread James Rankin 
Reactive anti-malware is increasingly redundant these days...I rely heavily
on application whitelisting technologies now. It's very rare our AV goes off
at all, and it's mainly on IT tools such as l0phtcrack, pwdump and the like

On 15 December 2010 13:47, John Aldrich jaldr...@blueridgecarpet.comwrote:

 Yeah... I ended up disabling system restore while in safe mode. What's
 scary
 is that none of the standard tools seems to have caught this new variant
 and
 that I only apparently got rid of it by deleting the folder containing the
 bogus malware. 'Course there was a lot of other crap on there too...
 MyWebSearch and some other junk. The usual tools took care of that stuff.



 -Original Message-
 From: John Cook [mailto:john.c...@pfsf.org]
 Sent: Wednesday, December 15, 2010 7:02 AM
 To: NT System Admin Issues
 Subject: Re: System Tool 2011 malware

 Turn off system restore and do another scan
 John W. Cook
 Systems Administrator
 Partnership for Strong Families

 - Original Message -
 From: John Aldrich jaldr...@blueridgecarpet.com
 To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
 Sent: Tue Dec 14 22:21:39 2010
 Subject: System Tool 2011 malware

 I had a home user who called me to come work on his computer because it
 kept coming up with the system tool 2011 malware (very similar to the
 fake antivirus malware.)
 The system is Windows XP Media Edition, and had Vipre Home installed. I ran
 Vipre Rescue yesterday and it supposedly cleaned some of it up, but as soon
 as the user rebooted into normal mode, it was back. Today, I went back and
 ran MalwareBytes and SpyBot SD.  Neither apparently caught it, but looking
 at the startup entries in SpyBot, I saw a random jumble of letters under c:
 \documents and settings\all users\application data\ which, when I entered
 the directory in Windows Explorer, showed the icon for the System Tool 2011
 malware.
 Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I
 tried to submit a zip of it to the CW Sandbox, but got a response that it
 couldn't be analyzed...
 --
 Thanks,
 John Aldrich
 Blueridge Industries
 IT Manager

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

 CONFIDENTIALITY STATEMENT: The information transmitted, or contained or
 attached to or with this Notice is intended only for the person or entity
 to
 which it is addressed and may contain Protected Health Information (PHI),
 confidential and/or privileged material. Any review, transmission,
 dissemination, or other use of, and taking any action in reliance upon this
 information by persons or entities other than the intended recipient
 without
 the express written consent of the sender are prohibited. This information
 may be protected by the Health Insurance Portability and Accountability Act
 of 1996 (HIPAA), and other Federal and Florida laws. Improper or
 unauthorized use or disclosure of this information could result in civil
 and/or criminal penalties.
  Consider the environment. Please don't print this e-mail unless you really
 need to.

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin



 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin




-- 
On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: System Tool 2011 malware

2010-12-15 Thread James Rankin 
Secunia PSI FTWI've got that down as part of the standard toolset I
put on home users' PCs now. It's also not too hard to use, which is a big
plus for these kind of jobs

On 15 December 2010 13:50, Erik Goldoff egold...@gmail.com wrote:

 I wonder the status of patching on his system, not just Microsoft but Adobe
 and other applications.  I've seen a bit of these fake av type malware gems
 arrive via suspected 'drive by' website visits, possibly from hitting
 flash/shockwave vulnerabilities on linked animated advertisements.


 Erik Goldoff
 IT  Consultant
 Systems, Networks,  Security

 '  Security is an ongoing process, not a one time event ! '



 -Original Message-
 From: James Kerr [mailto:cluster...@gmail.com]
 Sent: Wednesday, December 15, 2010 8:42 AM
 To: NT System Admin Issues
 Subject: Re: System Tool 2011 malware

 I had a user get that crap on his PC on Tuesday and it disabled Vipre
 Enterprise also. The user swears he didn't click on anything and was on
 MSNBCs site. He was about to get a new PC anyway so I'm not bothering to
 clean. Its not the first time that user got one of those fake AVs, or the
 second for that matter.

 James



 - Original Message -
 From: John Aldrich jaldr...@blueridgecarpet.com
 To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
 Sent: Wednesday, December 15, 2010 5:21 AM
 Subject: Re: System Tool 2011 malware


  On Tue December 14 2010, you wrote:
  Hi John,
 
  User know where they were surfing when it hit?
 
  Samples can be submitted here:
 
  http://www.sunbeltsecurity.com/threat
 
  If you want assistance with removal check the box that says I need help
  . Someone will be happy to help.
 
  We're releasing defs something like 13x/day now so shouldn't be too long
  to get updates for that critter.
 
  Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre
  Home caught it...what's more, it disabled Vipre Home. I'll see if I can
  get
  access to the zipped sample so I can resubmit.
 
  Thanks!
 
  --
  Thanks,
  John Aldrich
  Blueridge Industries
  IT Manager
 
  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
  ---
  To manage subscriptions click here:
  http://lyris.sunbelt-software.com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin


 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin




-- 
On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: System Tool 2011 malware

2010-12-15 Thread Erik Goldoff 
I'm starting to recommend that clients periodically search for any EXE in
any subdirectory of the 'Documents and Settings' or 'Users' folders, and
also check the RUN keys of the registry that point to any profile location
for executables.  ( Autoruns is a good GUI for not needing to know hives and
keys )


Erik Goldoff
IT  Consultant
Systems, Networks,  Security 

'  Security is an ongoing process, not a one time event ! '



-Original Message-
From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Wednesday, December 15, 2010 8:47 AM
To: NT System Admin Issues
Subject: RE: System Tool 2011 malware

Yeah... I ended up disabling system restore while in safe mode. What's scary
is that none of the standard tools seems to have caught this new variant and
that I only apparently got rid of it by deleting the folder containing the
bogus malware. 'Course there was a lot of other crap on there too...
MyWebSearch and some other junk. The usual tools took care of that stuff.



-Original Message-
From: John Cook [mailto:john.c...@pfsf.org] 
Sent: Wednesday, December 15, 2010 7:02 AM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

Turn off system restore and do another scan
John W. Cook
Systems Administrator
Partnership for Strong Families

- Original Message -
From: John Aldrich jaldr...@blueridgecarpet.com
To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
Sent: Tue Dec 14 22:21:39 2010
Subject: System Tool 2011 malware

I had a home user who called me to come work on his computer because it
kept coming up with the system tool 2011 malware (very similar to the
fake antivirus malware.)
The system is Windows XP Media Edition, and had Vipre Home installed. I ran
Vipre Rescue yesterday and it supposedly cleaned some of it up, but as soon
as the user rebooted into normal mode, it was back. Today, I went back and
ran MalwareBytes and SpyBot SD.  Neither apparently caught it, but looking
at the startup entries in SpyBot, I saw a random jumble of letters under c:
\documents and settings\all users\application data\ which, when I entered
the directory in Windows Explorer, showed the icon for the System Tool 2011
malware.
Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I
tried to submit a zip of it to the CW Sandbox, but got a response that it
couldn't be analyzed...
--
Thanks,
John Aldrich
Blueridge Industries
IT Manager

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

CONFIDENTIALITY STATEMENT: The information transmitted, or contained or
attached to or with this Notice is intended only for the person or entity to
which it is addressed and may contain Protected Health Information (PHI),
confidential and/or privileged material. Any review, transmission,
dissemination, or other use of, and taking any action in reliance upon this
information by persons or entities other than the intended recipient without
the express written consent of the sender are prohibited. This information
may be protected by the Health Insurance Portability and Accountability Act
of 1996 (HIPAA), and other Federal and Florida laws. Improper or
unauthorized use or disclosure of this information could result in civil
and/or criminal penalties.
 Consider the environment. Please don't print this e-mail unless you really
need to.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: System Tool 2011 malware

2010-12-15 Thread Kramer, Jack 
+1 on drive-by downloading - had a couple users here get nailed maybe 4
months ago thanks to embedded PDFs. Some JS code in a malicious banner ad
served up the PDF, the Acrobat plugin launched, and that's all she wrote.
Had to wipe both machines. VIPRE blocks the same attack 3 or 4 times a
week now.


Jack Kramer
Computer Systems Specialist
University Relations, Michigan State University
w: 517-884-1231 / c: 248-635-4955




On 12/15/10 8:50 AM, Erik Goldoff egold...@gmail.com wrote:

I wonder the status of patching on his system, not just Microsoft but
Adobe and other applications.  I've seen a bit of these fake av type
malware gems arrive via suspected 'drive by' website visits, possibly
from hitting flash/shockwave vulnerabilities on linked animated
advertisements.


Erik Goldoff
IT  Consultant
Systems, Networks,  Security

'  Security is an ongoing process, not a one time event ! '



-Original Message-
From: James Kerr [mailto:cluster...@gmail.com]
Sent: Wednesday, December 15, 2010 8:42 AM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

I had a user get that crap on his PC on Tuesday and it disabled Vipre
Enterprise also. The user swears he didn't click on anything and was on
MSNBCs site. He was about to get a new PC anyway so I'm not bothering to
clean. Its not the first time that user got one of those fake AVs, or the
second for that matter.

James



- Original Message -
From: John Aldrich jaldr...@blueridgecarpet.com
To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
Sent: Wednesday, December 15, 2010 5:21 AM
Subject: Re: System Tool 2011 malware


 On Tue December 14 2010, you wrote:
 Hi John,

 User know where they were surfing when it hit?

 Samples can be submitted here:

 http://www.sunbeltsecurity.com/threat

 If you want assistance with removal check the box that says I need
help
 . Someone will be happy to help.

 We're releasing defs something like 13x/day now so shouldn't be too
long
 to get updates for that critter.

 Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre
 Home caught it...what's more, it disabled Vipre Home. I'll see if I can
 get
 access to the zipped sample so I can resubmit.

 Thanks!

 -- 
 Thanks,
 John Aldrich
 Blueridge Industries
 IT Manager

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: System Tool 2011 malware

2010-12-15 Thread John Hornbuckle 
We fight Security Tools here on a regular basis. Our users don't run with 
admin rights, so the damage is limited to their accounts--and it's generally 
easy to clean (remove the entry from the run key and delete the files 
Security Tools installed). Still, it's a pain because they so frequently get 
infected.

The makers of Security Tools work hard to stay a step ahead of antimalware 
software's definitions. In our case, we use Microsoft Forefront Client 
Security. I ran into a situation earlier this week where FCS's day-old 
definitions didn't detect a particular version of Security Tools, but when I 
updated the defs to the current day's version it did.

I'm pretty close to implementing software restriction policies for our 
employees (I already do it for our students). That's the only way I can think 
of preventing these infections 100% of the time.



John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us





-Original Message-
From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Tuesday, December 14, 2010 10:22 PM
To: NT System Admin Issues
Subject: System Tool 2011 malware

I had a home user who called me to come work on his computer because it kept 
coming up with the system tool 2011 malware (very similar to the fake 
antivirus malware.) The system is Windows XP Media Edition, and had Vipre Home 
installed. I ran Vipre Rescue yesterday and it supposedly cleaned some of it 
up, but as soon as the user rebooted into normal mode, it was back. Today, I 
went back and ran MalwareBytes and SpyBot SD.  Neither apparently caught it, 
but looking at the startup entries in SpyBot, I saw a random jumble of letters 
under c:
\documents and settings\all users\application data\ which, when I entered the 
directory in Windows Explorer, showed the icon for the System Tool 2011 
malware. 
Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I tried to 
submit a zip of it to the CW Sandbox, but got a response that it couldn't be 
analyzed...
--
Thanks,
John Aldrich
Blueridge Industries
IT Manager

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Anyone looking for a new gig for the new year? (Baltimore area)

2010-12-15 Thread Jim Holmgren 
Thanks Jim.  I'm looking forward to the challenge.  My new position will
be more like my position at my previous gig, so I'm pretty excited for
the opportunity.   This time I'll try to stay on the Sunbelt lists - I
missed a couple of years.  :)

Jim

-Original Message-
From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] 
Sent: Wednesday, December 15, 2010 8:37 AM
To: NT System Admin Issues
Subject: RE: Anyone looking for a new gig for the new year? (Baltimore
area)

Congrats Jim.

-Original Message-
From: Jim Holmgren [mailto:jholmg...@xlhealth.com] 
Sent: Wednesday, December 15, 2010 8:18 AM
To: NT System Admin Issues
Subject: OT: Anyone looking for a new gig for the new year? (Baltimore
area)

 (my current position - I just received a promotion)


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use 
of the intended recipient(s) and may contain confidential and/or protected 
health information. Under the Federal Law (HIPAA), the intended recipient is 
obligated to keep this information secure and confidential. Any disclosure to 
third parties without authorization from the member of as permitted by law is 
prohibited and punishable under Federal Law. If you are not the intended 
recipient, please contact the sender by reply e-mail and destroy all copies of 
the original message.

NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso 
exclusivo del destinatario(s) y puede contener información confidencial y/o 
información protegida de salud. En virtud de la Ley Federal (HIPAA), el 
destinatario tiene la obligación de mantener esta información segura y 
confidencial. Cualquier divulgación a terceros sin la autorización de los 
miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley 
Federal. Si usted no es el destinatario, por favor, póngase en contacto con el 
remitente por teléfono y destruir todas las copias del mensaje original

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: System Tool 2011 malware

2010-12-15 Thread John Aldrich 
Could very well be the infection vector. I didn't have time to check on those, 
however I'll suggest that he double-check those things to make sure he's 
up-to-date. IIRC, his Acrobat Reader may have popped up a note about needing to 
get updated.




-Original Message-
From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Wednesday, December 15, 2010 8:50 AM
To: NT System Admin Issues
Subject: RE: System Tool 2011 malware

I wonder the status of patching on his system, not just Microsoft but Adobe and 
other applications.  I've seen a bit of these fake av type malware gems arrive 
via suspected 'drive by' website visits, possibly from hitting flash/shockwave 
vulnerabilities on linked animated advertisements.


Erik Goldoff
IT  Consultant
Systems, Networks,  Security 

'  Security is an ongoing process, not a one time event ! '



-Original Message-
From: James Kerr [mailto:cluster...@gmail.com] 
Sent: Wednesday, December 15, 2010 8:42 AM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

I had a user get that crap on his PC on Tuesday and it disabled Vipre 
Enterprise also. The user swears he didn't click on anything and was on 
MSNBCs site. He was about to get a new PC anyway so I'm not bothering to 
clean. Its not the first time that user got one of those fake AVs, or the 
second for that matter.

James



- Original Message - 
From: John Aldrich jaldr...@blueridgecarpet.com
To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
Sent: Wednesday, December 15, 2010 5:21 AM
Subject: Re: System Tool 2011 malware


 On Tue December 14 2010, you wrote:
 Hi John,

 User know where they were surfing when it hit?

 Samples can be submitted here:

 http://www.sunbeltsecurity.com/threat

 If you want assistance with removal check the box that says I need help
 . Someone will be happy to help.

 We're releasing defs something like 13x/day now so shouldn't be too long
 to get updates for that critter.

 Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre
 Home caught it...what's more, it disabled Vipre Home. I'll see if I can 
 get
 access to the zipped sample so I can resubmit.

 Thanks!

 -- 
 Thanks,
 John Aldrich
 Blueridge Industries
 IT Manager

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here: 
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: System Tool 2011 malware

2010-12-15 Thread VIPCS 
Rad.msn.com (as well as doubleclick) were social engineered last week to
release malware (see
http://www.techeye.net/security/doubleclick-and-msn-serve-up-malware).

(Since we run our own DNS servers at home, Jeffrey added a zone for
rad.msn.com to block any content from that domain.  We previously had a zone
created for doubleclick.)

Sincerely,
 
Jeffrey and Mary Jane Harris
VIPCS
 

-Original Message-
From: James Kerr [mailto:cluster...@gmail.com] 
Sent: Wednesday, December 15, 2010 8:42 AM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

I had a user get that crap on his PC on Tuesday and it disabled Vipre 
Enterprise also. The user swears he didn't click on anything and was on 
MSNBCs site. He was about to get a new PC anyway so I'm not bothering to 
clean. Its not the first time that user got one of those fake AVs, or the 
second for that matter.

James



- Original Message - 
From: John Aldrich jaldr...@blueridgecarpet.com
To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
Sent: Wednesday, December 15, 2010 5:21 AM
Subject: Re: System Tool 2011 malware


 On Tue December 14 2010, you wrote:
 Hi John,

 User know where they were surfing when it hit?

 Samples can be submitted here:

 http://www.sunbeltsecurity.com/threat

 If you want assistance with removal check the box that says I need help
 . Someone will be happy to help.

 We're releasing defs something like 13x/day now so shouldn't be too long
 to get updates for that critter.

 Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre
 Home caught it...what's more, it disabled Vipre Home. I'll see if I can 
 get
 access to the zipped sample so I can resubmit.

 Thanks!

 -- 
 Thanks,
 John Aldrich
 Blueridge Industries
 IT Manager

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here: 
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Anyone looking for a new gig for the new year? (Baltimore area)

2010-12-15 Thread Webster 
I think you should send crab cakes to everyone on the list to apologize for
those missed years! :)

p.s. I will take my usual order from the usual place please.


Webster

 -Original Message-
 From: Jim Holmgren [mailto:jholmg...@xlhealth.com]
 Subject: RE: Anyone looking for a new gig for the new year? (Baltimore
area)
 
 Thanks Jim.  I'm looking forward to the challenge.  My new position will
be
 more like my position at my previous gig, so I'm pretty excited for
 the opportunity.   This time I'll try to stay on the Sunbelt lists - I
 missed a couple of years.  :)
 
 Jim
 
 -Original Message-
 From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
 Subject: RE: Anyone looking for a new gig for the new year? (Baltimore
 area)
 
 Congrats Jim.
 
 -Original Message-
 From: Jim Holmgren [mailto:jholmg...@xlhealth.com]
 Subject: OT: Anyone looking for a new gig for the new year? (Baltimore
 area)
 
  (my current position - I just received a promotion)


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: System Tool 2011 malware

2010-12-15 Thread John Aldrich 
Interesting. I'll have to add that to the hosts file and block those two.




-Original Message-
From: VIPCS [mailto:vi...@stny.rr.com] 
Sent: Wednesday, December 15, 2010 9:41 AM
To: NT System Admin Issues
Subject: RE: System Tool 2011 malware

Rad.msn.com (as well as doubleclick) were social engineered last week to
release malware (see
http://www.techeye.net/security/doubleclick-and-msn-serve-up-malware).

(Since we run our own DNS servers at home, Jeffrey added a zone for
rad.msn.com to block any content from that domain.  We previously had a zone
created for doubleclick.)

Sincerely,
 
Jeffrey and Mary Jane Harris
VIPCS
 

-Original Message-
From: James Kerr [mailto:cluster...@gmail.com] 
Sent: Wednesday, December 15, 2010 8:42 AM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

I had a user get that crap on his PC on Tuesday and it disabled Vipre 
Enterprise also. The user swears he didn't click on anything and was on 
MSNBCs site. He was about to get a new PC anyway so I'm not bothering to 
clean. Its not the first time that user got one of those fake AVs, or the 
second for that matter.

James



- Original Message - 
From: John Aldrich jaldr...@blueridgecarpet.com
To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
Sent: Wednesday, December 15, 2010 5:21 AM
Subject: Re: System Tool 2011 malware


 On Tue December 14 2010, you wrote:
 Hi John,

 User know where they were surfing when it hit?

 Samples can be submitted here:

 http://www.sunbeltsecurity.com/threat

 If you want assistance with removal check the box that says I need help
 . Someone will be happy to help.

 We're releasing defs something like 13x/day now so shouldn't be too long
 to get updates for that critter.

 Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre
 Home caught it...what's more, it disabled Vipre Home. I'll see if I can 
 get
 access to the zipped sample so I can resubmit.

 Thanks!

 -- 
 Thanks,
 John Aldrich
 Blueridge Industries
 IT Manager

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here: 
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Anyone looking for a new gig for the new year? (Baltimore area)

2010-12-15 Thread Jim Holmgren 
The salary increase was not NEARLY enough to cover the entire list.

You sir - are welcome to dine with me at the Olive Grove any time.  You
just gotta git yer keester up here.  :)

-Original Message-
From: Webster [mailto:carlwebs...@gmail.com] 
Sent: Wednesday, December 15, 2010 9:46 AM
To: NT System Admin Issues
Subject: RE: Anyone looking for a new gig for the new year? (Baltimore
area)

I think you should send crab cakes to everyone on the list to apologize
for
those missed years! :)

p.s. I will take my usual order from the usual place please.


Webster

 -Original Message-
 From: Jim Holmgren [mailto:jholmg...@xlhealth.com]
 Subject: RE: Anyone looking for a new gig for the new year? (Baltimore
area)
 
 Thanks Jim.  I'm looking forward to the challenge.  My new position
will
be
 more like my position at my previous gig, so I'm pretty excited for
 the opportunity.   This time I'll try to stay on the Sunbelt lists - I
 missed a couple of years.  :)
 
 Jim
 
 -Original Message-
 From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
 Subject: RE: Anyone looking for a new gig for the new year? (Baltimore
 area)
 
 Congrats Jim.
 
 -Original Message-
 From: Jim Holmgren [mailto:jholmg...@xlhealth.com]
 Subject: OT: Anyone looking for a new gig for the new year? (Baltimore
 area)
 
  (my current position - I just received a promotion)


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use 
of the intended recipient(s) and may contain confidential and/or protected 
health information. Under the Federal Law (HIPAA), the intended recipient is 
obligated to keep this information secure and confidential. Any disclosure to 
third parties without authorization from the member of as permitted by law is 
prohibited and punishable under Federal Law. If you are not the intended 
recipient, please contact the sender by reply e-mail and destroy all copies of 
the original message.

NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso 
exclusivo del destinatario(s) y puede contener información confidencial y/o 
información protegida de salud. En virtud de la Ley Federal (HIPAA), el 
destinatario tiene la obligación de mantener esta información segura y 
confidencial. Cualquier divulgación a terceros sin la autorización de los 
miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley 
Federal. Si usted no es el destinatario, por favor, póngase en contacto con el 
remitente por teléfono y destruir todas las copias del mensaje original

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: System Tool 2011 malware

2010-12-15 Thread John Aldrich 
Thanks for the info, guys... I downloaded it and will start using it as part
of my regular troubleshooting/cleaning toolkit. :-)



From: Scott Weber [mailto:swe...@thanksal.com] 
Sent: Wednesday, December 15, 2010 10:24 AM
To: NT System Admin Issues
Subject: RE: System Tool 2011 malware

James,
Recently (this past weekend) found out about secunia PSI and I like it.

+1

Scott


From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Wednesday, December 15, 2010 7:53 AM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

Secunia PSI FTWI've got that down as part of the standard toolset I
put on home users' PCs now. It's also not too hard to use, which is a big
plus for these kind of jobs
On 15 December 2010 13:50, Erik Goldoff egold...@gmail.com wrote:
I wonder the status of patching on his system, not just Microsoft but Adobe
and other applications.  I've seen a bit of these fake av type malware gems
arrive via suspected 'drive by' website visits, possibly from hitting
flash/shockwave vulnerabilities on linked animated advertisements.


Erik Goldoff
IT  Consultant
Systems, Networks,  Security

'  Security is an ongoing process, not a one time event ! '



-Original Message-
From: James Kerr [mailto:cluster...@gmail.com]
Sent: Wednesday, December 15, 2010 8:42 AM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware
I had a user get that crap on his PC on Tuesday and it disabled Vipre
Enterprise also. The user swears he didn't click on anything and was on
MSNBCs site. He was about to get a new PC anyway so I'm not bothering to
clean. Its not the first time that user got one of those fake AVs, or the
second for that matter.

James

- Original Message -
From: John Aldrich jaldr...@blueridgecarpet.com
To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
Sent: Wednesday, December 15, 2010 5:21 AM
Subject: Re: System Tool 2011 malware
 On Tue December 14 2010, you wrote:
 Hi John,

 User know where they were surfing when it hit?

 Samples can be submitted here:

 http://www.sunbeltsecurity.com/threat

 If you want assistance with removal check the box that says I need help
 . Someone will be happy to help.

 We're releasing defs something like 13x/day now so shouldn't be too long
 to get updates for that critter.

 Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre
 Home caught it...what's more, it disabled Vipre Home. I'll see if I can
 get
 access to the zipped sample so I can resubmit.

 Thanks!

 --
 Thanks,
 John Aldrich
 Blueridge Industries
 IT Manager

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



-- 
On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: System Tool 2011 malware

2010-12-15 Thread Kramer, Jack 
Don't forget combofix - taken care of some things that can't be cleaned
otherwise.


Jack Kramer
Computer Systems Specialist
University Relations, Michigan State University
w: 517-884-1231 / c: 248-635-4955




On 12/15/10 10:37 AM, John Aldrich jaldr...@blueridgecarpet.com wrote:

Thanks for the info, guys... I downloaded it and will start using it as
part
of my regular troubleshooting/cleaning toolkit. :-)



From: Scott Weber [mailto:swe...@thanksal.com]
Sent: Wednesday, December 15, 2010 10:24 AM
To: NT System Admin Issues
Subject: RE: System Tool 2011 malware

James,
Recently (this past weekend) found out about secunia PSI and I like it.

+1

Scott


From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Wednesday, December 15, 2010 7:53 AM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

Secunia PSI FTWI've got that down as part of the standard toolset I
put on home users' PCs now. It's also not too hard to use, which is a big
plus for these kind of jobs
On 15 December 2010 13:50, Erik Goldoff egold...@gmail.com wrote:
I wonder the status of patching on his system, not just Microsoft but
Adobe
and other applications.  I've seen a bit of these fake av type malware
gems
arrive via suspected 'drive by' website visits, possibly from hitting
flash/shockwave vulnerabilities on linked animated advertisements.


Erik Goldoff
IT  Consultant
Systems, Networks,  Security

'  Security is an ongoing process, not a one time event ! '



-Original Message-
From: James Kerr [mailto:cluster...@gmail.com]
Sent: Wednesday, December 15, 2010 8:42 AM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware
I had a user get that crap on his PC on Tuesday and it disabled Vipre
Enterprise also. The user swears he didn't click on anything and was on
MSNBCs site. He was about to get a new PC anyway so I'm not bothering to
clean. Its not the first time that user got one of those fake AVs, or the
second for that matter.

James

- Original Message -
From: John Aldrich jaldr...@blueridgecarpet.com
To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
Sent: Wednesday, December 15, 2010 5:21 AM
Subject: Re: System Tool 2011 malware
 On Tue December 14 2010, you wrote:
 Hi John,

 User know where they were surfing when it hit?

 Samples can be submitted here:

 http://www.sunbeltsecurity.com/threat

 If you want assistance with removal check the box that says I need
help
 . Someone will be happy to help.

 We're releasing defs something like 13x/day now so shouldn't be too
long
 to get updates for that critter.

 Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre
 Home caught it...what's more, it disabled Vipre Home. I'll see if I can
 get
 access to the zipped sample so I can resubmit.

 Thanks!

 --
 Thanks,
 John Aldrich
 Blueridge Industries
 IT Manager

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



-- 
On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke
such
a question.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the

RE: 2K8R2 DNS anomaly

2010-12-15 Thread Joseph L. Casale 
Known issue wrt EDNS...
http://support.microsoft.com/kb/832223

From: m b [mailto:midphan12...@gmail.com]
Sent: Wednesday, December 15, 2010 9:15 AM
To: NT System Admin Issues
Subject: 2K8R2 DNS anomaly

Within our forest, all domain controllers are DNS servers.  We've been working 
to upgrade from 2K3 to 2K8.  Most of those that are upgraded are 2K8R2, while a 
few are just 2K8.

I have heard some reports from users that they were unable to access certain 
websites that they were able to access from home.  Today's example is 
www.insead.eduhttp://www.insead.edu/.

When I do an nslookup against any of our 2K8R2 DNS servers, the lookup fails to 
resolve.  If I do that same lookup against any 2K3 or 2K8 DNS server, it is 
successful.

I'm not seeing any common event log errors/warnings among the 2K8R2 DNS 
servers.  My only hunch is root hints.  Anyone experienced something similar?

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

2K8R2 DNS anomaly

2010-12-15 Thread m b 
Within our forest, all domain controllers are DNS servers.  We've been
working to upgrade from 2K3 to 2K8.  Most of those that are upgraded are
2K8R2, while a few are just 2K8.

I have heard some reports from users that they were unable to access certain
websites that they were able to access from home.  Today's example is
www.insead.edu.

When I do an nslookup against any of our 2K8R2 DNS servers, the lookup fails
to resolve.  If I do that same lookup against any 2K3 or 2K8 DNS server, it
is successful.

I'm not seeing any common event log errors/warnings among the 2K8R2 DNS
servers.  My only hunch is root hints.  Anyone experienced something
similar?

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

OT : Holiday funny...

2010-12-15 Thread Maglinger, Paul 
Frosty the snowman,
wasn't too quick on his feet.
It was clearly his loss,
when he tried to cross,
in the middle of the street.

http://www.nbcchicago.com/news/local-beat/champaign-urbana-bus-snowman-111815254.html?dr#ixzz1860nu92H

-Paul

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: 2K8R2 DNS anomaly

2010-12-15 Thread Trees, Ray 
I have in my test environment and it has driven me nuts.  The 
ones I have had issues with off and on are the Microsoft and AMD/ATI websites 
both places I go to often.

From: m b [mailto:midphan12...@gmail.com]
Sent: Wednesday, December 15, 2010 8:15 AM
To: NT System Admin Issues
Subject: 2K8R2 DNS anomaly

Within our forest, all domain controllers are DNS servers.  We've been working 
to upgrade from 2K3 to 2K8.  Most of those that are upgraded are 2K8R2, while a 
few are just 2K8.

I have heard some reports from users that they were unable to access certain 
websites that they were able to access from home.  Today's example is 
www.insead.eduhttp://www.insead.edu/.

When I do an nslookup against any of our 2K8R2 DNS servers, the lookup fails to 
resolve.  If I do that same lookup against any 2K3 or 2K8 DNS server, it is 
successful.

I'm not seeing any common event log errors/warnings among the 2K8R2 DNS 
servers.  My only hunch is root hints.  Anyone experienced something similar?

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
/pre-brKey Technology, Inc. 
Disclaimer Notice - The information and attachment(s) contained in this 
communication are intended for the addressee only, and may be confidential 
and/or legally privileged. If you have received this communication in error, 
please contact the sender immediately, and delete this communication from any 
computer or network system. Any interception, review, printing, copying, 
re-transmission, dissemination, or other use of, or taking of any action upon 
this information by persons or entities other than the intended recipient is 
strictly prohibited by law and may subject them to criminal or civil liability. 
Key Technology, Inc. is not liable for the improper and/or incomplete 
transmission of the information contained in this communication or for any 
delay in its receipt.brpre

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: System Tool 2011 malware

2010-12-15 Thread VIPCS 
Jeffrey had to fix malware on a user's system that infected the keyboard
drivers, and prevent any keyboard from being used.  Combofix was the only
tool that detected and fixed the issue (Jeffrey tried Vipre, Vipre Rescue,
MalwareBytes, and the Microsoft Malicious Software Removal Tool).

That Vipre never even detected the malware concerned Jeffrey more than
anything else, even though Jeffrey knew it was malware because of numerous
reports on the Internet of other users with the same issue.

Sincerely,
 
Jeffrey and Mary Jane Harris
VIPCS
 

-Original Message-
From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu] 
Sent: Wednesday, December 15, 2010 11:07 AM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

Don't forget combofix - taken care of some things that can't be cleaned
otherwise.


Jack Kramer
Computer Systems Specialist
University Relations, Michigan State University
w: 517-884-1231 / c: 248-635-4955




On 12/15/10 10:37 AM, John Aldrich jaldr...@blueridgecarpet.com wrote:

Thanks for the info, guys... I downloaded it and will start using it as
part
of my regular troubleshooting/cleaning toolkit. :-)



From: Scott Weber [mailto:swe...@thanksal.com]
Sent: Wednesday, December 15, 2010 10:24 AM
To: NT System Admin Issues
Subject: RE: System Tool 2011 malware

James,
Recently (this past weekend) found out about secunia PSI and I like it.

+1

Scott


From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Wednesday, December 15, 2010 7:53 AM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

Secunia PSI FTWI've got that down as part of the standard toolset I
put on home users' PCs now. It's also not too hard to use, which is a big
plus for these kind of jobs
On 15 December 2010 13:50, Erik Goldoff egold...@gmail.com wrote:
I wonder the status of patching on his system, not just Microsoft but
Adobe
and other applications.  I've seen a bit of these fake av type malware
gems
arrive via suspected 'drive by' website visits, possibly from hitting
flash/shockwave vulnerabilities on linked animated advertisements.


Erik Goldoff
IT  Consultant
Systems, Networks,  Security

'  Security is an ongoing process, not a one time event ! '



-Original Message-
From: James Kerr [mailto:cluster...@gmail.com]
Sent: Wednesday, December 15, 2010 8:42 AM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware
I had a user get that crap on his PC on Tuesday and it disabled Vipre
Enterprise also. The user swears he didn't click on anything and was on
MSNBCs site. He was about to get a new PC anyway so I'm not bothering to
clean. Its not the first time that user got one of those fake AVs, or the
second for that matter.

James

- Original Message -
From: John Aldrich jaldr...@blueridgecarpet.com
To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
Sent: Wednesday, December 15, 2010 5:21 AM
Subject: Re: System Tool 2011 malware
 On Tue December 14 2010, you wrote:
 Hi John,

 User know where they were surfing when it hit?

 Samples can be submitted here:

 http://www.sunbeltsecurity.com/threat

 If you want assistance with removal check the box that says I need
help
 . Someone will be happy to help.

 We're releasing defs something like 13x/day now so shouldn't be too
long
 to get updates for that critter.

 Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre
 Home caught it...what's more, it disabled Vipre Home. I'll see if I can
 get
 access to the zipped sample so I can resubmit.

 Thanks!

 --
 Thanks,
 John Aldrich
 Blueridge Industries
 IT Manager

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



-- 
On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke
such
a question.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:

RE: Vista Printing and GPP

2010-12-15 Thread Joseph L. Casale 
James,
I have tried (based on Google/technet forum searches)  enabling it in user and 
computer sections (I understand Win7 moved PP from user to Computer) and 
disabling it altogether.

Disabling it finally worked, so long as you Created and did not Replace it, 
so much for housekeeping...

Fsck, I hate Vista:( I used XP until 7 came out and just skipped it altogether 
for my own wkst's.

Thanks bud,
jlc

From: James Hill [mailto:james.h...@superamart.com.au]
Sent: Tuesday, December 14, 2010 9:02 PM
To: NT System Admin Issues
Subject: RE: Vista Printing and GPP

Ok, next question, what are the GPP settings for your test case?

From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Wednesday, 15 December 2010 1:56 PM
To: NT System Admin Issues
Subject: RE: Vista Printing and GPP

Same user, and no prompts.
Thanks!
jlc

From: James Hill [mailto:james.h...@superamart.com.au]
Sent: Tuesday, December 14, 2010 6:41 PM
To: NT System Admin Issues
Subject: RE: Vista Printing and GPP

When you are browsing to the server are you using the same user account that 
fails with GPP?

Also when browsing to the server do you receive any elevation prompts?

From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Wednesday, 15 December 2010 8:47 AM
To: NT System Admin Issues
Subject: RE: Vista Printing and GPP

So this gets sillier, a fresh vista machine w/o the driver installed can browse 
to the server and double click the printer and it installs fine.
Using GPP's, it wont, it hangs the login?

Any ideas?

Thanks,
jlc

From: James Hill [mailto:james.h...@superamart.com.au]
Sent: Monday, December 13, 2010 3:15 PM
To: NT System Admin Issues
Subject: RE: Vista Printing and GPP

Never heard of that requirement(on the server).

So once the driver is installed it works ok?  If so then you could certainly 
use a script as you mentioned.  Or possibly even add them to your SOE/MOE at 
the start.

From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Tuesday, 14 December 2010 8:13 AM
To: NT System Admin Issues
Subject: RE: Vista Printing and GPP

Bug w/ Vista, spent a few weeks w/ PSS and they agreed, group policies are in 
order, it's just lousy Vista.

Oddly enough, one pss agent said the Point and Print Restrictions policy needs 
to be applied on the print server itself? Was such a long a tiring case.

From: James Hill [mailto:james.h...@superamart.com.au]
Sent: Monday, December 13, 2010 3:02 PM
To: NT System Admin Issues
Subject: RE: Vista Printing and GPP

If it works for Win 7 it should work for Vista.

Are the Win7  Vista machines getting the same Group Policies applied, in 
particular the Point and Print Restrictions policy?

From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Tuesday, 14 December 2010 5:06 AM
To: NT System Admin Issues
Subject: Vista Printing and GPP

Speaking of printing, I have a mix of XP/Vista/Win7 clients and use GPP's to 
setup printers for them.
The XP and Win7 machines work well with the non-packaged drivers, but Vista 
does all kinds of things from plain not installing some to hanging at login for 
others.

I was thinking about creating a startup script with a `rundll32 
printui.dll,PrintUIEntry /ia` command to get the driver installed, seem like 
the best approach?

This is for the PCL6 drivers for a Ricoh MP 6001 and 2060 SP.

Thanks!
jlc

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:

RE: 2K8R2 DNS anomaly

2010-12-15 Thread VIPCS 
Jeffrey just tried an nslookup query (results below) on two WS2K8 servers
(one is R2) on two different networks and both resolved (both are DCs with
DNS installed):

 

Non-authoritative answer:

Name:www.insead.edu

Address:  213.182.38.52

 

Is it possible an upstream DNS forwarder is blocking access?

 

Sincerely,

 

Jeffrey and Mary Jane Harris

VIPCS

 

  _  

From: m b [mailto:midphan12...@gmail.com] 
Sent: Wednesday, December 15, 2010 11:15 AM
To: NT System Admin Issues
Subject: 2K8R2 DNS anomaly

 

Within our forest, all domain controllers are DNS servers.  We've been
working to upgrade from 2K3 to 2K8.  Most of those that are upgraded are
2K8R2, while a few are just 2K8.

 

I have heard some reports from users that they were unable to access certain
websites that they were able to access from home.  Today's example is
www.insead.edu http://www.insead.edu/ .

 

When I do an nslookup against any of our 2K8R2 DNS servers, the lookup fails
to resolve.  If I do that same lookup against any 2K3 or 2K8 DNS server, it
is successful.

 

I'm not seeing any common event log errors/warnings among the 2K8R2 DNS
servers.  My only hunch is root hints.  Anyone experienced something
similar?

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT : Holiday funny...

2010-12-15 Thread RichardMcClary 
Need another verse about the driver - he was dismissed almost immediately:

1. He crossed into the on-coming traffic lane
2. He could not see if anything or anybody was behind the snow man
3. He had no way to determine if there were rocks, posts, etc within the 
snow man

Not such a happy holiday for him!

Maglinger, Paul pmaglin...@scvl.com wrote on 12/15/2010 10:48:43 AM:

 Frosty the snowman,
 wasn't too quick on his feet.
 It was clearly his loss,
 when he tried to cross,
 in the middle of the street.
 
 http://www.nbcchicago.com/news/local-beat/champaign-urbana-bus-
 snowman-111815254.html?dr#ixzz1860nu92H
 
 -Paul
 
 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
 ---
 To manage subscriptions click here: http://lyris.sunbelt-software.
 com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin
 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: 2K8R2 DNS anomaly

2010-12-15 Thread Trees, Ray 
I think the jest of the KB article is that it is caused by your 
firewall, I know that I am running a Cisco ASA and there are DNS filters by 
default.  I'm going to check those out now.

From: VIPCS [mailto:vi...@stny.rr.com]
Sent: Wednesday, December 15, 2010 8:23 AM
To: NT System Admin Issues
Subject: RE: 2K8R2 DNS anomaly

Jeffrey just tried an nslookup query (results below) on two WS2K8 servers (one 
is R2) on two different networks and both resolved (both are DCs with DNS 
installed):

Non-authoritative answer:
Name:www.insead.eduhttp://www.insead.edu
Address:  213.182.38.52

Is it possible an upstream DNS forwarder is blocking access?


Sincerely,



Jeffrey and Mary Jane Harris

VIPCS


From: m b [mailto:midphan12...@gmail.com]
Sent: Wednesday, December 15, 2010 11:15 AM
To: NT System Admin Issues
Subject: 2K8R2 DNS anomaly

Within our forest, all domain controllers are DNS servers.  We've been working 
to upgrade from 2K3 to 2K8.  Most of those that are upgraded are 2K8R2, while a 
few are just 2K8.

I have heard some reports from users that they were unable to access certain 
websites that they were able to access from home.  Today's example is 
www.insead.eduhttp://www.insead.edu/.

When I do an nslookup against any of our 2K8R2 DNS servers, the lookup fails to 
resolve.  If I do that same lookup against any 2K3 or 2K8 DNS server, it is 
successful.

I'm not seeing any common event log errors/warnings among the 2K8R2 DNS 
servers.  My only hunch is root hints.  Anyone experienced something similar?

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
/pre-brKey Technology, Inc. 
Disclaimer Notice - The information and attachment(s) contained in this 
communication are intended for the addressee only, and may be confidential 
and/or legally privileged. If you have received this communication in error, 
please contact the sender immediately, and delete this communication from any 
computer or network system. Any interception, review, printing, copying, 
re-transmission, dissemination, or other use of, or taking of any action upon 
this information by persons or entities other than the intended recipient is 
strictly prohibited by law and may subject them to criminal or civil liability. 
Key Technology, Inc. is not liable for the improper and/or incomplete 
transmission of the information contained in this communication or for any 
delay in its receipt.brpre

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: 2K8R2 DNS anomaly

2010-12-15 Thread m b 
This becomes more interesting.  ORCA has set up a reply-size test server (
https://www.dns-oarc.net/oarc/services/replysizetest).  The results look
backwards to me, but follow the pattern of success/failure.  An indication
that this does have to do with UDP packet size.

I'm hesitant to start applying the workaround  turning off EDNS
capability.  Contacting firewall team for their input.


C:\Documents and Settings\menslookup -type=txt rs.dns-oarc.net. (our 2K8
server)
Server:  (our 2K8 server)
Address:  (our 2K8 server)
DNS request timed out.
timeout was 2 seconds.
*** Request to (our 2K8 server) timed-out

C:\Documents and Settings\menslookup -type=txt rs.dns-oarc.net. (our 2k3
server)
Server:  (our 2k3 server)
Address:  (our 2k3 server)
DNS request timed out.
timeout was 2 seconds.
*** Request to (our 2k3 server) timed-out

C:\Documents and Settings\menslookup -type=txt rs.dns-oarc.net. (our 2k8r2
server)
Server:  (our 2k8r2 server)
Address:  (our 2k8r2 server)
Non-authoritative answer:
rs.dns-oarc.net canonical name = rst.x3827.rs.dns-oarc.net
rst.x3827.rs.dns-oarc.net   canonical name =
rst.x3837.x3827.rs.dns-oarc.net
rst.x3837.x3827.rs.dns-oarc.net canonical name =
rst.x3843.x3837.x3827.rs.dns-oa
rc.net
rst.x3843.x3837.x3827.rs.dns-oarc.net   text =
(our 2k8r2 server) DNS reply size limit is at least 3843
rst.x3843.x3837.x3827.rs.dns-oarc.net   text =
(our 2k8r2 server) sent EDNS buffer size 4000
rst.x3843.x3837.x3827.rs.dns-oarc.net   text =
Tested at 2010-12-15 16:55:15 UTC



On Wed, Dec 15, 2010 at 10:23 AM, VIPCS vi...@stny.rr.com wrote:

  Jeffrey just tried an nslookup query (results below) on two WS2K8 servers
 (one is R2) on two different networks and both resolved (both are DCs with
 DNS installed):



 Non-authoritative answer:

 Name:www.insead.edu

 Address:  213.182.38.52



 Is it possible an upstream DNS forwarder is blocking access?



 Sincerely,



 Jeffrey and Mary Jane Harris

 VIPCS


  --

 *From:* m b [mailto:midphan12...@gmail.com]
 *Sent:* Wednesday, December 15, 2010 11:15 AM

 *To:* NT System Admin Issues
 *Subject:* 2K8R2 DNS anomaly



 Within our forest, all domain controllers are DNS servers.  We've been
 working to upgrade from 2K3 to 2K8.  Most of those that are upgraded are
 2K8R2, while a few are just 2K8.



 I have heard some reports from users that they were unable to access
 certain websites that they were able to access from home.  Today's example
 is www.insead.edu.



 When I do an nslookup against any of our 2K8R2 DNS servers, the lookup
 fails to resolve.  If I do that same lookup against any 2K3 or 2K8 DNS
 server, it is successful.



 I'm not seeing any common event log errors/warnings among the 2K8R2 DNS
 servers.  My only hunch is root hints.  Anyone experienced something
 similar?

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: OT : Holiday funny...

2010-12-15 Thread Maglinger, Paul 
The bus driver was manic,
while he rolled over Frosty's neck.
Now he's quite benign,
while he's standing in line,
waiting for his unemployment check.


From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org]
Sent: Wednesday, December 15, 2010 11:03 AM
To: NT System Admin Issues
Subject: Re: OT : Holiday funny...


Need another verse about the driver - he was dismissed almost immediately:

1. He crossed into the on-coming traffic lane
2. He could not see if anything or anybody was behind the snow man
3. He had no way to determine if there were rocks, posts, etc within the snow 
man

Not such a happy holiday for him!

Maglinger, Paul pmaglin...@scvl.com wrote on 12/15/2010 10:48:43 AM:

 Frosty the snowman,
 wasn't too quick on his feet.
 It was clearly his loss,
 when he tried to cross,
 in the middle of the street.

 http://www.nbcchicago.com/news/local-beat/champaign-urbana-bus-
 snowman-111815254.html?dr#ixzz1860nu92H

 -Paul

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here: http://lyris.sunbelt-software.
 com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: OT : Holiday funny...

2010-12-15 Thread Kim Longenbaugh 
The bus driver, while running his route,

Decided to take Frosty out

But he found to his shame

That it wasn't a game,

And now a job he's without.

 

While driving his bus down the road

He decided to be quite a toad

His murder of Frosty

To his job was quite costly

The street will be his new abode.

 

From: Maglinger, Paul [mailto:pmaglin...@scvl.com] 
Sent: Wednesday, December 15, 2010 11:17 AM
To: NT System Admin Issues
Subject: RE: OT : Holiday funny...

 

The bus driver was manic,

while he rolled over Frosty's neck.

Now he's quite benign,

while he's standing in line,

waiting for his unemployment check.

 

 

From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] 
Sent: Wednesday, December 15, 2010 11:03 AM
To: NT System Admin Issues
Subject: Re: OT : Holiday funny...

 


Need another verse about the driver - he was dismissed almost
immediately: 

1. He crossed into the on-coming traffic lane 
2. He could not see if anything or anybody was behind the snow man 
3. He had no way to determine if there were rocks, posts, etc within the
snow man 

Not such a happy holiday for him! 

Maglinger, Paul pmaglin...@scvl.com wrote on 12/15/2010 10:48:43 AM:

 Frosty the snowman,
 wasn't too quick on his feet.
 It was clearly his loss,
 when he tried to cross,
 in the middle of the street.
 
 http://www.nbcchicago.com/news/local-beat/champaign-urbana-bus-
 snowman-111815254.html?dr#ixzz1860nu92H
 
 -Paul
 
 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
 ---
 To manage subscriptions click here: http://lyris.sunbelt-software.
 com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin
 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: System Tool 2011 malware

2010-12-15 Thread Roger Wright 
Perhaps the user is correct:
http://www.securitynewsdaily.com/google-microsoft-ads-spreading-malware-0351/



Roger Wright
___

Never make hard what you can make easy. - Fred W. Frailey




On Wed, Dec 15, 2010 at 8:41 AM, James Kerr cluster...@gmail.com wrote:

 I had a user get that crap on his PC on Tuesday and it disabled Vipre
 Enterprise also. The user swears he didn't click on anything and was on
 MSNBCs site. He was about to get a new PC anyway so I'm not bothering to
 clean. Its not the first time that user got one of those fake AVs, or the
 second for that matter.

 James




 - Original Message - From: John Aldrich 
 jaldr...@blueridgecarpet.com
 To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
 Sent: Wednesday, December 15, 2010 5:21 AM
 Subject: Re: System Tool 2011 malware


  On Tue December 14 2010, you wrote:

 Hi John,

 User know where they were surfing when it hit?

 Samples can be submitted here:

 http://www.sunbeltsecurity.com/threat

 If you want assistance with removal check the box that says I need help
 . Someone will be happy to help.

 We're releasing defs something like 13x/day now so shouldn't be too long
 to get updates for that critter.

  Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre
 Home caught it...what's more, it disabled Vipre Home. I'll see if I can
 get
 access to the zipped sample so I can resubmit.

 Thanks!

 --
 Thanks,
 John Aldrich
 Blueridge Industries
 IT Manager

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin



 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: 2K8R2 DNS anomaly

2010-12-15 Thread Kennedy, Jim 
Your results do indicate the EDNS issue. It is universal...it kills all 2008 
servers that I have seen using DNS. As for the 2K3 server, who is it's 
forwarder? I will bet it's a 2K8 server.

From: m b [mailto:midphan12...@gmail.com]
Sent: Wednesday, December 15, 2010 12:13 PM
To: NT System Admin Issues
Subject: Re: 2K8R2 DNS anomaly

This becomes more interesting.  ORCA has set up a reply-size test server 
(https://www.dns-oarc.net/oarc/services/replysizetest).  The results look 
backwards to me, but follow the pattern of success/failure.  An indication that 
this does have to do with UDP packet size.

I'm hesitant to start applying the workaround  turning off EDNS capability.  
Contacting firewall team for their input.


C:\Documents and Settings\menslookup -type=txt 
rs.dns-oarc.nethttp://rs.dns-oarc.net. (our 2K8 server)
Server:  (our 2K8 server)
Address:  (our 2K8 server)
DNS request timed out.
timeout was 2 seconds.
*** Request to (our 2K8 server) timed-out

C:\Documents and Settings\menslookup -type=txt 
rs.dns-oarc.nethttp://rs.dns-oarc.net. (our 2k3 server)
Server:  (our 2k3 server)
Address:  (our 2k3 server)
DNS request timed out.
timeout was 2 seconds.
*** Request to (our 2k3 server) timed-out

C:\Documents and Settings\menslookup -type=txt 
rs.dns-oarc.nethttp://rs.dns-oarc.net. (our 2k8r2 server)
Server:  (our 2k8r2 server)
Address:  (our 2k8r2 server)
Non-authoritative answer:
rs.dns-oarc.nethttp://rs.dns-oarc.net canonical name = 
rst.x3827.rs.dns-oarc.nethttp://rst.x3827.rs.dns-oarc.net
rst.x3827.rs.dns-oarc.nethttp://rst.x3827.rs.dns-oarc.net   canonical 
name = rst.x3837.x3827.rs.dns-oarc.nethttp://rst.x3837.x3827.rs.dns-oarc.net
rst.x3837.x3827.rs.dns-oarc.nethttp://rst.x3837.x3827.rs.dns-oarc.net 
canonical name = rst.x3843.x3837.x3827.rs.dns-oa
rc.nethttp://rc.net
rst.x3843.x3837.x3827.rs.dns-oarc.nethttp://rst.x3843.x3837.x3827.rs.dns-oarc.net
   text =
(our 2k8r2 server) DNS reply size limit is at least 3843
rst.x3843.x3837.x3827.rs.dns-oarc.nethttp://rst.x3843.x3837.x3827.rs.dns-oarc.net
   text =
(our 2k8r2 server) sent EDNS buffer size 4000
rst.x3843.x3837.x3827.rs.dns-oarc.nethttp://rst.x3843.x3837.x3827.rs.dns-oarc.net
   text =
Tested at 2010-12-15 16:55:15 UTC



On Wed, Dec 15, 2010 at 10:23 AM, VIPCS 
vi...@stny.rr.commailto:vi...@stny.rr.com wrote:
Jeffrey just tried an nslookup query (results below) on two WS2K8 servers (one 
is R2) on two different networks and both resolved (both are DCs with DNS 
installed):

Non-authoritative answer:
Name:www.insead.eduhttp://www.insead.edu/
Address:  213.182.38.52

Is it possible an upstream DNS forwarder is blocking access?


Sincerely,



Jeffrey and Mary Jane Harris

VIPCS


From: m b [mailto:midphan12...@gmail.commailto:midphan12...@gmail.com]
Sent: Wednesday, December 15, 2010 11:15 AM

To: NT System Admin Issues
Subject: 2K8R2 DNS anomaly

Within our forest, all domain controllers are DNS servers.  We've been working 
to upgrade from 2K3 to 2K8.  Most of those that are upgraded are 2K8R2, while a 
few are just 2K8.

I have heard some reports from users that they were unable to access certain 
websites that they were able to access from home.  Today's example is 
www.insead.eduhttp://www.insead.edu/.

When I do an nslookup against any of our 2K8R2 DNS servers, the lookup fails to 
resolve.  If I do that same lookup against any 2K3 or 2K8 DNS server, it is 
successful.

I'm not seeing any common event log errors/warnings among the 2K8R2 DNS 
servers.  My only hunch is root hints.  Anyone experienced something similar?

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to

Re: OT : Holiday funny...

2010-12-15 Thread Sean Martin 
Bravo!

- Sean

On Wed, Dec 15, 2010 at 8:23 AM, Kim Longenbaugh
k...@colonialsavings.comwrote:

  The bus driver, while running his route,

 Decided to take Frosty out

 But he found to his shame

 That it wasn’t a game,

 And now a job he’s without.



 While driving his bus down the road

 He decided to be quite a toad

 His murder of Frosty

 To his job was quite costly

 The street will be his new abode.



 *From:* Maglinger, Paul [mailto:pmaglin...@scvl.com]
 *Sent:* Wednesday, December 15, 2010 11:17 AM

 *To:* NT System Admin Issues
 *Subject:* RE: OT : Holiday funny...



 The bus driver was manic,

 while he rolled over Frosty’s neck.

 Now he’s quite benign,

 while he’s standing in line,

 waiting for his unemployment check.





 *From:* richardmccl...@aspca.org [mailto:richardmccl...@aspca.org]
 *Sent:* Wednesday, December 15, 2010 11:03 AM
 *To:* NT System Admin Issues
 *Subject:* Re: OT : Holiday funny...




 Need another verse about the driver - he was dismissed almost immediately:

 1. He crossed into the on-coming traffic lane
 2. He could not see if anything or anybody was behind the snow man
 3. He had no way to determine if there were rocks, posts, etc within the
 snow man

 Not such a happy holiday for him!

 Maglinger, Paul pmaglin...@scvl.com wrote on 12/15/2010 10:48:43 AM:

  Frosty the snowman,
  wasn't too quick on his feet.
  It was clearly his loss,
  when he tried to cross,
  in the middle of the street.
 
  http://www.nbcchicago.com/news/local-beat/champaign-urbana-bus-
  snowman-111815254.html?dr#ixzz1860nu92H
 
  -Paul
 
  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
  ---
  To manage subscriptions click here: http://lyris.sunbelt-software.
  com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin
 

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: System Tool 2011 malware

2010-12-15 Thread Sean Martin 
I'm quite sure this is a husband and wife sharing the same account, but I
can't help but imagine Jeffrey talking in the third person. :)

Happy Holidays!

- Sean

On Wed, Dec 15, 2010 at 7:51 AM, VIPCS vi...@stny.rr.com wrote:

 Jeffrey had to fix malware on a user's system that infected the keyboard
 drivers, and prevent any keyboard from being used.  Combofix was the only
 tool that detected and fixed the issue (Jeffrey tried Vipre, Vipre Rescue,
 MalwareBytes, and the Microsoft Malicious Software Removal Tool).

 That Vipre never even detected the malware concerned Jeffrey more than
 anything else, even though Jeffrey knew it was malware because of numerous
 reports on the Internet of other users with the same issue.

 Sincerely,

 Jeffrey and Mary Jane Harris
 VIPCS


 -Original Message-
  From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu]
 Sent: Wednesday, December 15, 2010 11:07 AM
 To: NT System Admin Issues
 Subject: Re: System Tool 2011 malware

 Don't forget combofix - taken care of some things that can't be cleaned
 otherwise.

 
 Jack Kramer
 Computer Systems Specialist
 University Relations, Michigan State University
 w: 517-884-1231 / c: 248-635-4955




 On 12/15/10 10:37 AM, John Aldrich jaldr...@blueridgecarpet.com wrote:

 Thanks for the info, guys... I downloaded it and will start using it as
 part
 of my regular troubleshooting/cleaning toolkit. :-)
 
 
 
 From: Scott Weber [mailto:swe...@thanksal.com]
 Sent: Wednesday, December 15, 2010 10:24 AM
 To: NT System Admin Issues
 Subject: RE: System Tool 2011 malware
 
 James,
 Recently (this past weekend) found out about secunia PSI and I like it.
 
 +1
 
 Scott
 
 
 From: James Rankin [mailto:kz2...@googlemail.com]
 Sent: Wednesday, December 15, 2010 7:53 AM
 To: NT System Admin Issues
 Subject: Re: System Tool 2011 malware
 
 Secunia PSI FTWI've got that down as part of the standard toolset I
 put on home users' PCs now. It's also not too hard to use, which is a big
 plus for these kind of jobs
 On 15 December 2010 13:50, Erik Goldoff egold...@gmail.com wrote:
 I wonder the status of patching on his system, not just Microsoft but
 Adobe
 and other applications.  I've seen a bit of these fake av type malware
 gems
 arrive via suspected 'drive by' website visits, possibly from hitting
 flash/shockwave vulnerabilities on linked animated advertisements.
 
 
 Erik Goldoff
 IT  Consultant
 Systems, Networks,  Security
 
 '  Security is an ongoing process, not a one time event ! '
 
 
 
 -Original Message-
 From: James Kerr [mailto:cluster...@gmail.com]
 Sent: Wednesday, December 15, 2010 8:42 AM
 To: NT System Admin Issues
 Subject: Re: System Tool 2011 malware
 I had a user get that crap on his PC on Tuesday and it disabled Vipre
 Enterprise also. The user swears he didn't click on anything and was on
 MSNBCs site. He was about to get a new PC anyway so I'm not bothering to
 clean. Its not the first time that user got one of those fake AVs, or the
 second for that matter.
 
 James
 
 - Original Message -
 From: John Aldrich jaldr...@blueridgecarpet.com
 To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
 Sent: Wednesday, December 15, 2010 5:21 AM
 Subject: Re: System Tool 2011 malware
  On Tue December 14 2010, you wrote:
  Hi John,
 
  User know where they were surfing when it hit?
 
  Samples can be submitted here:
 
  http://www.sunbeltsecurity.com/threat
 
  If you want assistance with removal check the box that says I need
 help
  . Someone will be happy to help.
 
  We're releasing defs something like 13x/day now so shouldn't be too
 long
  to get updates for that critter.
 
  Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre
  Home caught it...what's more, it disabled Vipre Home. I'll see if I can
  get
  access to the zipped sample so I can resubmit.
 
  Thanks!
 
  --
  Thanks,
  John Aldrich
  Blueridge Industries
  IT Manager
 
  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
  ---
  To manage subscriptions click here:
  http://lyris.sunbelt-software.com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin
 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin
 
 
 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin
 
 
 
 --
 On two occasions...I have been asked, 'Pray, Mr Babbage,

Re: System Tool 2011 malware

2010-12-15 Thread James Kerr 
Could be, we are slacking on the Adobe patching front.
  - Original Message - 
  From: Roger Wright 
  To: NT System Admin Issues 
  Sent: Wednesday, December 15, 2010 1:04 PM
  Subject: Re: System Tool 2011 malware


  Perhaps the user is correct:
  http://www.securitynewsdaily.com/google-microsoft-ads-spreading-malware-0351/



  Roger Wright
  ___


  Never make hard what you can make easy. - Fred W. Frailey





  On Wed, Dec 15, 2010 at 8:41 AM, James Kerr cluster...@gmail.com wrote:

I had a user get that crap on his PC on Tuesday and it disabled Vipre 
Enterprise also. The user swears he didn't click on anything and was on MSNBCs 
site. He was about to get a new PC anyway so I'm not bothering to clean. Its 
not the first time that user got one of those fake AVs, or the second for that 
matter.

James




- Original Message - From: John Aldrich 
jaldr...@blueridgecarpet.com
To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com

Sent: Wednesday, December 15, 2010 5:21 AM
Subject: Re: System Tool 2011 malware



  On Tue December 14 2010, you wrote:

Hi John,

User know where they were surfing when it hit?

Samples can be submitted here:

http://www.sunbeltsecurity.com/threat

If you want assistance with removal check the box that says I need help
. Someone will be happy to help.

We're releasing defs something like 13x/day now so shouldn't be too long
to get updates for that critter.


  Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre
  Home caught it...what's more, it disabled Vipre Home. I'll see if I can 
get
  access to the zipped sample so I can resubmit.

  Thanks!

  -- 

  Thanks,
  John Aldrich
  Blueridge Industries
  IT Manager

  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

  ---
  To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

  ---
  To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: System Tool 2011 malware

2010-12-15 Thread Micheal Espinola Jr 
SAFE MODE, SAFE MODE, SAFE MODE...

Forget SBSD, it sucks these days.  Malwarebytes, ESET, and Kasperky.  Use
those.  You'll get *everything*.

Use Live CD's if at all possible.  But, if you do, be aware of NTFS perms.

--
ME2





On Tue, Dec 14, 2010 at 7:47 PM, Steve Ens stevey...@gmail.com wrote:

 Hey John
 Are you asking how to fix it, or why Vipre didn't catch it?  If you're
 trying to fix it, then logon as the administrator (or something other
 than what the infected profile) and then run the tools...full scans.
 Steve


 On Tuesday, December 14, 2010, John Aldrich
 jaldr...@blueridgecarpet.com wrote:
  I had a home user who called me to come work on his computer because it
  kept coming up with the system tool 2011 malware (very similar to the
  fake antivirus malware.)
  The system is Windows XP Media Edition, and had Vipre Home installed. I
 ran
  Vipre Rescue yesterday and it supposedly cleaned some of it up, but as
 soon
  as the user rebooted into normal mode, it was back. Today, I went back
 and
  ran MalwareBytes and SpyBot SD.  Neither apparently caught it, but
 looking
  at the startup entries in SpyBot, I saw a random jumble of letters under
 c:
  \documents and settings\all users\application data\ which, when I entered
  the directory in Windows Explorer, showed the icon for the System Tool
 2011
  malware.
  Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I
  tried to submit a zip of it to the CW Sandbox, but got a response that it
  couldn't be analyzed...
  --
  Thanks,
  John Aldrich
  Blueridge Industries
  IT Manager
 
  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
  ---
  To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin
 

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: 2K8R2 DNS anomaly

2010-12-15 Thread m b 
I did confirm that running this command:

dnscmd /config /enableednsprobes 0

resolves the problem, and that running this command:

dnscmd /config /enableednsprobes 1

reintroduces the problem.  Amounts to a temporary fix until we address the
root cause.  I don't know if we want to leave EDNS functionality disabled
forever.



On Wed, Dec 15, 2010 at 11:09 AM, Trees, Ray rtr...@key.net wrote:

  I think the jest of the KB article is that it is caused
 by your firewall, I know that I am running a Cisco ASA and there are DNS
 filters by default.  I’m going to check those out now.



 *From:* VIPCS [mailto:vi...@stny.rr.com]
 *Sent:* Wednesday, December 15, 2010 8:23 AM

 *To:* NT System Admin Issues
 *Subject:* RE: 2K8R2 DNS anomaly



 Jeffrey just tried an nslookup query (results below) on two WS2K8 servers
 (one is R2) on two different networks and both resolved (both are DCs with
 DNS installed):



 Non-authoritative answer:

 Name:www.insead.edu

 Address:  213.182.38.52



 Is it possible an upstream DNS forwarder is blocking access?



 Sincerely,



 Jeffrey and Mary Jane Harris

 VIPCS


  --

 *From:* m b [mailto:midphan12...@gmail.com]
 *Sent:* Wednesday, December 15, 2010 11:15 AM
 *To:* NT System Admin Issues
 *Subject:* 2K8R2 DNS anomaly



 Within our forest, all domain controllers are DNS servers.  We've been
 working to upgrade from 2K3 to 2K8.  Most of those that are upgraded are
 2K8R2, while a few are just 2K8.



 I have heard some reports from users that they were unable to access
 certain websites that they were able to access from home.  Today's example
 is www.insead.edu.



 When I do an nslookup against any of our 2K8R2 DNS servers, the lookup
 fails to resolve.  If I do that same lookup against any 2K3 or 2K8 DNS
 server, it is successful.



 I'm not seeing any common event log errors/warnings among the 2K8R2 DNS
 servers.  My only hunch is root hints.  Anyone experienced something
 similar?

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

 -

 Key Technology, Inc. Disclaimer Notice - The information and attachment(s)
 contained in this communication are intended for the addressee only, and may
 be confidential and/or legally privileged. If you have received this
 communication in error, please contact the sender immediately, and delete
 this communication from any computer or network system. Any interception,
 review, printing, copying, re-transmission, dissemination, or other use of,
 or taking of any action upon this information by persons or entities other
 than the intended recipient is strictly prohibited by law and may subject
 them to criminal or civil liability. Key Technology, Inc. is not liable for
 the improper and/or incomplete transmission of the information contained in
 this communication or for any delay in its receipt.

  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: 2K8R2 DNS anomaly

2010-12-15 Thread m b 
In my experience, I only witnessed  reproduced the issue versus Windows
2008 R2 servers.  And they will resolve 99.999% of all queries, just a
select few that present a problem.  So far, none of the problem domain
queries have been business-related.



On Wed, Dec 15, 2010 at 12:12 PM, Kennedy, Jim kennedy...@elyriaschools.org
 wrote:

  Your results do indicate the EDNS issue. It is universal…it kills all
 2008 servers that I have seen using DNS. As for the 2K3 server, who is it’s
 forwarder? I will bet it’s a 2K8 server.



 *From:* m b [mailto:midphan12...@gmail.com]
 *Sent:* Wednesday, December 15, 2010 12:13 PM

 *To:* NT System Admin Issues
 *Subject:* Re: 2K8R2 DNS anomaly



 This becomes more interesting.  ORCA has set up a reply-size test server (
 https://www.dns-oarc.net/oarc/services/replysizetest).  The results look
 backwards to me, but follow the pattern of success/failure.  An indication
 that this does have to do with UDP packet size.



 I'm hesitant to start applying the workaround  turning off EDNS
 capability.  Contacting firewall team for their input.





 C:\Documents and Settings\menslookup -type=txt rs.dns-oarc.net. (our 2K8
 server)

 Server:  (our 2K8 server)

 Address:  (our 2K8 server)

 DNS request timed out.
 timeout was 2 seconds.
 *** Request to (our 2K8 server) timed-out



 C:\Documents and Settings\menslookup -type=txt rs.dns-oarc.net. (our 2k3
 server)

 Server:  (our 2k3 server)

 Address:  (our 2k3 server)

 DNS request timed out.
 timeout was 2 seconds.
 *** Request to (our 2k3 server) timed-out



 C:\Documents and Settings\menslookup -type=txt rs.dns-oarc.net. (our
 2k8r2 server)

 Server:  (our 2k8r2 server)

 Address:  (our 2k8r2 server)

 Non-authoritative answer:
 rs.dns-oarc.net canonical name = rst.x3827.rs.dns-oarc.net
 rst.x3827.rs.dns-oarc.net   canonical name =
 rst.x3837.x3827.rs.dns-oarc.net

 rst.x3837.x3827.rs.dns-oarc.net canonical name =
 rst.x3843.x3837.x3827.rs.dns-oa
 rc.net
 rst.x3843.x3837.x3827.rs.dns-oarc.net   text =

 (our 2k8r2 server) DNS reply size limit is at least 3843
 rst.x3843.x3837.x3827.rs.dns-oarc.net   text =

 (our 2k8r2 server) sent EDNS buffer size 4000
 rst.x3843.x3837.x3827.rs.dns-oarc.net   text =

 Tested at 2010-12-15 16:55:15 UTC






 On Wed, Dec 15, 2010 at 10:23 AM, VIPCS vi...@stny.rr.com wrote:

 Jeffrey just tried an nslookup query (results below) on two WS2K8 servers
 (one is R2) on two different networks and both resolved (both are DCs with
 DNS installed):



 Non-authoritative answer:

 Name:www.insead.edu

 Address:  213.182.38.52



 Is it possible an upstream DNS forwarder is blocking access?



 Sincerely,



 Jeffrey and Mary Jane Harris

 VIPCS


  --

 *From:* m b [mailto:midphan12...@gmail.com]
 *Sent:* Wednesday, December 15, 2010 11:15 AM


 *To:* NT System Admin Issues
 *Subject:* 2K8R2 DNS anomaly



 Within our forest, all domain controllers are DNS servers.  We've been
 working to upgrade from 2K3 to 2K8.  Most of those that are upgraded are
 2K8R2, while a few are just 2K8.



 I have heard some reports from users that they were unable to access
 certain websites that they were able to access from home.  Today's example
 is www.insead.edu.



 When I do an nslookup against any of our 2K8R2 DNS servers, the lookup
 fails to resolve.  If I do that same lookup against any 2K3 or 2K8 DNS
 server, it is successful.



 I'm not seeing any common event log errors/warnings among the 2K8R2 DNS
 servers.  My only hunch is root hints.  Anyone experienced something
 similar?

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin



 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~

RE: 2K8R2 DNS anomaly

2010-12-15 Thread Michael B. Smith 
EDNS support was released in Server 2003, I think it was SP1. At that time, 
Yahoo, AOL, and just a couple of others would return lists of IP addresses that 
wouldn't fit in a standard 512 byte DNS response packet.

At THAT TIME, _most_ firewalls would prevent a UDP response packet of greater 
than 512 bytes being used. This was especially true of Cisco firewalls (PIX at 
the time) and various SOHO / SMB firewalls.  With Cisco, it was an easy fix 
(protocol fixup dns 2048 - or some such).

For responses greater than 512 bytes, you had to switch to TCP. Lots of folks 
didn't have TCP 53 open to DNS. So... DNS responses would time out.

Today, geographically based responses are common (i.e., you query addresses for 
yahoo.com, you don't get all of them, you only get a few) and most firewalls 
have relaxed the restrictions to 1024 or 2048 bytes and most companies have TCP 
53 open. So, it's rare - but it still can happen - even on the old operating 
systems.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: m b [mailto:midphan12...@gmail.com]
Sent: Wednesday, December 15, 2010 1:42 PM
To: NT System Admin Issues
Subject: Re: 2K8R2 DNS anomaly

In my experience, I only witnessed  reproduced the issue versus Windows 2008 
R2 servers.  And they will resolve 99.999% of all queries, just a select few 
that present a problem.  So far, none of the problem domain queries have been 
business-related.



On Wed, Dec 15, 2010 at 12:12 PM, Kennedy, Jim 
kennedy...@elyriaschools.orgmailto:kennedy...@elyriaschools.org wrote:
Your results do indicate the EDNS issue. It is universal...it kills all 2008 
servers that I have seen using DNS. As for the 2K3 server, who is it's 
forwarder? I will bet it's a 2K8 server.

From: m b [mailto:midphan12...@gmail.commailto:midphan12...@gmail.com]
Sent: Wednesday, December 15, 2010 12:13 PM

To: NT System Admin Issues
Subject: Re: 2K8R2 DNS anomaly

This becomes more interesting.  ORCA has set up a reply-size test server 
(https://www.dns-oarc.net/oarc/services/replysizetest).  The results look 
backwards to me, but follow the pattern of success/failure.  An indication that 
this does have to do with UDP packet size.

I'm hesitant to start applying the workaround  turning off EDNS capability.  
Contacting firewall team for their input.


C:\Documents and Settings\menslookup -type=txt 
rs.dns-oarc.nethttp://rs.dns-oarc.net/. (our 2K8 server)
Server:  (our 2K8 server)
Address:  (our 2K8 server)
DNS request timed out.
timeout was 2 seconds.
*** Request to (our 2K8 server) timed-out

C:\Documents and Settings\menslookup -type=txt 
rs.dns-oarc.nethttp://rs.dns-oarc.net/. (our 2k3 server)
Server:  (our 2k3 server)
Address:  (our 2k3 server)
DNS request timed out.
timeout was 2 seconds.
*** Request to (our 2k3 server) timed-out

C:\Documents and Settings\menslookup -type=txt 
rs.dns-oarc.nethttp://rs.dns-oarc.net/. (our 2k8r2 server)
Server:  (our 2k8r2 server)
Address:  (our 2k8r2 server)
Non-authoritative answer:
rs.dns-oarc.nethttp://rs.dns-oarc.net/ canonical name = 
rst.x3827.rs.dns-oarc.nethttp://rst.x3827.rs.dns-oarc.net/
rst.x3827.rs.dns-oarc.nethttp://rst.x3827.rs.dns-oarc.net/   canonical 
name = rst.x3837.x3827.rs.dns-oarc.nethttp://rst.x3837.x3827.rs.dns-oarc.net/
rst.x3837.x3827.rs.dns-oarc.nethttp://rst.x3837.x3827.rs.dns-oarc.net/ 
canonical name = rst.x3843.x3837.x3827.rs.dns-oa
rc.nethttp://rc.net/
rst.x3843.x3837.x3827.rs.dns-oarc.nethttp://rst.x3843.x3837.x3827.rs.dns-oarc.net/
   text =
(our 2k8r2 server) DNS reply size limit is at least 3843
rst.x3843.x3837.x3827.rs.dns-oarc.nethttp://rst.x3843.x3837.x3827.rs.dns-oarc.net/
   text =
(our 2k8r2 server) sent EDNS buffer size 4000
rst.x3843.x3837.x3827.rs.dns-oarc.nethttp://rst.x3843.x3837.x3827.rs.dns-oarc.net/
   text =
Tested at 2010-12-15 16:55:15 UTC



On Wed, Dec 15, 2010 at 10:23 AM, VIPCS 
vi...@stny.rr.commailto:vi...@stny.rr.com wrote:
Jeffrey just tried an nslookup query (results below) on two WS2K8 servers (one 
is R2) on two different networks and both resolved (both are DCs with DNS 
installed):

Non-authoritative answer:
Name:www.insead.eduhttp://www.insead.edu/
Address:  213.182.38.52

Is it possible an upstream DNS forwarder is blocking access?


Sincerely,



Jeffrey and Mary Jane Harris

VIPCS


From: m b [mailto:midphan12...@gmail.commailto:midphan12...@gmail.com]
Sent: Wednesday, December 15, 2010 11:15 AM

To: NT System Admin Issues
Subject: 2K8R2 DNS anomaly

Within our forest, all domain controllers are DNS servers.  We've been working 
to upgrade from 2K3 to 2K8.  Most of those that are upgraded are 2K8R2, while a 
few are just 2K8.

I have heard some reports from users that they were unable to access certain 
websites that they were able to access from home.  Today's example is 
www.insead.eduhttp://www.insead.edu/.

When I do an nslookup against any of our 2K8R2 DNS servers, the

RE: System Tool 2011 malware

2010-12-15 Thread VIPCS 
Because it is a shared account, Jeffrey does indeed talk in the third person
(if he used I, you would not know who the I was, now would you *grin*?).

 

Sincerely,

 

Jeffrey and Mary Jane Harris

VIPCS

 

  _  

From: Sean Martin [mailto:seanmarti...@gmail.com] 
Sent: Wednesday, December 15, 2010 1:25 PM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

 

I'm quite sure this is a husband and wife sharing the same account, but I
can't help but imagine Jeffrey talking in the third person. :)

 

Happy Holidays!

 

- Sean

On Wed, Dec 15, 2010 at 7:51 AM, VIPCS vi...@stny.rr.com wrote:

Jeffrey had to fix malware on a user's system that infected the keyboard
drivers, and prevent any keyboard from being used.  Combofix was the only
tool that detected and fixed the issue (Jeffrey tried Vipre, Vipre Rescue,
MalwareBytes, and the Microsoft Malicious Software Removal Tool).

That Vipre never even detected the malware concerned Jeffrey more than
anything else, even though Jeffrey knew it was malware because of numerous
reports on the Internet of other users with the same issue.


Sincerely,

Jeffrey and Mary Jane Harris
VIPCS


-Original Message-

From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu]
Sent: Wednesday, December 15, 2010 11:07 AM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

Don't forget combofix - taken care of some things that can't be cleaned
otherwise.


Jack Kramer
Computer Systems Specialist
University Relations, Michigan State University
w: 517-884-1231 / c: 248-635-4955




On 12/15/10 10:37 AM, John Aldrich jaldr...@blueridgecarpet.com wrote:

Thanks for the info, guys... I downloaded it and will start using it as
part
of my regular troubleshooting/cleaning toolkit. :-)



From: Scott Weber [mailto:swe...@thanksal.com]
Sent: Wednesday, December 15, 2010 10:24 AM
To: NT System Admin Issues
Subject: RE: System Tool 2011 malware

James,
Recently (this past weekend) found out about secunia PSI and I like it.

+1

Scott


From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Wednesday, December 15, 2010 7:53 AM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

Secunia PSI FTWI've got that down as part of the standard toolset I
put on home users' PCs now. It's also not too hard to use, which is a big
plus for these kind of jobs
On 15 December 2010 13:50, Erik Goldoff egold...@gmail.com wrote:
I wonder the status of patching on his system, not just Microsoft but
Adobe
and other applications.  I've seen a bit of these fake av type malware
gems
arrive via suspected 'drive by' website visits, possibly from hitting
flash/shockwave vulnerabilities on linked animated advertisements.


Erik Goldoff
IT  Consultant
Systems, Networks,  Security

'  Security is an ongoing process, not a one time event ! '



-Original Message-
From: James Kerr [mailto:cluster...@gmail.com]
Sent: Wednesday, December 15, 2010 8:42 AM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware
I had a user get that crap on his PC on Tuesday and it disabled Vipre
Enterprise also. The user swears he didn't click on anything and was on
MSNBCs site. He was about to get a new PC anyway so I'm not bothering to
clean. Its not the first time that user got one of those fake AVs, or the
second for that matter.

James

- Original Message -
From: John Aldrich jaldr...@blueridgecarpet.com
To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
Sent: Wednesday, December 15, 2010 5:21 AM
Subject: Re: System Tool 2011 malware
 On Tue December 14 2010, you wrote:
 Hi John,

 User know where they were surfing when it hit?

 Samples can be submitted here:

 http://www.sunbeltsecurity.com/threat

 If you want assistance with removal check the box that says I need
help
 . Someone will be happy to help.

 We're releasing defs something like 13x/day now so shouldn't be too
long
 to get updates for that critter.

 Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre
 Home caught it...what's more, it disabled Vipre Home. I'll see if I can
 get
 access to the zipped sample so I can resubmit.

 Thanks!

 --
 Thanks,
 John Aldrich
 Blueridge Industries
 IT Manager

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---

Re: System Tool 2011 malware

2010-12-15 Thread Micheal Espinola Jr 
Malwarebytes no, but ComboFix yes?  I'm not buying it.  Something else was
happening that broke or blocked Mb from updating.

--
ME2





On Wed, Dec 15, 2010 at 8:51 AM, VIPCS vi...@stny.rr.com wrote:

 Jeffrey had to fix malware on a user's system that infected the keyboard
 drivers, and prevent any keyboard from being used.  Combofix was the only
 tool that detected and fixed the issue (Jeffrey tried Vipre, Vipre Rescue,
 MalwareBytes, and the Microsoft Malicious Software Removal Tool).

 That Vipre never even detected the malware concerned Jeffrey more than
 anything else, even though Jeffrey knew it was malware because of numerous
 reports on the Internet of other users with the same issue.

 Sincerely,

 Jeffrey and Mary Jane Harris
 VIPCS


 -Original Message-
 From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu]
 Sent: Wednesday, December 15, 2010 11:07 AM
 To: NT System Admin Issues
 Subject: Re: System Tool 2011 malware

 Don't forget combofix - taken care of some things that can't be cleaned
 otherwise.

 
 Jack Kramer
 Computer Systems Specialist
 University Relations, Michigan State University
 w: 517-884-1231 / c: 248-635-4955




 On 12/15/10 10:37 AM, John Aldrich jaldr...@blueridgecarpet.com wrote:

 Thanks for the info, guys... I downloaded it and will start using it as
 part
 of my regular troubleshooting/cleaning toolkit. :-)
 
 
 
 From: Scott Weber [mailto:swe...@thanksal.com]
 Sent: Wednesday, December 15, 2010 10:24 AM
 To: NT System Admin Issues
 Subject: RE: System Tool 2011 malware
 
 James,
 Recently (this past weekend) found out about secunia PSI and I like it.
 
 +1
 
 Scott
 
 
 From: James Rankin [mailto:kz2...@googlemail.com]
 Sent: Wednesday, December 15, 2010 7:53 AM
 To: NT System Admin Issues
 Subject: Re: System Tool 2011 malware
 
 Secunia PSI FTWI've got that down as part of the standard toolset I
 put on home users' PCs now. It's also not too hard to use, which is a big
 plus for these kind of jobs
 On 15 December 2010 13:50, Erik Goldoff egold...@gmail.com wrote:
 I wonder the status of patching on his system, not just Microsoft but
 Adobe
 and other applications.  I've seen a bit of these fake av type malware
 gems
 arrive via suspected 'drive by' website visits, possibly from hitting
 flash/shockwave vulnerabilities on linked animated advertisements.
 
 
 Erik Goldoff
 IT  Consultant
 Systems, Networks,  Security
 
 '  Security is an ongoing process, not a one time event ! '
 
 
 
 -Original Message-
 From: James Kerr [mailto:cluster...@gmail.com]
 Sent: Wednesday, December 15, 2010 8:42 AM
 To: NT System Admin Issues
 Subject: Re: System Tool 2011 malware
 I had a user get that crap on his PC on Tuesday and it disabled Vipre
 Enterprise also. The user swears he didn't click on anything and was on
 MSNBCs site. He was about to get a new PC anyway so I'm not bothering to
 clean. Its not the first time that user got one of those fake AVs, or the
 second for that matter.
 
 James
 
 - Original Message -
 From: John Aldrich jaldr...@blueridgecarpet.com
 To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
 Sent: Wednesday, December 15, 2010 5:21 AM
 Subject: Re: System Tool 2011 malware
  On Tue December 14 2010, you wrote:
  Hi John,
 
  User know where they were surfing when it hit?
 
  Samples can be submitted here:
 
  http://www.sunbeltsecurity.com/threat
 
  If you want assistance with removal check the box that says I need
 help
  . Someone will be happy to help.
 
  We're releasing defs something like 13x/day now so shouldn't be too
 long
  to get updates for that critter.
 
  Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre
  Home caught it...what's more, it disabled Vipre Home. I'll see if I can
  get
  access to the zipped sample so I can resubmit.
 
  Thanks!
 
  --
  Thanks,
  John Aldrich
  Blueridge Industries
  IT Manager
 
  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
  ---
  To manage subscriptions click here:
  http://lyris.sunbelt-software.com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin
 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin
 
 
 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin
 
 
 
 --
 On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
 the

Re: OT: Anyone looking for a new gig for the new year? (Baltimore area)

2010-12-15 Thread Micheal Espinola Jr 
Would you be my boss?  :-)

--
ME2





On Wed, Dec 15, 2010 at 5:18 AM, Jim Holmgren jholmg...@xlhealth.comwrote:

 Hey folks,
 I've got some openings coming up here in the Baltimore MD area.  Some of
 these are due to expanded headcounts (we are really growing) and one is
 due to mutually agreed separation.   All of these positions would
 directly or indirectly report to me.

 HR is going through the usual sources, but I thought I could help cast a
 wider net.  We are pretty much a 100% Windows shop, EMC storage, VMWare
 infrastructure, and we are looking for:

 1) Manager of Server Engineering (my current position - I just received
 a promotion)
 2) Tier 2/3 Technical Support
 3) Junior SQL DBA
 4) Principal SQL DBA

 I know this is not a lot to go on, but I don't want to flood the list
 with job descriptions, etc.  Competitive salary, good benefits, EOE,
 etc.

 If any of these titles look interesting and you are in the Baltimore MD
 area (can't do paid relocation, sorry) drop me a note off-list please.

 Thanks!
 Jim


 Jim Holmgren
 Manager of Server Engineering
 XLHealth Corporation
 The Warehouse at Camden Yards
 351 West Camden Street, Suite 100
 Baltimore, MD 21201
 410.625.2200 (main)
 443.524.8573 (direct)
 443-506.2400 (cell)
 www.xlhealth.com




 CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole
 use of the intended recipient(s) and may contain confidential and/or
 protected health information. Under the Federal Law (HIPAA), the intended
 recipient is obligated to keep this information secure and confidential. Any
 disclosure to third parties without authorization from the member of as
 permitted by law is prohibited and punishable under Federal Law. If you are
 not the intended recipient, please contact the sender by reply e-mail and
 destroy all copies of the original message.

 NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el
 uso exclusivo del destinatario(s) y puede contener información confidencial
 y/o información protegida de salud. En virtud de la Ley Federal (HIPAA), el
 destinatario tiene la obligación de mantener esta información segura y
 confidencial. Cualquier divulgación a terceros sin la autorización de los
 miembros de lo permitido por la ley está prohibido y penado en virtud de la
 Ley Federal. Si usted no es el destinatario, por favor, póngase en contacto
 con el remitente por teléfono y destruir todas las copias del mensaje
 original

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT: Anyone looking for a new gig for the new year? (Baltimore area)

2010-12-15 Thread Micheal Espinola Jr 
...and, congrats on the promotion!

--
ME2





On Wed, Dec 15, 2010 at 11:03 AM, Micheal Espinola Jr 
michealespin...@gmail.com wrote:

 Would you be my boss?  :-)

 --
 ME2






 On Wed, Dec 15, 2010 at 5:18 AM, Jim Holmgren jholmg...@xlhealth.comwrote:

 Hey folks,
 I've got some openings coming up here in the Baltimore MD area.  Some of
 these are due to expanded headcounts (we are really growing) and one is
 due to mutually agreed separation.   All of these positions would
 directly or indirectly report to me.

 HR is going through the usual sources, but I thought I could help cast a
 wider net.  We are pretty much a 100% Windows shop, EMC storage, VMWare
 infrastructure, and we are looking for:

 1) Manager of Server Engineering (my current position - I just received
 a promotion)
 2) Tier 2/3 Technical Support
 3) Junior SQL DBA
 4) Principal SQL DBA

 I know this is not a lot to go on, but I don't want to flood the list
 with job descriptions, etc.  Competitive salary, good benefits, EOE,
 etc.

 If any of these titles look interesting and you are in the Baltimore MD
 area (can't do paid relocation, sorry) drop me a note off-list please.

 Thanks!
 Jim


 Jim Holmgren
 Manager of Server Engineering
 XLHealth Corporation
 The Warehouse at Camden Yards
 351 West Camden Street, Suite 100
 Baltimore, MD 21201
 410.625.2200 (main)
 443.524.8573 (direct)
 443-506.2400 (cell)
 www.xlhealth.com




 CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole
 use of the intended recipient(s) and may contain confidential and/or
 protected health information. Under the Federal Law (HIPAA), the intended
 recipient is obligated to keep this information secure and confidential. Any
 disclosure to third parties without authorization from the member of as
 permitted by law is prohibited and punishable under Federal Law. If you are
 not the intended recipient, please contact the sender by reply e-mail and
 destroy all copies of the original message.

 NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para
 el uso exclusivo del destinatario(s) y puede contener información
 confidencial y/o información protegida de salud. En virtud de la Ley Federal
 (HIPAA), el destinatario tiene la obligación de mantener esta información
 segura y confidencial. Cualquier divulgación a terceros sin la autorización
 de los miembros de lo permitido por la ley está prohibido y penado en virtud
 de la Ley Federal. Si usted no es el destinatario, por favor, póngase en
 contacto con el remitente por teléfono y destruir todas las copias del
 mensaje original

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT : Holiday funny...

2010-12-15 Thread Andrew S. Baker 
+5


*ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker
*Exploiting Technology for Business Advantage...*
* *



On Wed, Dec 15, 2010 at 1:23 PM, Sean Martin seanmarti...@gmail.com wrote:

 Bravo!

 - Sean

 On Wed, Dec 15, 2010 at 8:23 AM, Kim Longenbaugh k...@colonialsavings.com
  wrote:

  The bus driver, while running his route,

 Decided to take Frosty out

 But he found to his shame

 That it wasn’t a game,

 And now a job he’s without.



 While driving his bus down the road

 He decided to be quite a toad

 His murder of Frosty

 To his job was quite costly

 The street will be his new abode.



 *From:* Maglinger, Paul [mailto:pmaglin...@scvl.com]
 *Sent:* Wednesday, December 15, 2010 11:17 AM

 *To:* NT System Admin Issues
 *Subject:* RE: OT : Holiday funny...



 The bus driver was manic,

 while he rolled over Frosty’s neck.

 Now he’s quite benign,

 while he’s standing in line,

 waiting for his unemployment check.





 *From:* richardmccl...@aspca.org [mailto:richardmccl...@aspca.org]
 *Sent:* Wednesday, December 15, 2010 11:03 AM
 *To:* NT System Admin Issues
 *Subject:* Re: OT : Holiday funny...




 Need another verse about the driver - he was dismissed almost immediately:

 1. He crossed into the on-coming traffic lane
 2. He could not see if anything or anybody was behind the snow man
 3. He had no way to determine if there were rocks, posts, etc within the
 snow man

 Not such a happy holiday for him!

 Maglinger, Paul pmaglin...@scvl.com wrote on 12/15/2010 10:48:43 AM:

  Frosty the snowman,
  wasn't too quick on his feet.
  It was clearly his loss,
  when he tried to cross,
  in the middle of the street.
 
  http://www.nbcchicago.com/news/local-beat/champaign-urbana-bus-
  snowman-111815254.html?dr#ixzz1860nu92H
 
  -Paul
 
  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
  ---
  To manage subscriptions click here: http://lyris.sunbelt-software.
  com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin
 

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: System Tool 2011 malware

2010-12-15 Thread Micheal Espinola Jr 
I didnt claim they are the end-all anything, and I certainly dont say so
about Vipre - but Malwarebytes outshines ComboFix.  ComboFix is faster, but
I have not found it to be more reliable in any provable sense.  In fact, my
logs show the opposite.

I also didnt claim anyone should have a static toolbag, or that ComboFix
didnt fix the problem as described.  I was raising the issue that there were
and perhaps still are other problems on that system that are preventing
Malwarebytes from operating properly; which is something I often find on
systems that are not running the registered (real-time) version of
Malwarebytes.

--
ME2





On Wed, Dec 15, 2010 at 11:09 AM, VIPCS vi...@stny.rr.com wrote:

  As Jeffrey recalls, he had to rename the MB executable just to allow it
 to run.  In any case, even if MB was blocked from operating optimally, you
 still cannot argue that combofix actually fixed the problem.



 Jeffrey raised this issue with Vipre support and they said they said the
 same thing – Vipre and MB are not the be-all and end-all for all malware,
 and sometimes specialized tools (such as combofix) are essential for some
 malware removal.



 Sincerely,



 Jeffrey and Mary Jane Harris

 VIPCS


  --

 *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com]
 *Sent:* Wednesday, December 15, 2010 2:02 PM

 *To:* NT System Admin Issues
 *Subject:* Re: System Tool 2011 malware



 Malwarebytes no, but ComboFix yes?  I'm not buying it.  Something else was
 happening that broke or blocked Mb from updating.

 --
 ME2







  On Wed, Dec 15, 2010 at 8:51 AM, VIPCS vi...@stny.rr.com wrote:

 Jeffrey had to fix malware on a user's system that infected the keyboard
 drivers, and prevent any keyboard from being used.  Combofix was the only
 tool that detected and fixed the issue (Jeffrey tried Vipre, Vipre Rescue,
 MalwareBytes, and the Microsoft Malicious Software Removal Tool).

 That Vipre never even detected the malware concerned Jeffrey more than
 anything else, even though Jeffrey knew it was malware because of numerous
 reports on the Internet of other users with the same issue.


 Sincerely,

 Jeffrey and Mary Jane Harris
 VIPCS


 -Original Message-

 From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu]
 Sent: Wednesday, December 15, 2010 11:07 AM
 To: NT System Admin Issues
 Subject: Re: System Tool 2011 malware

 Don't forget combofix - taken care of some things that can't be cleaned
 otherwise.

 
 Jack Kramer
 Computer Systems Specialist
 University Relations, Michigan State University
 w: 517-884-1231 / c: 248-635-4955




 On 12/15/10 10:37 AM, John Aldrich jaldr...@blueridgecarpet.com wrote:

 Thanks for the info, guys... I downloaded it and will start using it as
 part
 of my regular troubleshooting/cleaning toolkit. :-)
 
 
 
 From: Scott Weber [mailto:swe...@thanksal.com]
 Sent: Wednesday, December 15, 2010 10:24 AM
 To: NT System Admin Issues
 Subject: RE: System Tool 2011 malware
 
 James,
 Recently (this past weekend) found out about secunia PSI and I like it.
 
 +1
 
 Scott
 
 
 From: James Rankin [mailto:kz2...@googlemail.com]
 Sent: Wednesday, December 15, 2010 7:53 AM
 To: NT System Admin Issues
 Subject: Re: System Tool 2011 malware
 
 Secunia PSI FTWI've got that down as part of the standard toolset I
 put on home users' PCs now. It's also not too hard to use, which is a big
 plus for these kind of jobs
 On 15 December 2010 13:50, Erik Goldoff egold...@gmail.com wrote:
 I wonder the status of patching on his system, not just Microsoft but
 Adobe
 and other applications.  I've seen a bit of these fake av type malware
 gems
 arrive via suspected 'drive by' website visits, possibly from hitting
 flash/shockwave vulnerabilities on linked animated advertisements.
 
 
 Erik Goldoff
 IT  Consultant
 Systems, Networks,  Security
 
 '  Security is an ongoing process, not a one time event ! '
 
 
 
 -Original Message-
 From: James Kerr [mailto:cluster...@gmail.com]
 Sent: Wednesday, December 15, 2010 8:42 AM
 To: NT System Admin Issues
 Subject: Re: System Tool 2011 malware
 I had a user get that crap on his PC on Tuesday and it disabled Vipre
 Enterprise also. The user swears he didn't click on anything and was on
 MSNBCs site. He was about to get a new PC anyway so I'm not bothering to
 clean. Its not the first time that user got one of those fake AVs, or the
 second for that matter.
 
 James
 
 - Original Message -
 From: John Aldrich jaldr...@blueridgecarpet.com
 To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
 Sent: Wednesday, December 15, 2010 5:21 AM
 Subject: Re: System Tool 2011 malware
  On Tue December 14 2010, you wrote:
  Hi John,
 
  User know where they were surfing when it hit?
 
  Samples can be submitted here:
 
  http://www.sunbeltsecurity.com/threat
 
  If you want assistance with removal check the box that says I need
 help
  . Someone will be happy to help.
 
  We're releasing defs

RE: OT : Holiday funny...

2010-12-15 Thread RichardMcClary 
OK, since this is all in my little town (nothing to do with Paul Simon - 
the song writer or the late senator)...

Here is from today's local newspaper.  Check out the name of the police 
lieutenant.  YOU CAN'T MAKE THIS STUFF UP!

http://www.news-gazette.com/news/courts-police-and-fire/2010-12-15/transit-agency-says-viral-snowman-video-old-news.html
--
richard

Kim Longenbaugh k...@colonialsavings.com wrote on 12/15/2010 11:23:20 
AM:

 The bus driver, while running his route,
 Decided to take Frosty out
 But he found to his shame
 That it wasn?t a game,
 And now a job he?s without.
 
 While driving his bus down the road
 He decided to be quite a toad
 His murder of Frosty
 To his job was quite costly
 The street will be his new abode.
 
 From: Maglinger, Paul [mailto:pmaglin...@scvl.com] 
 Sent: Wednesday, December 15, 2010 11:17 AM
 To: NT System Admin Issues
 Subject: RE: OT : Holiday funny...
 
 The bus driver was manic,
 while he rolled over Frosty?s neck.
 Now he?s quite benign,
 while he?s standing in line,
 waiting for his unemployment check.
 
 
 From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] 
 Sent: Wednesday, December 15, 2010 11:03 AM
 To: NT System Admin Issues
 Subject: Re: OT : Holiday funny...
 
 
 Need another verse about the driver - he was dismissed almost 
immediately: 
 
 1. He crossed into the on-coming traffic lane 
 2. He could not see if anything or anybody was behind the snow man 
 3. He had no way to determine if there were rocks, posts, etc within
 the snow man 
 
 Not such a happy holiday for him! 
 
 Maglinger, Paul pmaglin...@scvl.com wrote on 12/15/2010 10:48:43 AM:
 
  Frosty the snowman,
  wasn't too quick on his feet.
  It was clearly his loss,
  when he tried to cross,
  in the middle of the street.
  
  http://www.nbcchicago.com/news/local-beat/champaign-urbana-bus-
  snowman-111815254.html?dr#ixzz1860nu92H
  
  -Paul
  
  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
  
  ---
  To manage subscriptions click here: http://lyris.sunbelt-software.
  com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin
  
 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
 ---
 To manage subscriptions click here: http://lyris.sunbelt-software.
 com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin
 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
 ---
 To manage subscriptions click here: http://lyris.sunbelt-software.
 com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin
 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
 ---
 To manage subscriptions click here: http://lyris.sunbelt-software.
 com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: System Tool 2011 malware

2010-12-15 Thread Micheal Espinola Jr 
I would recommend other tools for startup scanning.  I mean this with all
sincerity, compared to other tools you can scan your system with, SBSD is a
waste of scanning time.  Its not top of the food chain anymore.  Also,
Tea-Timer (if utilized) is a major performance drag on your system, and its
not even a system service.  Ultimately, the security you get from SBSD
should not be trusted.

I think that autoruns would be a better tool for startup inspection - Its
fast and well organized.  A simple script can quickly open the hosts file
for you on any system. Scripts could also automate basic inspecting of the
hosts file contents being altered.

--
ME2





On Wed, Dec 15, 2010 at 11:21 AM, John Aldrich jaldr...@blueridgecarpet.com
 wrote:

 Well, SpyBot has a couple things going for it that the others don’t – the
 ability to see what’s in the startup and the “hosts” file. Sure there are
 other apps that’ll install a hosts file for you, but it’s really easy to do
 with SpyBot, plus it’s easy to see what’s in the startup that *doesn't*
 show
 up with MSCONFIG or simply looking at the startup folder in the start
 menu. I could tell that something was auto-starting, but I couldn’t see
 what
 it was without loading up SpyBot. :-)

 I'll grant you that other things may do a better job of cleaning, but I
 think it's still a useful tool.



 From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
 Sent: Wednesday, December 15, 2010 1:37 PM
 To: NT System Admin Issues
 Subject: Re: System Tool 2011 malware

 SAFE MODE, SAFE MODE, SAFE MODE...

 Forget SBSD, it sucks these days.  Malwarebytes, ESET, and Kasperky.  Use
 those.  You'll get *everything*.

 Use Live CD's if at all possible.  But, if you do, be aware of NTFS perms.

 --
 ME2




 On Tue, Dec 14, 2010 at 7:47 PM, Steve Ens stevey...@gmail.com wrote:
 Hey John
 Are you asking how to fix it, or why Vipre didn't catch it?  If you're
 trying to fix it, then logon as the administrator (or something other
 than what the infected profile) and then run the tools...full scans.
 Steve


 On Tuesday, December 14, 2010, John Aldrich
 jaldr...@blueridgecarpet.com wrote:
  I had a home user who called me to come work on his computer because it
  kept coming up with the system tool 2011 malware (very similar to the
  fake antivirus malware.)
  The system is Windows XP Media Edition, and had Vipre Home installed. I
 ran
  Vipre Rescue yesterday and it supposedly cleaned some of it up, but as
 soon
  as the user rebooted into normal mode, it was back. Today, I went back
 and
  ran MalwareBytes and SpyBot SD.  Neither apparently caught it, but
 looking
  at the startup entries in SpyBot, I saw a random jumble of letters under
 c:
  \documents and settings\all users\application data\ which, when I entered
  the directory in Windows Explorer, showed the icon for the System Tool
 2011
  malware.
  Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I
  tried to submit a zip of it to the CW Sandbox, but got a response that it
  couldn't be analyzed...
  --
  Thanks,
  John Aldrich
  Blueridge Industries
  IT Manager
 
  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
  ---
  To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin
 

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: System Tool 2011 malware

2010-12-15 Thread VIPCS 
Jeffrey was confused by your not buying it comment.  No personal slights
were intended.  Each of the other programs (except Vipre) found something,
but it was left to combofix to actually resolve the basic issue of the
keyboard not working.

 

Sincerely,

 

Jeffrey and Mary Jane Harris

VIPCS

 

  _  

From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Wednesday, December 15, 2010 2:23 PM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

 

I didnt claim they are the end-all anything, and I certainly dont say so
about Vipre - but Malwarebytes outshines ComboFix.  ComboFix is faster, but
I have not found it to be more reliable in any provable sense.  In fact, my
logs show the opposite.

I also didnt claim anyone should have a static toolbag, or that ComboFix
didnt fix the problem as described.  I was raising the issue that there were
and perhaps still are other problems on that system that are preventing
Malwarebytes from operating properly; which is something I often find on
systems that are not running the registered (real-time) version of
Malwarebytes.

--
ME2

 

 





On Wed, Dec 15, 2010 at 11:09 AM, VIPCS vi...@stny.rr.com wrote:

As Jeffrey recalls, he had to rename the MB executable just to allow it to
run.  In any case, even if MB was blocked from operating optimally, you
still cannot argue that combofix actually fixed the problem.

 

Jeffrey raised this issue with Vipre support and they said they said the
same thing - Vipre and MB are not the be-all and end-all for all malware,
and sometimes specialized tools (such as combofix) are essential for some
malware removal.

 

Sincerely,

 

Jeffrey and Mary Jane Harris

VIPCS

 

  _  

From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Wednesday, December 15, 2010 2:02 PM


To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

 

Malwarebytes no, but ComboFix yes?  I'm not buying it.  Something else was
happening that broke or blocked Mb from updating.

--
ME2

 

 

 

On Wed, Dec 15, 2010 at 8:51 AM, VIPCS vi...@stny.rr.com wrote:

Jeffrey had to fix malware on a user's system that infected the keyboard
drivers, and prevent any keyboard from being used.  Combofix was the only
tool that detected and fixed the issue (Jeffrey tried Vipre, Vipre Rescue,
MalwareBytes, and the Microsoft Malicious Software Removal Tool).

That Vipre never even detected the malware concerned Jeffrey more than
anything else, even though Jeffrey knew it was malware because of numerous
reports on the Internet of other users with the same issue.


Sincerely,

Jeffrey and Mary Jane Harris
VIPCS


-Original Message-

From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu]
Sent: Wednesday, December 15, 2010 11:07 AM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

Don't forget combofix - taken care of some things that can't be cleaned
otherwise.


Jack Kramer
Computer Systems Specialist
University Relations, Michigan State University
w: 517-884-1231 / c: 248-635-4955




On 12/15/10 10:37 AM, John Aldrich jaldr...@blueridgecarpet.com wrote:

Thanks for the info, guys... I downloaded it and will start using it as
part
of my regular troubleshooting/cleaning toolkit. :-)



From: Scott Weber [mailto:swe...@thanksal.com]
Sent: Wednesday, December 15, 2010 10:24 AM
To: NT System Admin Issues
Subject: RE: System Tool 2011 malware

James,
Recently (this past weekend) found out about secunia PSI and I like it.

+1

Scott


From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Wednesday, December 15, 2010 7:53 AM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

Secunia PSI FTWI've got that down as part of the standard toolset I
put on home users' PCs now. It's also not too hard to use, which is a big
plus for these kind of jobs
On 15 December 2010 13:50, Erik Goldoff egold...@gmail.com wrote:
I wonder the status of patching on his system, not just Microsoft but
Adobe
and other applications.  I've seen a bit of these fake av type malware
gems
arrive via suspected 'drive by' website visits, possibly from hitting
flash/shockwave vulnerabilities on linked animated advertisements.


Erik Goldoff
IT  Consultant
Systems, Networks,  Security

'  Security is an ongoing process, not a one time event ! '



-Original Message-
From: James Kerr [mailto:cluster...@gmail.com]
Sent: Wednesday, December 15, 2010 8:42 AM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware
I had a user get that crap on his PC on Tuesday and it disabled Vipre
Enterprise also. The user swears he didn't click on anything and was on
MSNBCs site. He was about to get a new PC anyway so I'm not bothering to
clean. Its not the first time that user got one of those fake AVs, or the
second for that matter.

James

- Original Message -
From: John Aldrich jaldr...@blueridgecarpet.com
To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
Sent: Wednesday, December 15, 2010 5:21

RE: System Tool 2011 malware

2010-12-15 Thread VIPCS 
As Jeffrey recalls, he had to rename the MB executable just to allow it to
run.  In any case, even if MB was blocked from operating optimally, you
still cannot argue that combofix actually fixed the problem.

 

Jeffrey raised this issue with Vipre support and they said they said the
same thing - Vipre and MB are not the be-all and end-all for all malware,
and sometimes specialized tools (such as combofix) are essential for some
malware removal.

 

Sincerely,

 

Jeffrey and Mary Jane Harris

VIPCS

 

  _  

From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Wednesday, December 15, 2010 2:02 PM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

 

Malwarebytes no, but ComboFix yes?  I'm not buying it.  Something else was
happening that broke or blocked Mb from updating.

--
ME2

 

 





On Wed, Dec 15, 2010 at 8:51 AM, VIPCS vi...@stny.rr.com wrote:

Jeffrey had to fix malware on a user's system that infected the keyboard
drivers, and prevent any keyboard from being used.  Combofix was the only
tool that detected and fixed the issue (Jeffrey tried Vipre, Vipre Rescue,
MalwareBytes, and the Microsoft Malicious Software Removal Tool).

That Vipre never even detected the malware concerned Jeffrey more than
anything else, even though Jeffrey knew it was malware because of numerous
reports on the Internet of other users with the same issue.


Sincerely,

Jeffrey and Mary Jane Harris
VIPCS


-Original Message-

From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu]
Sent: Wednesday, December 15, 2010 11:07 AM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

Don't forget combofix - taken care of some things that can't be cleaned
otherwise.


Jack Kramer
Computer Systems Specialist
University Relations, Michigan State University
w: 517-884-1231 / c: 248-635-4955




On 12/15/10 10:37 AM, John Aldrich jaldr...@blueridgecarpet.com wrote:

Thanks for the info, guys... I downloaded it and will start using it as
part
of my regular troubleshooting/cleaning toolkit. :-)



From: Scott Weber [mailto:swe...@thanksal.com]
Sent: Wednesday, December 15, 2010 10:24 AM
To: NT System Admin Issues
Subject: RE: System Tool 2011 malware

James,
Recently (this past weekend) found out about secunia PSI and I like it.

+1

Scott


From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Wednesday, December 15, 2010 7:53 AM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

Secunia PSI FTWI've got that down as part of the standard toolset I
put on home users' PCs now. It's also not too hard to use, which is a big
plus for these kind of jobs
On 15 December 2010 13:50, Erik Goldoff egold...@gmail.com wrote:
I wonder the status of patching on his system, not just Microsoft but
Adobe
and other applications.  I've seen a bit of these fake av type malware
gems
arrive via suspected 'drive by' website visits, possibly from hitting
flash/shockwave vulnerabilities on linked animated advertisements.


Erik Goldoff
IT  Consultant
Systems, Networks,  Security

'  Security is an ongoing process, not a one time event ! '



-Original Message-
From: James Kerr [mailto:cluster...@gmail.com]
Sent: Wednesday, December 15, 2010 8:42 AM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware
I had a user get that crap on his PC on Tuesday and it disabled Vipre
Enterprise also. The user swears he didn't click on anything and was on
MSNBCs site. He was about to get a new PC anyway so I'm not bothering to
clean. Its not the first time that user got one of those fake AVs, or the
second for that matter.

James

- Original Message -
From: John Aldrich jaldr...@blueridgecarpet.com
To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
Sent: Wednesday, December 15, 2010 5:21 AM
Subject: Re: System Tool 2011 malware
 On Tue December 14 2010, you wrote:
 Hi John,

 User know where they were surfing when it hit?

 Samples can be submitted here:

 http://www.sunbeltsecurity.com/threat

 If you want assistance with removal check the box that says I need
help
 . Someone will be happy to help.

 We're releasing defs something like 13x/day now so shouldn't be too
long
 to get updates for that critter.

 Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre
 Home caught it...what's more, it disabled Vipre Home. I'll see if I can
 get
 access to the zipped sample so I can resubmit.

 Thanks!

 --
 Thanks,
 John Aldrich
 Blueridge Industries
 IT Manager

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click

Re: EXTERNAL:Re: psexec wont' accept login/password to execute locally

2010-12-15 Thread Micheal Espinola Jr 
Is The filename, directory name, or volume label syntax is incorrect. a
result from all attempts at PSEXEC use on that system? How about locally? It
could be an issue with the service itself.

--
ME2





On Tue, Dec 14, 2010 at 2:49 PM, Alverson, Tom (XETRON) 
tom.alver...@ngc.com wrote:

 The filename, directory name, or volume label syntax is incorrect.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: System Tool 2011 malware

2010-12-15 Thread VIPCS 
Or just create a shortcut to %windir%\system32\drives\etc\hosts, and save it
with your anti-malware toolkit files.

 

Sincerely,

 

Jeffrey and Mary Jane Harris

VIPCS

 

  _  

From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Wednesday, December 15, 2010 2:34 PM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

 

I would recommend other tools for startup scanning.  I mean this with all
sincerity, compared to other tools you can scan your system with, SBSD is a
waste of scanning time.  Its not top of the food chain anymore.  Also,
Tea-Timer (if utilized) is a major performance drag on your system, and its
not even a system service.  Ultimately, the security you get from SBSD
should not be trusted.

I think that autoruns would be a better tool for startup inspection - Its
fast and well organized.  A simple script can quickly open the hosts file
for you on any system. Scripts could also automate basic inspecting of the
hosts file contents being altered.

--
ME2

 

 





On Wed, Dec 15, 2010 at 11:21 AM, John Aldrich
jaldr...@blueridgecarpet.com wrote:

Well, SpyBot has a couple things going for it that the others don't - the
ability to see what's in the startup and the hosts file. Sure there are
other apps that'll install a hosts file for you, but it's really easy to do
with SpyBot, plus it's easy to see what's in the startup that *doesn't* show
up with MSCONFIG or simply looking at the startup folder in the start
menu. I could tell that something was auto-starting, but I couldn't see what
it was without loading up SpyBot. :-)

I'll grant you that other things may do a better job of cleaning, but I
think it's still a useful tool.




From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]

Sent: Wednesday, December 15, 2010 1:37 PM

To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

SAFE MODE, SAFE MODE, SAFE MODE...

Forget SBSD, it sucks these days.  Malwarebytes, ESET, and Kasperky.  Use
those.  You'll get *everything*.

Use Live CD's if at all possible.  But, if you do, be aware of NTFS perms.

--
ME2




On Tue, Dec 14, 2010 at 7:47 PM, Steve Ens stevey...@gmail.com wrote:
Hey John
Are you asking how to fix it, or why Vipre didn't catch it?  If you're
trying to fix it, then logon as the administrator (or something other
than what the infected profile) and then run the tools...full scans.
Steve



On Tuesday, December 14, 2010, John Aldrich

jaldr...@blueridgecarpet.com wrote:
 I had a home user who called me to come work on his computer because it
 kept coming up with the system tool 2011 malware (very similar to the
 fake antivirus malware.)
 The system is Windows XP Media Edition, and had Vipre Home installed. I
ran
 Vipre Rescue yesterday and it supposedly cleaned some of it up, but as
soon
 as the user rebooted into normal mode, it was back. Today, I went back and
 ran MalwareBytes and SpyBot SD.  Neither apparently caught it, but
looking
 at the startup entries in SpyBot, I saw a random jumble of letters under
c:
 \documents and settings\all users\application data\ which, when I entered
 the directory in Windows Explorer, showed the icon for the System Tool
2011
 malware.
 Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I
 tried to submit a zip of it to the CW Sandbox, but got a response that it
 couldn't be analyzed...
 --

 Thanks,
 John Aldrich
 Blueridge Industries
 IT Manager

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com

RE: System Tool 2011 malware /OT

2010-12-15 Thread Joseph L. Casale 
Lol, every mail you type starts with jeffrey, are you Mary, and do you 
actually handle all of jeffreys email or is Jeffrey an illeist?
I get a small kick out of following this, lol...

/me Thinks Joseph needs a Mary of his own, heh:)

From: VIPCS [mailto:vi...@stny.rr.com]
Sent: Wednesday, December 15, 2010 12:35 PM
To: NT System Admin Issues
Subject: RE: System Tool 2011 malware

Jeffrey was confused by your not buying it comment.  No personal slights were 
intended.  Each of the other programs (except Vipre) found something, but it 
was left to combofix to actually resolve the basic issue of the keyboard not 
working.


Sincerely,



Jeffrey and Mary Jane Harris

VIPCS


From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
Sent: Wednesday, December 15, 2010 2:23 PM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

I didnt claim they are the end-all anything, and I certainly dont say so about 
Vipre - but Malwarebytes outshines ComboFix.  ComboFix is faster, but I have 
not found it to be more reliable in any provable sense.  In fact, my logs show 
the opposite.

I also didnt claim anyone should have a static toolbag, or that ComboFix didnt 
fix the problem as described.  I was raising the issue that there were and 
perhaps still are other problems on that system that are preventing 
Malwarebytes from operating properly; which is something I often find on 
systems that are not running the registered (real-time) version of Malwarebytes.

--
ME2



On Wed, Dec 15, 2010 at 11:09 AM, VIPCS 
vi...@stny.rr.commailto:vi...@stny.rr.com wrote:
As Jeffrey recalls, he had to rename the MB executable just to allow it to run. 
 In any case, even if MB was blocked from operating optimally, you still cannot 
argue that combofix actually fixed the problem.

Jeffrey raised this issue with Vipre support and they said they said the same 
thing - Vipre and MB are not the be-all and end-all for all malware, and 
sometimes specialized tools (such as combofix) are essential for some malware 
removal.


Sincerely,



Jeffrey and Mary Jane Harris

VIPCS


From: Micheal Espinola Jr 
[mailto:michealespin...@gmail.commailto:michealespin...@gmail.com]
Sent: Wednesday, December 15, 2010 2:02 PM

To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

Malwarebytes no, but ComboFix yes?  I'm not buying it.  Something else was 
happening that broke or blocked Mb from updating.

--
ME2



On Wed, Dec 15, 2010 at 8:51 AM, VIPCS 
vi...@stny.rr.commailto:vi...@stny.rr.com wrote:
Jeffrey had to fix malware on a user's system that infected the keyboard
drivers, and prevent any keyboard from being used.  Combofix was the only
tool that detected and fixed the issue (Jeffrey tried Vipre, Vipre Rescue,
MalwareBytes, and the Microsoft Malicious Software Removal Tool).

That Vipre never even detected the malware concerned Jeffrey more than
anything else, even though Jeffrey knew it was malware because of numerous
reports on the Internet of other users with the same issue.

Sincerely,

Jeffrey and Mary Jane Harris
VIPCS


-Original Message-
From: Kramer, Jack 
[mailto:jack.kra...@ur.msu.edumailto:jack.kra...@ur.msu.edu]
Sent: Wednesday, December 15, 2010 11:07 AM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

Don't forget combofix - taken care of some things that can't be cleaned
otherwise.


Jack Kramer
Computer Systems Specialist
University Relations, Michigan State University
w: 517-884-1231 / c: 248-635-4955




On 12/15/10 10:37 AM, John Aldrich 
jaldr...@blueridgecarpet.commailto:jaldr...@blueridgecarpet.com wrote:

Thanks for the info, guys... I downloaded it and will start using it as
part
of my regular troubleshooting/cleaning toolkit. :-)



From: Scott Weber [mailto:swe...@thanksal.commailto:swe...@thanksal.com]
Sent: Wednesday, December 15, 2010 10:24 AM
To: NT System Admin Issues
Subject: RE: System Tool 2011 malware

James,
Recently (this past weekend) found out about secunia PSI and I like it.

+1

Scott


From: James Rankin [mailto:kz2...@googlemail.commailto:kz2...@googlemail.com]
Sent: Wednesday, December 15, 2010 7:53 AM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

Secunia PSI FTWI've got that down as part of the standard toolset I
put on home users' PCs now. It's also not too hard to use, which is a big
plus for these kind of jobs
On 15 December 2010 13:50, Erik Goldoff 
egold...@gmail.commailto:egold...@gmail.com wrote:
I wonder the status of patching on his system, not just Microsoft but
Adobe
and other applications.  I've seen a bit of these fake av type malware
gems
arrive via suspected 'drive by' website visits, possibly from hitting
flash/shockwave vulnerabilities on linked animated advertisements.


Erik Goldoff
IT  Consultant
Systems, Networks,  Security

'  Security is an ongoing process, not a one time event ! '



-Original Message-
From: James Kerr

RE: OT: Anyone looking for a new gig for the new year? (Baltimore area)

2010-12-15 Thread Jim Holmgren 
Move to Baltimore and I'd strongly consider it...but I probably couldn't afford 
you.  ;)

 

(and thanks on the congrats - I took this current job as a step-down from my 
old job with an eye on this new position when it opened up, just didn't know it 
would be so soon)

 

Jim

 

From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Wednesday, December 15, 2010 2:04 PM
To: NT System Admin Issues
Subject: Re: OT: Anyone looking for a new gig for the new year? (Baltimore area)

 

...and, congrats on the promotion!

--
ME2

 

 





On Wed, Dec 15, 2010 at 11:03 AM, Micheal Espinola Jr 
michealespin...@gmail.com wrote:

Would you be my boss?  :-)

--
ME2

 

 

 





On Wed, Dec 15, 2010 at 5:18 AM, Jim Holmgren jholmg...@xlhealth.com wrote:

Hey folks,
I've got some openings coming up here in the Baltimore MD area.  Some of
these are due to expanded headcounts (we are really growing) and one is
due to mutually agreed separation.   All of these positions would
directly or indirectly report to me.

HR is going through the usual sources, but I thought I could help cast a
wider net.  We are pretty much a 100% Windows shop, EMC storage, VMWare
infrastructure, and we are looking for:

1) Manager of Server Engineering (my current position - I just received
a promotion)
2) Tier 2/3 Technical Support
3) Junior SQL DBA
4) Principal SQL DBA

I know this is not a lot to go on, but I don't want to flood the list
with job descriptions, etc.  Competitive salary, good benefits, EOE,
etc.

If any of these titles look interesting and you are in the Baltimore MD
area (can't do paid relocation, sorry) drop me a note off-list please.

Thanks!
Jim


Jim Holmgren
Manager of Server Engineering
XLHealth Corporation
The Warehouse at Camden Yards
351 West Camden Street, Suite 100
Baltimore, MD 21201
410.625.2200 (main)
443.524.8573 (direct)
443-506.2400 (cell)
www.xlhealth.com




CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use 
of the intended recipient(s) and may contain confidential and/or protected 
health information. Under the Federal Law (HIPAA), the intended recipient is 
obligated to keep this information secure and confidential. Any disclosure to 
third parties without authorization from the member of as permitted by law is 
prohibited and punishable under Federal Law. If you are not the intended 
recipient, please contact the sender by reply e-mail and destroy all copies of 
the original message.

NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso 
exclusivo del destinatario(s) y puede contener información confidencial y/o 
información protegida de salud. En virtud de la Ley Federal (HIPAA), el 
destinatario tiene la obligación de mantener esta información segura y 
confidencial. Cualquier divulgación a terceros sin la autorización de los 
miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley 
Federal. Si usted no es el destinatario, por favor, póngase en contacto con el 
remitente por teléfono y destruir todas las copias del mensaje original

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use 
of the intended recipient(s) and may contain confidential and/or protected 
health information. Under the Federal Law (HIPAA), the intended recipient is 
obligated to keep this information secure and confidential. Any disclosure to 
third parties without authorization from the member of as permitted by law is 
prohibited and punishable under Federal Law. If you are not the intended 
recipient, please contact the sender by reply e-mail and destroy all copies of 
the original message.

NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso 
exclusivo del destinatario(s) y puede contener información confidencial y/o 
información protegida de salud. En virtud de la Ley Federal (HIPAA), el 
destinatario tiene la obligación de mantener esta información segura y 
confidencial. Cualquier divulgación a terceros sin la autorización de los 
miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley 
Federal. Si usted no es el destinatario, por favor, póngase en contacto con el 
remitente por teléfono y destruir todas las copias del mensaje original
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~

Re: System Tool 2011 malware /OT

2010-12-15 Thread Richard Stovall 
Richard learned a new word today.

On Wed, Dec 15, 2010 at 2:43 PM, Joseph L. Casale jcas...@activenetwerx.com
 wrote:

  Lol, every mail you type starts with “jeffrey”, are you Mary, and do you
 actually handle all of jeffreys email or is Jeffrey an illeist?
 I get a small kick out of following this, lol…

 /me Thinks Joseph needs a Mary of his own, hehJ



 *From:* VIPCS [mailto:vi...@stny.rr.com]
 *Sent:* Wednesday, December 15, 2010 12:35 PM
 *To:* NT System Admin Issues
 *Subject:* RE: System Tool 2011 malware



 Jeffrey was confused by your “not buying it” comment.  No personal slights
 were intended.  Each of the other programs (except Vipre) found something,
 but it was left to combofix to actually resolve the basic issue of the
 keyboard not working.



 Sincerely,



 Jeffrey and Mary Jane Harris

 VIPCS


  --

 *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com]
 *Sent:* Wednesday, December 15, 2010 2:23 PM
 *To:* NT System Admin Issues
 *Subject:* Re: System Tool 2011 malware



 I didnt claim they are the end-all anything, and I certainly dont say so
 about Vipre - but Malwarebytes outshines ComboFix.  ComboFix is faster, but
 I have not found it to be more reliable in any provable sense.  In fact, my
 logs show the opposite.

 I also didnt claim anyone should have a static toolbag, or that ComboFix
 didnt fix the problem as described.  I was raising the issue that there were
 and perhaps still are other problems on that system that are preventing
 Malwarebytes from operating properly; which is something I often find on
 systems that are not running the registered (real-time) version of
 Malwarebytes.

 --
 ME2







 On Wed, Dec 15, 2010 at 11:09 AM, VIPCS vi...@stny.rr.com wrote:

 As Jeffrey recalls, he had to rename the MB executable just to allow it to
 run.  In any case, even if MB was blocked from operating optimally, you
 still cannot argue that combofix actually fixed the problem.



 Jeffrey raised this issue with Vipre support and they said they said the
 same thing – Vipre and MB are not the be-all and end-all for all malware,
 and sometimes specialized tools (such as combofix) are essential for some
 malware removal.



 Sincerely,



 Jeffrey and Mary Jane Harris

 VIPCS


  --

 *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com]
 *Sent:* Wednesday, December 15, 2010 2:02 PM


 *To:* NT System Admin Issues
 *Subject:* Re: System Tool 2011 malware



 Malwarebytes no, but ComboFix yes?  I'm not buying it.  Something else was
 happening that broke or blocked Mb from updating.

 --
 ME2







 On Wed, Dec 15, 2010 at 8:51 AM, VIPCS vi...@stny.rr.com wrote:

 Jeffrey had to fix malware on a user's system that infected the keyboard
 drivers, and prevent any keyboard from being used.  Combofix was the only
 tool that detected and fixed the issue (Jeffrey tried Vipre, Vipre Rescue,
 MalwareBytes, and the Microsoft Malicious Software Removal Tool).

 That Vipre never even detected the malware concerned Jeffrey more than
 anything else, even though Jeffrey knew it was malware because of numerous
 reports on the Internet of other users with the same issue.


 Sincerely,

 Jeffrey and Mary Jane Harris
 VIPCS


 -Original Message-

 From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu]
 Sent: Wednesday, December 15, 2010 11:07 AM
 To: NT System Admin Issues
 Subject: Re: System Tool 2011 malware

 Don't forget combofix - taken care of some things that can't be cleaned
 otherwise.

 
 Jack Kramer
 Computer Systems Specialist
 University Relations, Michigan State University
 w: 517-884-1231 / c: 248-635-4955




 On 12/15/10 10:37 AM, John Aldrich jaldr...@blueridgecarpet.com wrote:

 Thanks for the info, guys... I downloaded it and will start using it as
 part
 of my regular troubleshooting/cleaning toolkit. :-)
 
 
 
 From: Scott Weber [mailto:swe...@thanksal.com]
 Sent: Wednesday, December 15, 2010 10:24 AM
 To: NT System Admin Issues
 Subject: RE: System Tool 2011 malware
 
 James,
 Recently (this past weekend) found out about secunia PSI and I like it.
 
 +1
 
 Scott
 
 
 From: James Rankin [mailto:kz2...@googlemail.com]
 Sent: Wednesday, December 15, 2010 7:53 AM
 To: NT System Admin Issues
 Subject: Re: System Tool 2011 malware
 
 Secunia PSI FTWI've got that down as part of the standard toolset I
 put on home users' PCs now. It's also not too hard to use, which is a big
 plus for these kind of jobs
 On 15 December 2010 13:50, Erik Goldoff egold...@gmail.com wrote:
 I wonder the status of patching on his system, not just Microsoft but
 Adobe
 and other applications.  I've seen a bit of these fake av type malware
 gems
 arrive via suspected 'drive by' website visits, possibly from hitting
 flash/shockwave vulnerabilities on linked animated advertisements.
 
 
 Erik Goldoff
 IT  Consultant
 Systems, Networks,  Security
 
 '  Security is an ongoing process, not a one time event ! '

Re: OT : Holiday funny...

2010-12-15 Thread Jonathan Link 
Patton said a lot of the Internet commenters do not know all of the facts
surrounding the video.

I'm speculating here.  In other words, the snowman was built with the intent
of the bus crashing into it to make a good video.  The video seemed to be
too well planned from a timing perspective.  Yes, one could argue that a
random car might crash into it, creating a similar circumstance.  One could
also argue that a professional driver wouldn't purposely drive into oncoming
lane of traffic to hit an object, unless he was assured it would be safe.
Nice find, btw.
On Wed, Dec 15, 2010 at 2:28 PM, richardmccl...@aspca.org wrote:


 OK, since this is all in my little town (nothing to do with Paul Simon -
 the song writer or the late senator)...

 Here is from today's local newspaper.  Check out the name of the police
 lieutenant.  YOU CAN'T MAKE THIS STUFF UP!


 http://www.news-gazette.com/news/courts-police-and-fire/2010-12-15/transit-agency-says-viral-snowman-video-old-news.html
 --
 richard

 Kim Longenbaugh k...@colonialsavings.com wrote on 12/15/2010 11:23:20
 AM:


  The bus driver, while running his route,

   Decided to take Frosty out
  But he found to his shame
  That it wasn’t a game,
  And now a job he’s without.
 
  While driving his bus down the road
  He decided to be quite a toad
  His murder of Frosty
  To his job was quite costly
  The street will be his new abode.
 
  From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
  Sent: Wednesday, December 15, 2010 11:17 AM
  To: NT System Admin Issues
  Subject: RE: OT : Holiday funny...
 
  The bus driver was manic,
  while he rolled over Frosty’s neck.
  Now he’s quite benign,
  while he’s standing in line,
  waiting for his unemployment check.
 
 
  From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org]
  Sent: Wednesday, December 15, 2010 11:03 AM
  To: NT System Admin Issues
  Subject: Re: OT : Holiday funny...
 
 
  Need another verse about the driver - he was dismissed almost
 immediately:
 
  1. He crossed into the on-coming traffic lane
  2. He could not see if anything or anybody was behind the snow man
  3. He had no way to determine if there were rocks, posts, etc within
  the snow man
 
  Not such a happy holiday for him!
 
  Maglinger, Paul pmaglin...@scvl.com wrote on 12/15/2010 10:48:43 AM:
 
   Frosty the snowman,
   wasn't too quick on his feet.
   It was clearly his loss,
   when he tried to cross,
   in the middle of the street.
  
   http://www.nbcchicago.com/news/local-beat/champaign-urbana-bus-
   snowman-111815254.html?dr#ixzz1860nu92H
  
   -Paul
  
   ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
   ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
  
   ---
   To manage subscriptions click here: http://lyris.sunbelt-software.
   com/read/my_forums/
   or send an email to listmana...@lyris.sunbeltsoftware.com
   with the body: unsubscribe ntsysadmin
  
  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
  ---
  To manage subscriptions click here: http://lyris.sunbelt-software.
  com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin
  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
  ---
  To manage subscriptions click here: http://lyris.sunbelt-software.
  com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin
  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
  ---
  To manage subscriptions click here: http://lyris.sunbelt-software.
  com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Rename WDS Server?

2010-12-15 Thread Roger Wright 
We have a server now formally used for multiple services but now utilized
for Windows Deployment Services only.  We'd like to rename the box but are
concerned that this may break WDS.  Any experience along these lines?


Roger Wright
___

Never make hard what you can make easy. - Fred W. Frailey

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: EXTERNAL:Re: psexec wont' accept login/password to execute locally

2010-12-15 Thread Don Kuhlman 
Is the vb code on the system and in the path if not directly referenced in the 
psexec command?  I've also seen where wierd stuff like this happens, so I've 
set 
up batch jobs to copy the code and anything it may need to the target system in 
a directory, and then i launch the psexec pointing to that target path.


 




From: Micheal Espinola Jr michealespin...@gmail.com
To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
Sent: Wed, December 15, 2010 1:39:18 PM
Subject: Re: EXTERNAL:Re: psexec wont' accept login/password to execute locally

Is The filename, directory name, or volume label syntax is incorrect. a 
result 
from all attempts at PSEXEC use on that system? How about locally? It could be 
an issue with the service itself.

--
ME2






On Tue, Dec 14, 2010 at 2:49 PM, Alverson, Tom (XETRON) tom.alver...@ngc.com 
wrote:

The filename, directory name, or volume label syntax is incorrect.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


  
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

DriveSavers Data Recovery

2010-12-15 Thread Roger Wright 
Just thought I'd pass on a good report:

I've recently had a successful data recovery process with DriveSavers in
California.  Very professional, quick turn around, and thorough recovery
 (over 860 GB on a 1 TB dual-drive array with physical platter damage).

Not inexpensive ($4000+) but I did get a 10% discount via the link on the WD
site.


Roger Wright
___

Never make hard what you can make easy. - Fred W. Frailey

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: System Tool 2011 malware

2010-12-15 Thread John Aldrich 
I wasn't even using SpyBot to scan so much as to see what, in registry,
etc was set to start. What do you recommend that's got the nice, easy to use
interface listing what's set to start up automagically and allow you to
enable/disable with a simple click? That way you don't have to *delete* it,
just disable it from starting.



From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Wednesday, December 15, 2010 2:34 PM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

I would recommend other tools for startup scanning.  I mean this with all
sincerity, compared to other tools you can scan your system with, SBSD is a
waste of scanning time.  Its not top of the food chain anymore.  Also,
Tea-Timer (if utilized) is a major performance drag on your system, and its
not even a system service.  Ultimately, the security you get from SBSD
should not be trusted.

I think that autoruns would be a better tool for startup inspection - Its
fast and well organized.  A simple script can quickly open the hosts file
for you on any system. Scripts could also automate basic inspecting of the
hosts file contents being altered.

--
ME2




On Wed, Dec 15, 2010 at 11:21 AM, John Aldrich
jaldr...@blueridgecarpet.com wrote:
Well, SpyBot has a couple things going for it that the others don’t – the
ability to see what’s in the startup and the “hosts” file. Sure there are
other apps that’ll install a hosts file for you, but it’s really easy to do
with SpyBot, plus it’s easy to see what’s in the startup that *doesn't* show
up with MSCONFIG or simply looking at the startup folder in the start
menu. I could tell that something was auto-starting, but I couldn’t see what
it was without loading up SpyBot. :-)

I'll grant you that other things may do a better job of cleaning, but I
think it's still a useful tool.



From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
Sent: Wednesday, December 15, 2010 1:37 PM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware
SAFE MODE, SAFE MODE, SAFE MODE...

Forget SBSD, it sucks these days.  Malwarebytes, ESET, and Kasperky.  Use
those.  You'll get *everything*.

Use Live CD's if at all possible.  But, if you do, be aware of NTFS perms.

--
ME2




On Tue, Dec 14, 2010 at 7:47 PM, Steve Ens stevey...@gmail.com wrote:
Hey John
Are you asking how to fix it, or why Vipre didn't catch it?  If you're
trying to fix it, then logon as the administrator (or something other
than what the infected profile) and then run the tools...full scans.
Steve

On Tuesday, December 14, 2010, John Aldrich
jaldr...@blueridgecarpet.com wrote:
 I had a home user who called me to come work on his computer because it
 kept coming up with the system tool 2011 malware (very similar to the
 fake antivirus malware.)
 The system is Windows XP Media Edition, and had Vipre Home installed. I
ran
 Vipre Rescue yesterday and it supposedly cleaned some of it up, but as
soon
 as the user rebooted into normal mode, it was back. Today, I went back and
 ran MalwareBytes and SpyBot SD.  Neither apparently caught it, but
looking
 at the startup entries in SpyBot, I saw a random jumble of letters under
c:
 \documents and settings\all users\application data\ which, when I entered
 the directory in Windows Explorer, showed the icon for the System Tool
2011
 malware.
 Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I
 tried to submit a zip of it to the CW Sandbox, but got a response that it
 couldn't be analyzed...
 --
 Thanks,
 John Aldrich
 Blueridge Industries
 IT Manager

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage

LSI SATA RAID issue

2010-12-15 Thread Bill Humphries 
SO I have a client with HP ML310 with SATA drives running SBS 2003. The 
machine

has been slow and disks show severe fragmentation. They had a power issue
yesterday and when I was onsite and booted the machine I noticed that the
pre-windows load screen mentioned that the LSI array was failed or 
degraded.
It booted into windows before I had time to hit the function key and I 
couldn't
take it down any longer during business hours. Itmight have just been 
degraded due to power failure...or maybe something else.


I can't seem to find any way to see RAID status on this server while in
windows. I don't think the standard HP array manager software supports 
the LSI

onboard controller. Mt google-fu is failing. any way to see status of the
array without taking the machine down? Thanks for any input.

Bill

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: System Tool 2011 malware

2010-12-15 Thread John Aldrich 
Not trying to get argumentative here, but what tool would you use to replace
SpyBot's ability to see *everything* in the system startup? As I said, this
didn't show up in the MSCONFIG display, and I know SpyBot does a good job of
showing what's in the startup list, so that's what I use. If you can
recommend something else that easily and clearly shows what's set to
startup, I'll be more than happy to switch. I just don't know of anything
else, myself.



From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Wednesday, December 15, 2010 2:34 PM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

I would recommend other tools for startup scanning.  I mean this with all
sincerity, compared to other tools you can scan your system with, SBSD is a
waste of scanning time.  Its not top of the food chain anymore.  Also,
Tea-Timer (if utilized) is a major performance drag on your system, and its
not even a system service.  Ultimately, the security you get from SBSD
should not be trusted.

I think that autoruns would be a better tool for startup inspection - Its
fast and well organized.  A simple script can quickly open the hosts file
for you on any system. Scripts could also automate basic inspecting of the
hosts file contents being altered.

--
ME2




On Wed, Dec 15, 2010 at 11:21 AM, John Aldrich
jaldr...@blueridgecarpet.com wrote:
Well, SpyBot has a couple things going for it that the others don’t – the
ability to see what’s in the startup and the “hosts” file. Sure there are
other apps that’ll install a hosts file for you, but it’s really easy to do
with SpyBot, plus it’s easy to see what’s in the startup that *doesn't* show
up with MSCONFIG or simply looking at the startup folder in the start
menu. I could tell that something was auto-starting, but I couldn’t see what
it was without loading up SpyBot. :-)

I'll grant you that other things may do a better job of cleaning, but I
think it's still a useful tool.



From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
Sent: Wednesday, December 15, 2010 1:37 PM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware
SAFE MODE, SAFE MODE, SAFE MODE...

Forget SBSD, it sucks these days.  Malwarebytes, ESET, and Kasperky.  Use
those.  You'll get *everything*.

Use Live CD's if at all possible.  But, if you do, be aware of NTFS perms.

--
ME2




On Tue, Dec 14, 2010 at 7:47 PM, Steve Ens stevey...@gmail.com wrote:
Hey John
Are you asking how to fix it, or why Vipre didn't catch it?  If you're
trying to fix it, then logon as the administrator (or something other
than what the infected profile) and then run the tools...full scans.
Steve

On Tuesday, December 14, 2010, John Aldrich
jaldr...@blueridgecarpet.com wrote:
 I had a home user who called me to come work on his computer because it
 kept coming up with the system tool 2011 malware (very similar to the
 fake antivirus malware.)
 The system is Windows XP Media Edition, and had Vipre Home installed. I
ran
 Vipre Rescue yesterday and it supposedly cleaned some of it up, but as
soon
 as the user rebooted into normal mode, it was back. Today, I went back and
 ran MalwareBytes and SpyBot SD.  Neither apparently caught it, but
looking
 at the startup entries in SpyBot, I saw a random jumble of letters under
c:
 \documents and settings\all users\application data\ which, when I entered
 the directory in Windows Explorer, showed the icon for the System Tool
2011
 malware.
 Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I
 tried to submit a zip of it to the CW Sandbox, but got a response that it
 couldn't be analyzed...
 --
 Thanks,
 John Aldrich
 Blueridge Industries
 IT Manager

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful

Re: System Tool 2011 malware

2010-12-15 Thread Richard Stovall 
Autoruns.

Terrible name, great utility.

live.sysinternals.com


On Wed, Dec 15, 2010 at 3:18 PM, John Aldrich
jaldr...@blueridgecarpet.comwrote:

 I wasn't even using SpyBot to scan so much as to see what, in registry,
 etc was set to start. What do you recommend that's got the nice, easy to
 use
 interface listing what's set to start up automagically and allow you to
 enable/disable with a simple click? That way you don't have to *delete* it,
 just disable it from starting.



 From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
 Sent: Wednesday, December 15, 2010 2:34 PM
 To: NT System Admin Issues
 Subject: Re: System Tool 2011 malware

 I would recommend other tools for startup scanning.  I mean this with all
 sincerity, compared to other tools you can scan your system with, SBSD is
 a
 waste of scanning time.  Its not top of the food chain anymore.  Also,
 Tea-Timer (if utilized) is a major performance drag on your system, and its
 not even a system service.  Ultimately, the security you get from SBSD
 should not be trusted.

 I think that autoruns would be a better tool for startup inspection - Its
 fast and well organized.  A simple script can quickly open the hosts file
 for you on any system. Scripts could also automate basic inspecting of the
 hosts file contents being altered.

 --
 ME2




 On Wed, Dec 15, 2010 at 11:21 AM, John Aldrich
 jaldr...@blueridgecarpet.com wrote:
 Well, SpyBot has a couple things going for it that the others don’t – the
 ability to see what’s in the startup and the “hosts” file. Sure there are
 other apps that’ll install a hosts file for you, but it’s really easy to do
 with SpyBot, plus it’s easy to see what’s in the startup that *doesn't*
 show
 up with MSCONFIG or simply looking at the startup folder in the start
 menu. I could tell that something was auto-starting, but I couldn’t see
 what
 it was without loading up SpyBot. :-)

 I'll grant you that other things may do a better job of cleaning, but I
 think it's still a useful tool.



 From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
 Sent: Wednesday, December 15, 2010 1:37 PM
 To: NT System Admin Issues
 Subject: Re: System Tool 2011 malware
 SAFE MODE, SAFE MODE, SAFE MODE...

 Forget SBSD, it sucks these days.  Malwarebytes, ESET, and Kasperky.  Use
 those.  You'll get *everything*.

 Use Live CD's if at all possible.  But, if you do, be aware of NTFS perms.

 --
 ME2




 On Tue, Dec 14, 2010 at 7:47 PM, Steve Ens stevey...@gmail.com wrote:
 Hey John
 Are you asking how to fix it, or why Vipre didn't catch it?  If you're
 trying to fix it, then logon as the administrator (or something other
 than what the infected profile) and then run the tools...full scans.
 Steve

 On Tuesday, December 14, 2010, John Aldrich
 jaldr...@blueridgecarpet.com wrote:
  I had a home user who called me to come work on his computer because it
  kept coming up with the system tool 2011 malware (very similar to the
  fake antivirus malware.)
  The system is Windows XP Media Edition, and had Vipre Home installed. I
 ran
  Vipre Rescue yesterday and it supposedly cleaned some of it up, but as
 soon
  as the user rebooted into normal mode, it was back. Today, I went back
 and
  ran MalwareBytes and SpyBot SD.  Neither apparently caught it, but
 looking
  at the startup entries in SpyBot, I saw a random jumble of letters under
 c:
  \documents and settings\all users\application data\ which, when I entered
  the directory in Windows Explorer, showed the icon for the System Tool
 2011
  malware.
  Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I
  tried to submit a zip of it to the CW Sandbox, but got a response that it
  couldn't be analyzed...
  --
  Thanks,
  John Aldrich
  Blueridge Industries
  IT Manager
 
  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
  ---
  To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin
 

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:

Re: System Tool 2011 malware

2010-12-15 Thread RichardMcClary 
+1 on Autoruns!

Richard Stovall rich...@gmail.com wrote on 12/15/2010 02:20:47 PM:

 Autoruns.
  
 Terrible name, great utility.
  
 live.sysinternals.com
 

 On Wed, Dec 15, 2010 at 3:18 PM, John Aldrich 
jaldr...@blueridgecarpet.com
  wrote:
 I wasn't even using SpyBot to scan so much as to see what, in 
registry,
 etc was set to start. What do you recommend that's got the nice, easy to 
use
 interface listing what's set to start up automagically and allow you to
 enable/disable with a simple click? That way you don't have to *delete* 
it,
 just disable it from starting.
 
 
 
 From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
 Sent: Wednesday, December 15, 2010 2:34 PM
 To: NT System Admin Issues
 Subject: Re: System Tool 2011 malware
 
 I would recommend other tools for startup scanning.  I mean this with 
all
 sincerity, compared to other tools you can scan your system with, SBSD 
is a
 waste of scanning time.  Its not top of the food chain anymore.  Also,
 Tea-Timer (if utilized) is a major performance drag on your system, and 
its
 not even a system service.  Ultimately, the security you get from 
SBSD
 should not be trusted.
 
 I think that autoruns would be a better tool for startup inspection - 
Its
 fast and well organized.  A simple script can quickly open the hosts 
file
 for you on any system. Scripts could also automate basic inspecting of 
the
 hosts file contents being altered.
 
 --
 ME2
 
 
 
 
 On Wed, Dec 15, 2010 at 11:21 AM, John Aldrich
 jaldr...@blueridgecarpet.com wrote:
 Well, SpyBot has a couple things going for it that the others don?t ? 
the
 ability to see what?s in the startup and the ?hosts? file. Sure there 
are
 other apps that?ll install a hosts file for you, but it?s really easy to 
do
 with SpyBot, plus it?s easy to see what?s in the startup that *doesn't* 
show
 up with MSCONFIG or simply looking at the startup folder in the start
 menu. I could tell that something was auto-starting, but I couldn?t see 
what
 it was without loading up SpyBot. :-)
 
 I'll grant you that other things may do a better job of cleaning, but I
 think it's still a useful tool.
 
 
 
 From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
 Sent: Wednesday, December 15, 2010 1:37 PM
 To: NT System Admin Issues
 Subject: Re: System Tool 2011 malware
 SAFE MODE, SAFE MODE, SAFE MODE...
 
 Forget SBSD, it sucks these days.  Malwarebytes, ESET, and Kasperky.  
Use
 those.  You'll get *everything*.
 
 Use Live CD's if at all possible.  But, if you do, be aware of NTFS 
perms.
 
 --
 ME2
 
 
 
 
 On Tue, Dec 14, 2010 at 7:47 PM, Steve Ens stevey...@gmail.com wrote:
 Hey John
 Are you asking how to fix it, or why Vipre didn't catch it?  If you're
 trying to fix it, then logon as the administrator (or something other
 than what the infected profile) and then run the tools...full scans.
 Steve
 
 On Tuesday, December 14, 2010, John Aldrich
 jaldr...@blueridgecarpet.com wrote:
  I had a home user who called me to come work on his computer because 
it
  kept coming up with the system tool 2011 malware (very similar to 
the
  fake antivirus malware.)
  The system is Windows XP Media Edition, and had Vipre Home installed. 
I
 ran
  Vipre Rescue yesterday and it supposedly cleaned some of it up, but as
 soon
  as the user rebooted into normal mode, it was back. Today, I went back 
and
  ran MalwareBytes and SpyBot SD.  Neither apparently caught it, but
 looking
  at the startup entries in SpyBot, I saw a random jumble of letters 
under
 c:
  \documents and settings\all users\application data\ which, when I 
entered
  the directory in Windows Explorer, showed the icon for the System Tool
 2011
  malware.
  Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I
  tried to submit a zip of it to the CW Sandbox, but got a response that 
it
  couldn't be analyzed...
  --
  Thanks,
  John Aldrich
  Blueridge Industries
  IT Manager
 
  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
  ---
  To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin
 
 
 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin
 
 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin
 
 
 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~

Re: System Tool 2011 malware

2010-12-15 Thread Jonathan Link 
+*∞*

On Wed, Dec 15, 2010 at 3:20 PM, Richard Stovall rich...@gmail.com wrote:

 Autoruns.

 Terrible name, great utility.

 live.sysinternals.com


  On Wed, Dec 15, 2010 at 3:18 PM, John Aldrich 
 jaldr...@blueridgecarpet.com wrote:

 I wasn't even using SpyBot to scan so much as to see what, in registry,
 etc was set to start. What do you recommend that's got the nice, easy to
 use
 interface listing what's set to start up automagically and allow you to
 enable/disable with a simple click? That way you don't have to *delete*
 it,
 just disable it from starting.



  From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
 Sent: Wednesday, December 15, 2010 2:34 PM
 To: NT System Admin Issues
 Subject: Re: System Tool 2011 malware

 I would recommend other tools for startup scanning.  I mean this with all
 sincerity, compared to other tools you can scan your system with, SBSD is
 a
 waste of scanning time.  Its not top of the food chain anymore.  Also,
 Tea-Timer (if utilized) is a major performance drag on your system, and
 its
 not even a system service.  Ultimately, the security you get from SBSD
 should not be trusted.

 I think that autoruns would be a better tool for startup inspection - Its
 fast and well organized.  A simple script can quickly open the hosts file
 for you on any system. Scripts could also automate basic inspecting of the
 hosts file contents being altered.

 --
 ME2




 On Wed, Dec 15, 2010 at 11:21 AM, John Aldrich
 jaldr...@blueridgecarpet.com wrote:
 Well, SpyBot has a couple things going for it that the others don’t – the
 ability to see what’s in the startup and the “hosts” file. Sure there are
 other apps that’ll install a hosts file for you, but it’s really easy to
 do
 with SpyBot, plus it’s easy to see what’s in the startup that *doesn't*
 show
 up with MSCONFIG or simply looking at the startup folder in the start
 menu. I could tell that something was auto-starting, but I couldn’t see
 what
 it was without loading up SpyBot. :-)

 I'll grant you that other things may do a better job of cleaning, but I
 think it's still a useful tool.



 From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
 Sent: Wednesday, December 15, 2010 1:37 PM
 To: NT System Admin Issues
 Subject: Re: System Tool 2011 malware
 SAFE MODE, SAFE MODE, SAFE MODE...

 Forget SBSD, it sucks these days.  Malwarebytes, ESET, and Kasperky.  Use
 those.  You'll get *everything*.

 Use Live CD's if at all possible.  But, if you do, be aware of NTFS perms.

 --
 ME2




 On Tue, Dec 14, 2010 at 7:47 PM, Steve Ens stevey...@gmail.com wrote:
 Hey John
 Are you asking how to fix it, or why Vipre didn't catch it?  If you're
 trying to fix it, then logon as the administrator (or something other
 than what the infected profile) and then run the tools...full scans.
 Steve

 On Tuesday, December 14, 2010, John Aldrich
 jaldr...@blueridgecarpet.com wrote:
  I had a home user who called me to come work on his computer because it
  kept coming up with the system tool 2011 malware (very similar to the
  fake antivirus malware.)
  The system is Windows XP Media Edition, and had Vipre Home installed. I
 ran
  Vipre Rescue yesterday and it supposedly cleaned some of it up, but as
 soon
  as the user rebooted into normal mode, it was back. Today, I went back
 and
  ran MalwareBytes and SpyBot SD.  Neither apparently caught it, but
 looking
  at the startup entries in SpyBot, I saw a random jumble of letters under
 c:
  \documents and settings\all users\application data\ which, when I
 entered
  the directory in Windows Explorer, showed the icon for the System Tool
 2011
  malware.
  Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I
  tried to submit a zip of it to the CW Sandbox, but got a response that
 it
  couldn't be analyzed...
  --
  Thanks,
  John Aldrich
  Blueridge Industries
  IT Manager
 
  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
  ---
  To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin
 

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~

Re: LSI SATA RAID issue

2010-12-15 Thread Jonathan Link 
Reaching into my way back machine, I haven't touched an HP server in 8
years.
If the Agents are installed Insight Manager should be able to do this.
If the agents are not installed, IIRC installing will require a reboot.



On Wed, Dec 15, 2010 at 3:19 PM, Bill Humphries nt...@hedgedigger.comwrote:

 SO I have a client with HP ML310 with SATA drives running SBS 2003. The
 machine
 has been slow and disks show severe fragmentation. They had a power issue
 yesterday and when I was onsite and booted the machine I noticed that the
 pre-windows load screen mentioned that the LSI array was failed or
 degraded.
 It booted into windows before I had time to hit the function key and I
 couldn't
 take it down any longer during business hours. Itmight have just been
 degraded due to power failure...or maybe something else.

 I can't seem to find any way to see RAID status on this server while in
 windows. I don't think the standard HP array manager software supports the
 LSI
 onboard controller. Mt google-fu is failing. any way to see status of the
 array without taking the machine down? Thanks for any input.

 Bill

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: LSI SATA RAID issue

2010-12-15 Thread VIPCS 
Can you call HP Support and ask them the question?

Sincerely,
 
Jeffrey and Mary Jane Harris
VIPCS
 
-Original Message-
From: Bill Humphries [mailto:nt...@hedgedigger.com] 
Sent: Wednesday, December 15, 2010 3:20 PM
To: NT System Admin Issues
Subject: LSI SATA RAID issue

SO I have a client with HP ML310 with SATA drives running SBS 2003. The 
machine
has been slow and disks show severe fragmentation. They had a power issue
yesterday and when I was onsite and booted the machine I noticed that the
pre-windows load screen mentioned that the LSI array was failed or 
degraded.
It booted into windows before I had time to hit the function key and I 
couldn't
take it down any longer during business hours. Itmight have just been 
degraded due to power failure...or maybe something else.

I can't seem to find any way to see RAID status on this server while in
windows. I don't think the standard HP array manager software supports 
the LSI
onboard controller. Mt google-fu is failing. any way to see status of the
array without taking the machine down? Thanks for any input.

Bill

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: LSI SATA RAID issue

2010-12-15 Thread Bill Humphries 
Heh.  This thing is way out of warranty.  The SATA drives are atleast 4 
years old...so that adds tp my concern regarding array status.  They 
want to make it through this next tax season with this server.


VIPCS wrote:

Can you call HP Support and ask them the question?

Sincerely,
 
Jeffrey and Mary Jane Harris

VIPCS
 
-Original Message-
From: Bill Humphries [mailto:nt...@hedgedigger.com] 
Sent: Wednesday, December 15, 2010 3:20 PM

To: NT System Admin Issues
Subject: LSI SATA RAID issue

SO I have a client with HP ML310 with SATA drives running SBS 2003. The 
machine

has been slow and disks show severe fragmentation. They had a power issue
yesterday and when I was onsite and booted the machine I noticed that the
pre-windows load screen mentioned that the LSI array was failed or 
degraded.
It booted into windows before I had time to hit the function key and I 
couldn't
take it down any longer during business hours. Itmight have just been 
degraded due to power failure...or maybe something else.


I can't seem to find any way to see RAID status on this server while in
windows. I don't think the standard HP array manager software supports 
the LSI

onboard controller. Mt google-fu is failing. any way to see status of the
array without taking the machine down? Thanks for any input.

Bill

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

  



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: LSI SATA RAID issue

2010-12-15 Thread Kramer, Jack 
See if you can get them to sign something acknowledging that they're aware
their thriftiness is putting their data at risk.


Jack Kramer
Computer Systems Specialist
University Relations, Michigan State University
w: 517-884-1231 / c: 248-635-4955




On 12/15/10 3:47 PM, Bill Humphries nt...@hedgedigger.com wrote:

Heh.  This thing is way out of warranty.  The SATA drives are atleast 4
years old...so that adds tp my concern regarding array status.  They
want to make it through this next tax season with this server.

VIPCS wrote:
 Can you call HP Support and ask them the question?

 Sincerely,
  
 Jeffrey and Mary Jane Harris
 VIPCS
  
 -Original Message-
 From: Bill Humphries [mailto:nt...@hedgedigger.com]
 Sent: Wednesday, December 15, 2010 3:20 PM
 To: NT System Admin Issues
 Subject: LSI SATA RAID issue

 SO I have a client with HP ML310 with SATA drives running SBS 2003. The
 machine
 has been slow and disks show severe fragmentation. They had a power
issue
 yesterday and when I was onsite and booted the machine I noticed that
the
 pre-windows load screen mentioned that the LSI array was failed or
 degraded.
 It booted into windows before I had time to hit the function key and I
 couldn't
 take it down any longer during business hours. Itmight have just been
 degraded due to power failure...or maybe something else.

 I can't seem to find any way to see RAID status on this server while in
 windows. I don't think the standard HP array manager software supports
 the LSI
 onboard controller. Mt google-fu is failing. any way to see status of
the
 array without taking the machine down? Thanks for any input.

 Bill

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

   


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: LSI SATA RAID issue

2010-12-15 Thread Joseph L. Casale 
Like John said, if you have the smartpack installed, it will likely include the 
hpadu/acu (diagnostic/config utility) and you can query this info from it.
If not, you can fetch it online, not sure if it needs a reboot, I doubt it.
jlc

-Original Message-
From: Bill Humphries [mailto:nt...@hedgedigger.com] 
Sent: Wednesday, December 15, 2010 1:48 PM
To: NT System Admin Issues
Subject: Re: LSI SATA RAID issue

Heh.  This thing is way out of warranty.  The SATA drives are atleast 4 years 
old...so that adds tp my concern regarding array status.  They want to make it 
through this next tax season with this server.

VIPCS wrote:
 Can you call HP Support and ask them the question?

 Sincerely,
  
 Jeffrey and Mary Jane Harris
 VIPCS
  
 -Original Message-
 From: Bill Humphries [mailto:nt...@hedgedigger.com]
 Sent: Wednesday, December 15, 2010 3:20 PM
 To: NT System Admin Issues
 Subject: LSI SATA RAID issue

 SO I have a client with HP ML310 with SATA drives running SBS 2003. 
 The machine has been slow and disks show severe fragmentation. They 
 had a power issue yesterday and when I was onsite and booted the 
 machine I noticed that the pre-windows load screen mentioned that the 
 LSI array was failed or degraded.
 It booted into windows before I had time to hit the function key and I 
 couldn't take it down any longer during business hours. Itmight have 
 just been degraded due to power failure...or maybe something else.

 I can't seem to find any way to see RAID status on this server while 
 in windows. I don't think the standard HP array manager software 
 supports the LSI onboard controller. Mt google-fu is failing. any way 
 to see status of the array without taking the machine down? Thanks for 
 any input.

 Bill

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
 http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
 http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here: 
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

   


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: LSI SATA RAID issue

2010-12-15 Thread Jonathan Link 
Absofragginlutely nuts.
So, tax prep services.  Full accounting practice?  Provide bookkeeping and
accounting services?  What happens when operations stop due to a failure?
How much are they billing out daily?  During the tax season daily?  What's
the cost of downtime at their busiest point?
One would surmise that the cost of downtime would exceed the cost of a new
server, easily.


On Wed, Dec 15, 2010 at 3:47 PM, Bill Humphries nt...@hedgedigger.comwrote:

 Heh.  This thing is way out of warranty.  The SATA drives are atleast 4
 years old...so that adds tp my concern regarding array status.  They want to
 make it through this next tax season with this server.


 VIPCS wrote:

 Can you call HP Support and ask them the question?

 Sincerely,
  Jeffrey and Mary Jane Harris
 VIPCS
  -Original Message-
 From: Bill Humphries [mailto:nt...@hedgedigger.com] Sent: Wednesday,
 December 15, 2010 3:20 PM
 To: NT System Admin Issues
 Subject: LSI SATA RAID issue

 SO I have a client with HP ML310 with SATA drives running SBS 2003. The
 machine
 has been slow and disks show severe fragmentation. They had a power issue
 yesterday and when I was onsite and booted the machine I noticed that the
 pre-windows load screen mentioned that the LSI array was failed or
 degraded.
 It booted into windows before I had time to hit the function key and I
 couldn't
 take it down any longer during business hours. Itmight have just been
 degraded due to power failure...or maybe something else.

 I can't seem to find any way to see RAID status on this server while in
 windows. I don't think the standard HP array manager software supports the
 LSI
 onboard controller. Mt google-fu is failing. any way to see status of the
 array without taking the machine down? Thanks for any input.

 Bill

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin





 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: System Tool 2011 malware /OT

2010-12-15 Thread Jonathan Link 
We are pleased.
We are very pleased.

On Wed, Dec 15, 2010 at 2:58 PM, Richard Stovall rich...@gmail.com wrote:

 Richard learned a new word today.

 On Wed, Dec 15, 2010 at 2:43 PM, Joseph L. Casale 
 jcas...@activenetwerx.com wrote:

  Lol, every mail you type starts with “jeffrey”, are you Mary, and do you
 actually handle all of jeffreys email or is Jeffrey an illeist?
 I get a small kick out of following this, lol…

 /me Thinks Joseph needs a Mary of his own, hehJ



 *From:* VIPCS [mailto:vi...@stny.rr.com]
 *Sent:* Wednesday, December 15, 2010 12:35 PM
 *To:* NT System Admin Issues
 *Subject:* RE: System Tool 2011 malware



 Jeffrey was confused by your “not buying it” comment.  No personal slights
 were intended.  Each of the other programs (except Vipre) found something,
 but it was left to combofix to actually resolve the basic issue of the
 keyboard not working.



 Sincerely,



 Jeffrey and Mary Jane Harris

 VIPCS


  --

 *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com]
 *Sent:* Wednesday, December 15, 2010 2:23 PM
 *To:* NT System Admin Issues
 *Subject:* Re: System Tool 2011 malware



 I didnt claim they are the end-all anything, and I certainly dont say so
 about Vipre - but Malwarebytes outshines ComboFix.  ComboFix is faster, but
 I have not found it to be more reliable in any provable sense.  In fact, my
 logs show the opposite.

 I also didnt claim anyone should have a static toolbag, or that ComboFix
 didnt fix the problem as described.  I was raising the issue that there were
 and perhaps still are other problems on that system that are preventing
 Malwarebytes from operating properly; which is something I often find on
 systems that are not running the registered (real-time) version of
 Malwarebytes.

 --
 ME2







 On Wed, Dec 15, 2010 at 11:09 AM, VIPCS vi...@stny.rr.com wrote:

 As Jeffrey recalls, he had to rename the MB executable just to allow it to
 run.  In any case, even if MB was blocked from operating optimally, you
 still cannot argue that combofix actually fixed the problem.



 Jeffrey raised this issue with Vipre support and they said they said the
 same thing – Vipre and MB are not the be-all and end-all for all malware,
 and sometimes specialized tools (such as combofix) are essential for some
 malware removal.



 Sincerely,



 Jeffrey and Mary Jane Harris

 VIPCS


  --

 *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com]
 *Sent:* Wednesday, December 15, 2010 2:02 PM


 *To:* NT System Admin Issues
 *Subject:* Re: System Tool 2011 malware



 Malwarebytes no, but ComboFix yes?  I'm not buying it.  Something else was
 happening that broke or blocked Mb from updating.

 --
 ME2







 On Wed, Dec 15, 2010 at 8:51 AM, VIPCS vi...@stny.rr.com wrote:

 Jeffrey had to fix malware on a user's system that infected the keyboard
 drivers, and prevent any keyboard from being used.  Combofix was the only
 tool that detected and fixed the issue (Jeffrey tried Vipre, Vipre Rescue,
 MalwareBytes, and the Microsoft Malicious Software Removal Tool).

 That Vipre never even detected the malware concerned Jeffrey more than
 anything else, even though Jeffrey knew it was malware because of numerous
 reports on the Internet of other users with the same issue.


 Sincerely,

 Jeffrey and Mary Jane Harris
 VIPCS


 -Original Message-

 From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu]
 Sent: Wednesday, December 15, 2010 11:07 AM
 To: NT System Admin Issues
 Subject: Re: System Tool 2011 malware

 Don't forget combofix - taken care of some things that can't be cleaned
 otherwise.

 
 Jack Kramer
 Computer Systems Specialist
 University Relations, Michigan State University
 w: 517-884-1231 / c: 248-635-4955




 On 12/15/10 10:37 AM, John Aldrich jaldr...@blueridgecarpet.com
 wrote:

 Thanks for the info, guys... I downloaded it and will start using it as
 part
 of my regular troubleshooting/cleaning toolkit. :-)
 
 
 
 From: Scott Weber [mailto:swe...@thanksal.com]
 Sent: Wednesday, December 15, 2010 10:24 AM
 To: NT System Admin Issues
 Subject: RE: System Tool 2011 malware
 
 James,
 Recently (this past weekend) found out about secunia PSI and I like it.
 
 +1
 
 Scott
 
 
 From: James Rankin [mailto:kz2...@googlemail.com]
 Sent: Wednesday, December 15, 2010 7:53 AM
 To: NT System Admin Issues
 Subject: Re: System Tool 2011 malware
 
 Secunia PSI FTWI've got that down as part of the standard toolset I
 put on home users' PCs now. It's also not too hard to use, which is a big
 plus for these kind of jobs
 On 15 December 2010 13:50, Erik Goldoff egold...@gmail.com wrote:
 I wonder the status of patching on his system, not just Microsoft but
 Adobe
 and other applications.  I've seen a bit of these fake av type malware
 gems
 arrive via suspected 'drive by' website visits, possibly from hitting
 flash/shockwave vulnerabilities on linked animated advertisements.
 
 
 Erik Goldoff
 IT

RE: LSI SATA RAID issue

2010-12-15 Thread VIPCS 
Even if it is out of warranty, the worst that HP will do is say sorry, the
server is out of warranty; I cannot provide you with assistance..

Usually you can tell the drive status by looking at the lights on the
drives.  If they are hot pluggable and there is a RAID configuration, you
can swap out a drive (if you have a spare).

Sincerely,
 
Jeffrey and Mary Jane Harris
VIPCS
 

-Original Message-
From: Bill Humphries [mailto:nt...@hedgedigger.com] 
Sent: Wednesday, December 15, 2010 3:48 PM
To: NT System Admin Issues
Subject: Re: LSI SATA RAID issue

Heh.  This thing is way out of warranty.  The SATA drives are atleast 4 
years old...so that adds tp my concern regarding array status.  They 
want to make it through this next tax season with this server.

VIPCS wrote:
 Can you call HP Support and ask them the question?

 Sincerely,
  
 Jeffrey and Mary Jane Harris
 VIPCS
  
 -Original Message-
 From: Bill Humphries [mailto:nt...@hedgedigger.com] 
 Sent: Wednesday, December 15, 2010 3:20 PM
 To: NT System Admin Issues
 Subject: LSI SATA RAID issue

 SO I have a client with HP ML310 with SATA drives running SBS 2003. The 
 machine
 has been slow and disks show severe fragmentation. They had a power issue
 yesterday and when I was onsite and booted the machine I noticed that the
 pre-windows load screen mentioned that the LSI array was failed or 
 degraded.
 It booted into windows before I had time to hit the function key and I 
 couldn't
 take it down any longer during business hours. Itmight have just been 
 degraded due to power failure...or maybe something else.

 I can't seem to find any way to see RAID status on this server while in
 windows. I don't think the standard HP array manager software supports 
 the LSI
 onboard controller. Mt google-fu is failing. any way to see status of the
 array without taking the machine down? Thanks for any input.

 Bill

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

   


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Vista Printing and GPP

2010-12-15 Thread James Hill 
Glad you got it sorted.  FWIW, 7 has its issues too :)

From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Thursday, 16 December 2010 2:56 AM
To: NT System Admin Issues
Subject: RE: Vista Printing and GPP

James,
I have tried (based on Google/technet forum searches)  enabling it in user and 
computer sections (I understand Win7 moved PP from user to Computer) and 
disabling it altogether.

Disabling it finally worked, so long as you Created and did not Replace it, 
so much for housekeeping...

Fsck, I hate Vista:( I used XP until 7 came out and just skipped it altogether 
for my own wkst's.

Thanks bud,
jlc

From: James Hill [mailto:james.h...@superamart.com.au]
Sent: Tuesday, December 14, 2010 9:02 PM
To: NT System Admin Issues
Subject: RE: Vista Printing and GPP

Ok, next question, what are the GPP settings for your test case?

From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Wednesday, 15 December 2010 1:56 PM
To: NT System Admin Issues
Subject: RE: Vista Printing and GPP

Same user, and no prompts.
Thanks!
jlc

From: James Hill [mailto:james.h...@superamart.com.au]
Sent: Tuesday, December 14, 2010 6:41 PM
To: NT System Admin Issues
Subject: RE: Vista Printing and GPP

When you are browsing to the server are you using the same user account that 
fails with GPP?

Also when browsing to the server do you receive any elevation prompts?

From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Wednesday, 15 December 2010 8:47 AM
To: NT System Admin Issues
Subject: RE: Vista Printing and GPP

So this gets sillier, a fresh vista machine w/o the driver installed can browse 
to the server and double click the printer and it installs fine.
Using GPP's, it wont, it hangs the login?

Any ideas?

Thanks,
jlc

From: James Hill [mailto:james.h...@superamart.com.au]
Sent: Monday, December 13, 2010 3:15 PM
To: NT System Admin Issues
Subject: RE: Vista Printing and GPP

Never heard of that requirement(on the server).

So once the driver is installed it works ok?  If so then you could certainly 
use a script as you mentioned.  Or possibly even add them to your SOE/MOE at 
the start.

From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Tuesday, 14 December 2010 8:13 AM
To: NT System Admin Issues
Subject: RE: Vista Printing and GPP

Bug w/ Vista, spent a few weeks w/ PSS and they agreed, group policies are in 
order, it's just lousy Vista.

Oddly enough, one pss agent said the Point and Print Restrictions policy needs 
to be applied on the print server itself? Was such a long a tiring case.

From: James Hill [mailto:james.h...@superamart.com.au]
Sent: Monday, December 13, 2010 3:02 PM
To: NT System Admin Issues
Subject: RE: Vista Printing and GPP

If it works for Win 7 it should work for Vista.

Are the Win7  Vista machines getting the same Group Policies applied, in 
particular the Point and Print Restrictions policy?

From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Tuesday, 14 December 2010 5:06 AM
To: NT System Admin Issues
Subject: Vista Printing and GPP

Speaking of printing, I have a mix of XP/Vista/Win7 clients and use GPP's to 
setup printers for them.
The XP and Win7 machines work well with the non-packaged drivers, but Vista 
does all kinds of things from plain not installing some to hanging at login for 
others.

I was thinking about creating a startup script with a `rundll32 
printui.dll,PrintUIEntry /ia` command to get the driver installed, seem like 
the best approach?

This is for the PCL6 drivers for a Ricoh MP 6001 and 2060 SP.

Thanks!
jlc

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the

RE: System Tool 2011 malware

2010-12-15 Thread Erik Goldoff 
Already stated :
I think that autoruns would be a better tool for startup inspection
Part of the sysinternals tools.


Erik Goldoff
IT  Consultant
Systems, Networks,  Security 

'  Security is an ongoing process, not a one time event ! '



-Original Message-
From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Wednesday, December 15, 2010 3:20 PM
To: NT System Admin Issues
Subject: RE: System Tool 2011 malware

Not trying to get argumentative here, but what tool would you use to replace
SpyBot's ability to see *everything* in the system startup? As I said, this
didn't show up in the MSCONFIG display, and I know SpyBot does a good job of
showing what's in the startup list, so that's what I use. If you can
recommend something else that easily and clearly shows what's set to
startup, I'll be more than happy to switch. I just don't know of anything
else, myself.



From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Wednesday, December 15, 2010 2:34 PM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

I would recommend other tools for startup scanning.  I mean this with all
sincerity, compared to other tools you can scan your system with, SBSD is a
waste of scanning time.  Its not top of the food chain anymore.  Also,
Tea-Timer (if utilized) is a major performance drag on your system, and its
not even a system service.  Ultimately, the security you get from SBSD
should not be trusted.

I think that autoruns would be a better tool for startup inspection - Its
fast and well organized.  A simple script can quickly open the hosts file
for you on any system. Scripts could also automate basic inspecting of the
hosts file contents being altered.

--
ME2




On Wed, Dec 15, 2010 at 11:21 AM, John Aldrich
jaldr...@blueridgecarpet.com wrote:
Well, SpyBot has a couple things going for it that the others don’t – the
ability to see what’s in the startup and the “hosts” file. Sure there are
other apps that’ll install a hosts file for you, but it’s really easy to do
with SpyBot, plus it’s easy to see what’s in the startup that *doesn't* show
up with MSCONFIG or simply looking at the startup folder in the start
menu. I could tell that something was auto-starting, but I couldn’t see what
it was without loading up SpyBot. :-)

I'll grant you that other things may do a better job of cleaning, but I
think it's still a useful tool.



From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
Sent: Wednesday, December 15, 2010 1:37 PM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware
SAFE MODE, SAFE MODE, SAFE MODE...

Forget SBSD, it sucks these days.  Malwarebytes, ESET, and Kasperky.  Use
those.  You'll get *everything*.

Use Live CD's if at all possible.  But, if you do, be aware of NTFS perms.

--
ME2




On Tue, Dec 14, 2010 at 7:47 PM, Steve Ens stevey...@gmail.com wrote:
Hey John
Are you asking how to fix it, or why Vipre didn't catch it?  If you're
trying to fix it, then logon as the administrator (or something other
than what the infected profile) and then run the tools...full scans.
Steve

On Tuesday, December 14, 2010, John Aldrich
jaldr...@blueridgecarpet.com wrote:
 I had a home user who called me to come work on his computer because it
 kept coming up with the system tool 2011 malware (very similar to the
 fake antivirus malware.)
 The system is Windows XP Media Edition, and had Vipre Home installed. I
ran
 Vipre Rescue yesterday and it supposedly cleaned some of it up, but as
soon
 as the user rebooted into normal mode, it was back. Today, I went back and
 ran MalwareBytes and SpyBot SD.  Neither apparently caught it, but
looking
 at the startup entries in SpyBot, I saw a random jumble of letters under
c:
 \documents and settings\all users\application data\ which, when I entered
 the directory in Windows Explorer, showed the icon for the System Tool
2011
 malware.
 Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I
 tried to submit a zip of it to the CW Sandbox, but got a response that it
 couldn't be analyzed...
 --
 Thanks,
 John Aldrich
 Blueridge Industries
 IT Manager

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or

Switches

2010-12-15 Thread Tom Miller 
Folks,
 
I'm in the market for a few new switches for a new remote office.  1 GIG with 
POE will be fine for this site.   I don't need anything fancy, just basic L3 
and VLANs.   In the past I've used 3COM 5500G series, but this time I'm 
thinking HP since you folks on this list seem to give HP switches high reviews. 
 
 
Looking at the various HP switches, I think the E2910al series will due.  It's 
hard to tell looking at HPs site the differences between the E2910 and the A 
series.  Both are listed as fixed port L3 managed ethernet switches.  
 
Any of you HP folks care to clarify this for me?  
 
Regards,
Tom

Confidentiality Notice:  This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information.  Any unauthorized review, use, disclosure, or 
distribution is prohibited.  If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Switches

2010-12-15 Thread Richard Stovall 
Try the comparison tool at:
http://h17007.www1.hp.com/us/en/products/switches/selector/index.aspx


On Wed, Dec 15, 2010 at 4:04 PM, Tom Miller tmil...@hnncsb.org wrote:

  Folks,

 I'm in the market for a few new switches for a new remote office.  1 GIG
 with POE will be fine for this site.   I don't need anything fancy, just
 basic L3 and VLANs.   In the past I've used 3COM 5500G series, but this time
 I'm thinking HP since you folks on this list seem to give HP switches high
 reviews.

 Looking at the various HP switches, I think the E2910al series will due.
 It's hard to tell looking at HPs site the differences between the E2910 and
 the A series.  Both are listed as fixed port L3 managed ethernet
 switches.

 Any of you HP folks care to clarify this for me?

 Regards,
 Tom

 Confidentiality Notice: This e-mail message, including attachments, is for
 the sole use of the intended recipient(s) and may contain confidential and
 privileged information. Any unauthorized review, use, disclosure, or
 distribution is prohibited. If you are not the intended recipient, please
 contact the sender by reply e-mail and destroy all copies of the original
 message.

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Switches

2010-12-15 Thread Tom Miller 
Thanks, funny thing is the utility recommended the E5500G - my 3COM switch that 
HP sells!  

 Richard Stovall rich...@gmail.com 12/15/2010 4:08 PM 
Try the comparison tool at: 
http://h17007.www1.hp.com/us/en/products/switches/selector/index.aspx

On Wed, Dec 15, 2010 at 4:04 PM, Tom Miller tmil...@hnncsb.org wrote:


Folks,
I'm in the market for a few new switches for a new remote office. 1 GIG with 
POE will be fine for this site. I don't need anything fancy, just basic L3 and 
VLANs. In the past I've used 3COM 5500G series, but this time I'm thinking HP 
since you folks on this list seem to give HP switches high reviews. 
Looking at the various HP switches, I think the E2910al series will due. It's 
hard to tell looking at HPs site the differences between the E2910 and the A 
series. Both are listed as fixed port L3 managed ethernet switches. 
Any of you HP folks care to clarify this for me? 
Regards,
Tom


Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message. 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
Confidentiality Notice:  This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information.  Any unauthorized review, use, disclosure, or 
distribution is prohibited.  If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Switches

2010-12-15 Thread Richard Stovall 
When I put in Fixed port, blank for port count, Smart Managed, Layer 3 lite,
Gigabit Cooper, blank for uplink type, PoE, and blank for HA, I come up with
V1910-24G-PoE(170W) and V1910-24G-PoE(365W).

Note that the V series doesn't appear to have that fantabulous lifetime
warranty everyone loves.



On Wed, Dec 15, 2010 at 4:11 PM, Tom Miller tmil...@hnncsb.org wrote:

 Thanks, funny thing is the utility recommended the E5500G - my 3COM switch
 that HP sells!

  Richard Stovall rich...@gmail.com 12/15/2010 4:08 PM 

 Try the comparison tool at:
 http://h17007.www1.hp.com/us/en/products/switches/selector/index.aspx

 On Wed, Dec 15, 2010 at 4:04 PM, Tom Miller tmil...@hnncsb.org wrote:

  Folks,
  I'm in the market for a few new switches for a new remote office. 1 GIG
 with POE will be fine for this site. I don't need anything fancy, just basic
 L3 and VLANs. In the past I've used 3COM 5500G series, but this time I'm
 thinking HP since you folks on this list seem to give HP switches high
 reviews.
  Looking at the various HP switches, I think the E2910al series will due.
 It's hard to tell looking at HPs site the differences between the E2910 and
 the A series. Both are listed as fixed port L3 managed ethernet switches.
  Any of you HP folks care to clarify this for me?
  Regards,
 Tom

 Confidentiality Notice: This e-mail message, including attachments, is for
 the sole use of the intended recipient(s) and may contain confidential and
 privileged information. Any unauthorized review, use, disclosure, or
 distribution is prohibited. If you are not the intended recipient, please
 contact the sender by reply e-mail and destroy all copies of the original
 message.

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

 Confidentiality Notice: This e-mail message, including attachments, is for
 the sole use of the intended recipient(s) and may contain confidential and
 privileged information. Any unauthorized review, use, disclosure, or
 distribution is prohibited. If you are not the intended recipient, please
 contact the sender by reply e-mail and destroy all copies of the original
 message.

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Switches

2010-12-15 Thread Cameron 
Just as a point of interest...I was told that Cisco has a 24 port POE switch
on promo right now (In Canada at least)



On Wed, Dec 15, 2010 at 4:18 PM, Richard Stovall rich...@gmail.com wrote:

 When I put in Fixed port, blank for port count, Smart Managed, Layer 3
 lite, Gigabit Cooper, blank for uplink type, PoE, and blank for HA, I come
 up with V1910-24G-PoE(170W) and V1910-24G-PoE(365W).

 Note that the V series doesn't appear to have that fantabulous lifetime
 warranty everyone loves.



 On Wed, Dec 15, 2010 at 4:11 PM, Tom Miller tmil...@hnncsb.org wrote:

 Thanks, funny thing is the utility recommended the E5500G - my 3COM switch
 that HP sells!

  Richard Stovall rich...@gmail.com 12/15/2010 4:08 PM 

 Try the comparison tool at:
 http://h17007.www1.hp.com/us/en/products/switches/selector/index.aspx

 On Wed, Dec 15, 2010 at 4:04 PM, Tom Miller tmil...@hnncsb.org wrote:

  Folks,
  I'm in the market for a few new switches for a new remote office. 1 GIG
 with POE will be fine for this site. I don't need anything fancy, just basic
 L3 and VLANs. In the past I've used 3COM 5500G series, but this time I'm
 thinking HP since you folks on this list seem to give HP switches high
 reviews.
  Looking at the various HP switches, I think the E2910al series will
 due. It's hard to tell looking at HPs site the differences between the E2910
 and the A series. Both are listed as fixed port L3 managed ethernet
 switches.
  Any of you HP folks care to clarify this for me?
  Regards,
 Tom

 Confidentiality Notice: This e-mail message, including attachments, is
 for the sole use of the intended recipient(s) and may contain confidential
 and privileged information. Any unauthorized review, use, disclosure, or
 distribution is prohibited. If you are not the intended recipient, please
 contact the sender by reply e-mail and destroy all copies of the original
 message.

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

 Confidentiality Notice: This e-mail message, including attachments, is for
 the sole use of the intended recipient(s) and may contain confidential and
 privileged information. Any unauthorized review, use, disclosure, or
 distribution is prohibited. If you are not the intended recipient, please
 contact the sender by reply e-mail and destroy all copies of the original
 message.

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Removing internal host and IP addresses from message headers

2010-12-15 Thread Sam Cayze 
In my upgrade to Exchange 2010, I noticed internal stuff is back in the
headers.  I remember back in the day it was good practice to remove this.

What the take on this now?  This is an interesting article on the pros and
cons.  but I'm still not quite sure.  Doesn't feel right leaving them in
there.

http://exchangepedia.com/blog/2008/05/removing-internal-host-names-and-ip.ht
ml 

Sam


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: System Tool 2011 malware

2010-12-15 Thread IS Technical 
John,

On Wed, 15 Dec 2010 15:20:24 -0500, John Aldrich wrote:

Not trying to get argumentative here, but what tool 
would you use to replace
SpyBot's ability to see *everything* in the system 
startup? As I said, this
didn't show up in the MSCONFIG display, and I know 
SpyBot does a good job of
showing what's in the startup list, so that's what I 
use. If you can
recommend something else that easily and clearly shows 
what's set to
startup, I'll be more than happy to switch. I just don't 
know of anything
else, myself.

I've been using Mike Lin's StartupMonitor for many years. 
A great tool which uses very few system resoucres.

http://www.mlin.net/StartupMonitor.shtml

I use it in conjunction with his Startup Control Panel

http://www.mlin.net/StartupCPL.shtml

Another great (but more complex tool) I like is Mark 
Jacobs' MJ Registry Watcher

http://www.jacobsm.com/mjsoft.htm#rgwtchr




From: Micheal Espinola Jr 
[mailto:michealespin...@gmail.com] 
Sent: Wednesday, December 15, 2010 2:34 PM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware

I would recommend other tools for startup scanning.  I 
mean this with all
sincerity, compared to other tools you can scan your 
system with, SBSD is a
waste of scanning time.  Its not top of the food chain 
anymore.  Also,
Tea-Timer (if utilized) is a major performance drag on 
your system, and its
not even a system service.  Ultimately, the security 
you get from SBSD
should not be trusted.

I think that autoruns would be a better tool for startup 
inspection - Its
fast and well organized.  A simple script can quickly 
open the hosts file
for you on any system. Scripts could also automate basic 
inspecting of the
hosts file contents being altered.

--
ME2




On Wed, Dec 15, 2010 at 11:21 AM, John Aldrich
jaldr...@blueridgecarpet.com wrote:
Well, SpyBot has a couple things going for it that the 
others dont  the
ability to see whats in the startup and the hosts 
file. Sure there are
other apps thatll install a hosts file for you, but 
its really easy to do
with SpyBot, plus its easy to see whats in the startup 
that *doesn't* show
up with MSCONFIG or simply looking at the startup 
folder in the start
menu. I could tell that something was auto-starting, but 
I couldnt see what
it was without loading up SpyBot. :-)

I'll grant you that other things may do a better job of 
cleaning, but I
think it's still a useful tool.



From: Micheal Espinola Jr 
[mailto:michealespin...@gmail.com]
Sent: Wednesday, December 15, 2010 1:37 PM
To: NT System Admin Issues
Subject: Re: System Tool 2011 malware
SAFE MODE, SAFE MODE, SAFE MODE...

Forget SBSD, it sucks these days.  Malwarebytes, ESET, 
and Kasperky.  Use
those.  You'll get *everything*.

Use Live CD's if at all possible.  But, if you do, be 
aware of NTFS perms.

--
ME2




On Tue, Dec 14, 2010 at 7:47 PM, Steve Ens 
stevey...@gmail.com wrote:
Hey John
Are you asking how to fix it, or why Vipre didn't catch 
it?  If you're
trying to fix it, then logon as the administrator (or 
something other
than what the infected profile) and then run the 
tools...full scans.
Steve

On Tuesday, December 14, 2010, John Aldrich
jaldr...@blueridgecarpet.com wrote:
 I had a home user who called me to come work on his 
computer because it
 kept coming up with the system tool 2011 malware 
(very similar to the
 fake antivirus malware.)
 The system is Windows XP Media Edition, and had Vipre 
Home installed. I
ran
 Vipre Rescue yesterday and it supposedly cleaned some 
of it up, but as
soon
 as the user rebooted into normal mode, it was back. 
Today, I went back and
 ran MalwareBytes and SpyBot SD.  Neither apparently 
caught it, but
looking
 at the startup entries in SpyBot, I saw a random 
jumble of letters under
c:
 \documents and settings\all users\application data\ 
which, when I entered
 the directory in Windows Explorer, showed the icon for 
the System Tool
2011
 malware.
 Anyone got any clue why Vipre Rescue and Vipre Home 
didn't catch it? I
 tried to submit a zip of it to the CW Sandbox, but got 
a response that it
 couldn't be analyzed...
 --
 Thanks,
 John Aldrich
 Blueridge Industries
 IT Manager

 ~ Finally, powerful endpoint security that ISN'T a 
resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-
Enterprise/  ~

 ---
 To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to 
listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a 
resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-
Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a 
resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-
Enterprise/  ~

---
To manage subscriptions click here:

Re: LSI SATA RAID issue

2010-12-15 Thread Bill Humphries 
ACU is already on the box and doesn't see the array.  I don't think it 
works with that controller.



Joseph L. Casale wrote:

Like John said, if you have the smartpack installed, it will likely include the 
hpadu/acu (diagnostic/config utility) and you can query this info from it.
If not, you can fetch it online, not sure if it needs a reboot, I doubt it.
jlc

-Original Message-
From: Bill Humphries [mailto:nt...@hedgedigger.com] 
Sent: Wednesday, December 15, 2010 1:48 PM

To: NT System Admin Issues
Subject: Re: LSI SATA RAID issue

Heh.  This thing is way out of warranty.  The SATA drives are atleast 4 years 
old...so that adds tp my concern regarding array status.  They want to make it 
through this next tax season with this server.

VIPCS wrote:
  

Can you call HP Support and ask them the question?

Sincerely,
 
Jeffrey and Mary Jane Harris

VIPCS
 
-Original Message-

From: Bill Humphries [mailto:nt...@hedgedigger.com]
Sent: Wednesday, December 15, 2010 3:20 PM
To: NT System Admin Issues
Subject: LSI SATA RAID issue

SO I have a client with HP ML310 with SATA drives running SBS 2003. 
The machine has been slow and disks show severe fragmentation. They 
had a power issue yesterday and when I was onsite and booted the 
machine I noticed that the pre-windows load screen mentioned that the 
LSI array was failed or degraded.
It booted into windows before I had time to hit the function key and I 
couldn't take it down any longer during business hours. Itmight have 
just been degraded due to power failure...or maybe something else.


I can't seem to find any way to see RAID status on this server while 
in windows. I don't think the standard HP array manager software 
supports the LSI onboard controller. Mt google-fu is failing. any way 
to see status of the array without taking the machine down? Thanks for 
any input.


Bill

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/

or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

  




~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


  



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: System Tool 2011 malware /OT

2010-12-15 Thread Richard Stovall 
Richard thinks that might be the royal illeism y'all are using.

On Wed, Dec 15, 2010 at 3:55 PM, Jonathan Link jonathan.l...@gmail.comwrote:

 We are pleased.
 We are very pleased.

 On Wed, Dec 15, 2010 at 2:58 PM, Richard Stovall rich...@gmail.comwrote:

 Richard learned a new word today.

 On Wed, Dec 15, 2010 at 2:43 PM, Joseph L. Casale 
 jcas...@activenetwerx.com wrote:

  Lol, every mail you type starts with “jeffrey”, are you Mary, and do
 you actually handle all of jeffreys email or is Jeffrey an illeist?
 I get a small kick out of following this, lol…

 /me Thinks Joseph needs a Mary of his own, hehJ



 *From:* VIPCS [mailto:vi...@stny.rr.com]
 *Sent:* Wednesday, December 15, 2010 12:35 PM
 *To:* NT System Admin Issues
 *Subject:* RE: System Tool 2011 malware



 Jeffrey was confused by your “not buying it” comment.  No personal
 slights were intended.  Each of the other programs (except Vipre) found
 something, but it was left to combofix to actually resolve the basic issue
 of the keyboard not working.



 Sincerely,



 Jeffrey and Mary Jane Harris

 VIPCS


  --

 *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com]
 *Sent:* Wednesday, December 15, 2010 2:23 PM
 *To:* NT System Admin Issues
 *Subject:* Re: System Tool 2011 malware



 I didnt claim they are the end-all anything, and I certainly dont say so
 about Vipre - but Malwarebytes outshines ComboFix.  ComboFix is faster, but
 I have not found it to be more reliable in any provable sense.  In fact, my
 logs show the opposite.

 I also didnt claim anyone should have a static toolbag, or that ComboFix
 didnt fix the problem as described.  I was raising the issue that there were
 and perhaps still are other problems on that system that are preventing
 Malwarebytes from operating properly; which is something I often find on
 systems that are not running the registered (real-time) version of
 Malwarebytes.

 --
 ME2







 On Wed, Dec 15, 2010 at 11:09 AM, VIPCS vi...@stny.rr.com wrote:

 As Jeffrey recalls, he had to rename the MB executable just to allow it
 to run.  In any case, even if MB was blocked from operating optimally, you
 still cannot argue that combofix actually fixed the problem.



 Jeffrey raised this issue with Vipre support and they said they said the
 same thing – Vipre and MB are not the be-all and end-all for all malware,
 and sometimes specialized tools (such as combofix) are essential for some
 malware removal.



 Sincerely,



 Jeffrey and Mary Jane Harris

 VIPCS


  --

 *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com]
 *Sent:* Wednesday, December 15, 2010 2:02 PM


 *To:* NT System Admin Issues
 *Subject:* Re: System Tool 2011 malware



 Malwarebytes no, but ComboFix yes?  I'm not buying it.  Something else
 was happening that broke or blocked Mb from updating.

 --
 ME2







 On Wed, Dec 15, 2010 at 8:51 AM, VIPCS vi...@stny.rr.com wrote:

 Jeffrey had to fix malware on a user's system that infected the keyboard
 drivers, and prevent any keyboard from being used.  Combofix was the only
 tool that detected and fixed the issue (Jeffrey tried Vipre, Vipre
 Rescue,
 MalwareBytes, and the Microsoft Malicious Software Removal Tool).

 That Vipre never even detected the malware concerned Jeffrey more than
 anything else, even though Jeffrey knew it was malware because of
 numerous
 reports on the Internet of other users with the same issue.


 Sincerely,

 Jeffrey and Mary Jane Harris
 VIPCS


 -Original Message-

 From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu]
 Sent: Wednesday, December 15, 2010 11:07 AM
 To: NT System Admin Issues
 Subject: Re: System Tool 2011 malware

 Don't forget combofix - taken care of some things that can't be cleaned
 otherwise.

 
 Jack Kramer
 Computer Systems Specialist
 University Relations, Michigan State University
 w: 517-884-1231 / c: 248-635-4955




 On 12/15/10 10:37 AM, John Aldrich jaldr...@blueridgecarpet.com
 wrote:

 Thanks for the info, guys... I downloaded it and will start using it as
 part
 of my regular troubleshooting/cleaning toolkit. :-)
 
 
 
 From: Scott Weber [mailto:swe...@thanksal.com]
 Sent: Wednesday, December 15, 2010 10:24 AM
 To: NT System Admin Issues
 Subject: RE: System Tool 2011 malware
 
 James,
 Recently (this past weekend) found out about secunia PSI and I like it.
 
 +1
 
 Scott
 
 
 From: James Rankin [mailto:kz2...@googlemail.com]
 Sent: Wednesday, December 15, 2010 7:53 AM
 To: NT System Admin Issues
 Subject: Re: System Tool 2011 malware
 
 Secunia PSI FTWI've got that down as part of the standard toolset
 I
 put on home users' PCs now. It's also not too hard to use, which is a
 big
 plus for these kind of jobs
 On 15 December 2010 13:50, Erik Goldoff egold...@gmail.com wrote:
 I wonder the status of patching on his system, not just Microsoft but
 Adobe
 and other applications.  I've seen a bit of these fake av type malware
 gems
 arrive via

Re: Switches

2010-12-15 Thread Matthew W. Ross 
Do you need layer 3? The Procurve 2520 series is the Procurve layer 2 PoE 
switch line. I'm looking at getting some of these for WiFi AP/IP Phone 
deployment. The 2520-24G-PoE might be what you're looking for.

I'm curious, what is the need for Gigabit PoE? High speed 802.11n networking?


--Matt Ross
Ephrata School District


- Original Message -
From: Richard Stovall
[mailto:rich...@gmail.com]
To: NT System Admin Issues
[mailto:ntsysad...@lyris.sunbelt-software.com]
Sent: Wed, 15 Dec 2010
13:18:31 -0800
Subject: Re: Switches


 When I put in Fixed port, blank for port count, Smart Managed, Layer 3 lite,
 Gigabit Cooper, blank for uplink type, PoE, and blank for HA, I come up with
 V1910-24G-PoE(170W) and V1910-24G-PoE(365W).
 
 Note that the V series doesn't appear to have that fantabulous lifetime
 warranty everyone loves.
 
 
 
 On Wed, Dec 15, 2010 at 4:11 PM, Tom Miller tmil...@hnncsb.org wrote:
 
  Thanks, funny thing is the utility recommended the E5500G - my 3COM switch
  that HP sells!
 
   Richard Stovall rich...@gmail.com 12/15/2010 4:08 PM 
 
  Try the comparison tool at:
  http://h17007.www1.hp.com/us/en/products/switches/selector/index.aspx
 
  On Wed, Dec 15, 2010 at 4:04 PM, Tom Miller tmil...@hnncsb.org wrote:
 
   Folks,
   I'm in the market for a few new switches for a new remote office. 1 GIG
  with POE will be fine for this site. I don't need anything fancy, just
 basic
  L3 and VLANs. In the past I've used 3COM 5500G series, but this time I'm
  thinking HP since you folks on this list seem to give HP switches high
  reviews.
   Looking at the various HP switches, I think the E2910al series will due.
  It's hard to tell looking at HPs site the differences between the E2910
 and
  the A series. Both are listed as fixed port L3 managed ethernet
 switches.
   Any of you HP folks care to clarify this for me?
   Regards,
  Tom
 
  Confidentiality Notice: This e-mail message, including attachments, is
 for
  the sole use of the intended recipient(s) and may contain confidential
 and
  privileged information. Any unauthorized review, use, disclosure, or
  distribution is prohibited. If you are not the intended recipient, please
  contact the sender by reply e-mail and destroy all copies of the original
  message.
 
  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
 
  ---
  To manage subscriptions click here:
  http://lyris.sunbelt-software.com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin
 
 
  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
  ---
  To manage subscriptions click here:
  http://lyris.sunbelt-software.com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin
 
  Confidentiality Notice: This e-mail message, including attachments, is for
  the sole use of the intended recipient(s) and may contain confidential and
  privileged information. Any unauthorized review, use, disclosure, or
  distribution is prohibited. If you are not the intended recipient, please
  contact the sender by reply e-mail and destroy all copies of the original
  message.
 
  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
  ---
  To manage subscriptions click here:
  http://lyris.sunbelt-software.com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin
 
 
 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: LSI SATA RAID issue

2010-12-15 Thread Simon Butler 
If it is an LSI, then download their MegaRaid Storage Manager utility. That 
should allow you to see the status of the drives. 
The latest version works with the older cards - I am using it with an old Perc 
5i (which is LSI) on Windows 2008 R2, although it detects it as Windows Vista. 

Simon.


--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://www.amset.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with the iPhone?
http://CertificatesForExchange.com/ for certificates from just $26.99.
Need a domain for your certificate? http://DomainsForExchange.net/ 

Exchange Resources: http://exbpa.com/ 



-Original Message-
From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] 
Sent: 15 December 2010 20:55
To: NT System Admin Issues
Subject: RE: LSI SATA RAID issue

Like John said, if you have the smartpack installed, it will likely include the 
hpadu/acu (diagnostic/config utility) and you can query this info from it.
If not, you can fetch it online, not sure if it needs a reboot, I doubt it.
jlc

-Original Message-
From: Bill Humphries [mailto:nt...@hedgedigger.com] 
Sent: Wednesday, December 15, 2010 1:48 PM
To: NT System Admin Issues
Subject: Re: LSI SATA RAID issue

Heh.  This thing is way out of warranty.  The SATA drives are atleast 4 years 
old...so that adds tp my concern regarding array status.  They want to make it 
through this next tax season with this server.

VIPCS wrote:
 Can you call HP Support and ask them the question?

 Sincerely,
  
 Jeffrey and Mary Jane Harris
 VIPCS
  
 -Original Message-
 From: Bill Humphries [mailto:nt...@hedgedigger.com]
 Sent: Wednesday, December 15, 2010 3:20 PM
 To: NT System Admin Issues
 Subject: LSI SATA RAID issue

 SO I have a client with HP ML310 with SATA drives running SBS 2003. 
 The machine has been slow and disks show severe fragmentation. They 
 had a power issue yesterday and when I was onsite and booted the 
 machine I noticed that the pre-windows load screen mentioned that the 
 LSI array was failed or degraded.
 It booted into windows before I had time to hit the function key and I 
 couldn't take it down any longer during business hours. Itmight have 
 just been degraded due to power failure...or maybe something else.

 I can't seem to find any way to see RAID status on this server while 
 in windows. I don't think the standard HP array manager software 
 supports the LSI onboard controller. Mt google-fu is failing. any way 
 to see status of the array without taking the machine down? Thanks for 
 any input.

 Bill

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
 http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
 http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here: 
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

   


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Removing internal host and IP addresses from message headers

2010-12-15 Thread Michael B. Smith 
I think it isn't worth the trouble.

But you can set the security on the connectors and get rid of it, if you really 
care.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Sam Cayze [mailto:sca...@gmail.com]
Sent: Wednesday, December 15, 2010 4:31 PM
To: NT System Admin Issues
Subject: Removing internal host and IP addresses from message headers


In my upgrade to Exchange 2010, I noticed internal stuff is back in the 
headers.  I remember back in the day it was good practice to remove this.

What the take on this now?  This is an interesting article on the pros and 
cons...  but I'm still not quite sure.  Doesn't feel right leaving them in 
there.

http://exchangepedia.com/blog/2008/05/removing-internal-host-names-and-ip.html

Sam

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

New Policy UPN vs samAccountname

2010-12-15 Thread Juned Shaikh 
Trying to draft new policy for user accounts? What is the most effecitve 
advice? samAccountname - which is generally truncated, cryptic version of 
realname or nice and clean UPN which is i.e. first.lastn...@gmail.com. 

Certainly UPN seems scalable, cloud friendly and future proof?

Any thoughts or incompatibilites experienced?

Thanks in advance, 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: LSI SATA RAID issue

2010-12-15 Thread Bill Humphries 
Simon, thanks and awesome. 

I downloaded and installed.  It looks like we have degraded RAID 1 on 
our hands.


Simon Butler wrote:
If it is an LSI, then download their MegaRaid Storage Manager utility. That should allow you to see the status of the drives. 
The latest version works with the older cards - I am using it with an old Perc 5i (which is LSI) on Windows 2008 R2, although it detects it as Windows Vista. 


Simon.


--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://www.amset.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with the iPhone?
http://CertificatesForExchange.com/ for certificates from just $26.99.
Need a domain for your certificate? http://DomainsForExchange.net/ 

Exchange Resources: http://exbpa.com/ 




-Original Message-
From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] 
Sent: 15 December 2010 20:55

To: NT System Admin Issues
Subject: RE: LSI SATA RAID issue

Like John said, if you have the smartpack installed, it will likely include the 
hpadu/acu (diagnostic/config utility) and you can query this info from it.
If not, you can fetch it online, not sure if it needs a reboot, I doubt it.
jlc

-Original Message-
From: Bill Humphries [mailto:nt...@hedgedigger.com] 
Sent: Wednesday, December 15, 2010 1:48 PM

To: NT System Admin Issues
Subject: Re: LSI SATA RAID issue

Heh.  This thing is way out of warranty.  The SATA drives are atleast 4 years 
old...so that adds tp my concern regarding array status.  They want to make it 
through this next tax season with this server.

VIPCS wrote:
  

Can you call HP Support and ask them the question?

Sincerely,
 
Jeffrey and Mary Jane Harris

VIPCS
 
-Original Message-

From: Bill Humphries [mailto:nt...@hedgedigger.com]
Sent: Wednesday, December 15, 2010 3:20 PM
To: NT System Admin Issues
Subject: LSI SATA RAID issue

SO I have a client with HP ML310 with SATA drives running SBS 2003. 
The machine has been slow and disks show severe fragmentation. They 
had a power issue yesterday and when I was onsite and booted the 
machine I noticed that the pre-windows load screen mentioned that the 
LSI array was failed or degraded.
It booted into windows before I had time to hit the function key and I 
couldn't take it down any longer during business hours. Itmight have 
just been degraded due to power failure...or maybe something else.


I can't seem to find any way to see RAID status on this server while 
in windows. I don't think the standard HP array manager software 
supports the LSI onboard controller. Mt google-fu is failing. any way 
to see status of the array without taking the machine down? Thanks for 
any input.


Bill

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/

or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

  




~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


  



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Rename WDS Server?

2010-12-15 Thread Tony Patton 
I've done it before with no issues.

I think it was just a matter of changing the server name in the
bootstrap.ini file, I don't have access to the server anymore to verify.
You'll need to rebuild the boot image again.

I can't remember if there were any settings in the registry or not.

T

typed slowly on HTC Desire
On 15 Dec 2010 20:05, Roger Wright rhw...@gmail.com wrote:
 We have a server now formally used for multiple services but now utilized
 for Windows Deployment Services only. We'd like to rename the box but are
 concerned that this may break WDS. Any experience along these lines?


 Roger Wright
 ___

 Never make hard what you can make easy. - Fred W. Frailey

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~

 ---
 To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: System Tool 2011 malware

2010-12-15 Thread Micheal Espinola Jr 
^^^ This

--
ME2





On Wed, Dec 15, 2010 at 12:20 PM, Richard Stovall rich...@gmail.com wrote:

 Autoruns.

 Terrible name, great utility.

 live.sysinternals.com


 On Wed, Dec 15, 2010 at 3:18 PM, John Aldrich 
 jaldr...@blueridgecarpet.com wrote:

 I wasn't even using SpyBot to scan so much as to see what, in registry,
 etc was set to start. What do you recommend that's got the nice, easy to
 use
 interface listing what's set to start up automagically and allow you to
 enable/disable with a simple click? That way you don't have to *delete*
 it,
 just disable it from starting.



 From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
 Sent: Wednesday, December 15, 2010 2:34 PM
 To: NT System Admin Issues
 Subject: Re: System Tool 2011 malware

 I would recommend other tools for startup scanning.  I mean this with all
 sincerity, compared to other tools you can scan your system with, SBSD is
 a
 waste of scanning time.  Its not top of the food chain anymore.  Also,
 Tea-Timer (if utilized) is a major performance drag on your system, and
 its
 not even a system service.  Ultimately, the security you get from SBSD
 should not be trusted.

 I think that autoruns would be a better tool for startup inspection - Its
 fast and well organized.  A simple script can quickly open the hosts file
 for you on any system. Scripts could also automate basic inspecting of the
 hosts file contents being altered.

 --
 ME2




 On Wed, Dec 15, 2010 at 11:21 AM, John Aldrich
 jaldr...@blueridgecarpet.com wrote:
 Well, SpyBot has a couple things going for it that the others don’t – the
 ability to see what’s in the startup and the “hosts” file. Sure there are
 other apps that’ll install a hosts file for you, but it’s really easy to
 do
 with SpyBot, plus it’s easy to see what’s in the startup that *doesn't*
 show
 up with MSCONFIG or simply looking at the startup folder in the start
 menu. I could tell that something was auto-starting, but I couldn’t see
 what
 it was without loading up SpyBot. :-)

 I'll grant you that other things may do a better job of cleaning, but I
 think it's still a useful tool.



 From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
 Sent: Wednesday, December 15, 2010 1:37 PM
 To: NT System Admin Issues
 Subject: Re: System Tool 2011 malware
 SAFE MODE, SAFE MODE, SAFE MODE...

 Forget SBSD, it sucks these days.  Malwarebytes, ESET, and Kasperky.  Use
 those.  You'll get *everything*.

 Use Live CD's if at all possible.  But, if you do, be aware of NTFS perms.

 --
 ME2




 On Tue, Dec 14, 2010 at 7:47 PM, Steve Ens stevey...@gmail.com wrote:
 Hey John
 Are you asking how to fix it, or why Vipre didn't catch it?  If you're
 trying to fix it, then logon as the administrator (or something other
 than what the infected profile) and then run the tools...full scans.
 Steve

 On Tuesday, December 14, 2010, John Aldrich
 jaldr...@blueridgecarpet.com wrote:
  I had a home user who called me to come work on his computer because it
  kept coming up with the system tool 2011 malware (very similar to the
  fake antivirus malware.)
  The system is Windows XP Media Edition, and had Vipre Home installed. I
 ran
  Vipre Rescue yesterday and it supposedly cleaned some of it up, but as
 soon
  as the user rebooted into normal mode, it was back. Today, I went back
 and
  ran MalwareBytes and SpyBot SD.  Neither apparently caught it, but
 looking
  at the startup entries in SpyBot, I saw a random jumble of letters under
 c:
  \documents and settings\all users\application data\ which, when I
 entered
  the directory in Windows Explorer, showed the icon for the System Tool
 2011
  malware.
  Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I
  tried to submit a zip of it to the CW Sandbox, but got a response that
 it
  couldn't be analyzed...
  --
  Thanks,
  John Aldrich
  Blueridge Industries
  IT Manager
 
  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
  ---
  To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin
 

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~

Re: System Tool 2011 malware /OT

2010-12-15 Thread Micheal Espinola Jr 
/Micheal thinks that he has a bad habit of typing things in a way that
sounds personal when it really isnt.  No worries.

--
ME2





On Wed, Dec 15, 2010 at 11:43 AM, Joseph L. Casale 
jcas...@activenetwerx.com wrote:

  Lol, every mail you type starts with “jeffrey”, are you Mary, and do you
 actually handle all of jeffreys email or is Jeffrey an illeist?
 I get a small kick out of following this, lol…

 /me Thinks Joseph needs a Mary of his own, hehJ



 *From:* VIPCS [mailto:vi...@stny.rr.com]
 *Sent:* Wednesday, December 15, 2010 12:35 PM
 *To:* NT System Admin Issues
 *Subject:* RE: System Tool 2011 malware



 Jeffrey was confused by your “not buying it” comment.  No personal slights
 were intended.  Each of the other programs (except Vipre) found something,
 but it was left to combofix to actually resolve the basic issue of the
 keyboard not working.



 Sincerely,



 Jeffrey and Mary Jane Harris

 VIPCS


  --

 *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com]
 *Sent:* Wednesday, December 15, 2010 2:23 PM
 *To:* NT System Admin Issues
 *Subject:* Re: System Tool 2011 malware



 I didnt claim they are the end-all anything, and I certainly dont say so
 about Vipre - but Malwarebytes outshines ComboFix.  ComboFix is faster, but
 I have not found it to be more reliable in any provable sense.  In fact, my
 logs show the opposite.

 I also didnt claim anyone should have a static toolbag, or that ComboFix
 didnt fix the problem as described.  I was raising the issue that there were
 and perhaps still are other problems on that system that are preventing
 Malwarebytes from operating properly; which is something I often find on
 systems that are not running the registered (real-time) version of
 Malwarebytes.

 --
 ME2







 On Wed, Dec 15, 2010 at 11:09 AM, VIPCS vi...@stny.rr.com wrote:

 As Jeffrey recalls, he had to rename the MB executable just to allow it to
 run.  In any case, even if MB was blocked from operating optimally, you
 still cannot argue that combofix actually fixed the problem.



 Jeffrey raised this issue with Vipre support and they said they said the
 same thing – Vipre and MB are not the be-all and end-all for all malware,
 and sometimes specialized tools (such as combofix) are essential for some
 malware removal.



 Sincerely,



 Jeffrey and Mary Jane Harris

 VIPCS


   --

 *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com]
 *Sent:* Wednesday, December 15, 2010 2:02 PM


 *To:* NT System Admin Issues
 *Subject:* Re: System Tool 2011 malware



 Malwarebytes no, but ComboFix yes?  I'm not buying it.  Something else was
 happening that broke or blocked Mb from updating.

 --
 ME2







 On Wed, Dec 15, 2010 at 8:51 AM, VIPCS vi...@stny.rr.com wrote:

 Jeffrey had to fix malware on a user's system that infected the keyboard
 drivers, and prevent any keyboard from being used.  Combofix was the only
 tool that detected and fixed the issue (Jeffrey tried Vipre, Vipre Rescue,
 MalwareBytes, and the Microsoft Malicious Software Removal Tool).

 That Vipre never even detected the malware concerned Jeffrey more than
 anything else, even though Jeffrey knew it was malware because of numerous
 reports on the Internet of other users with the same issue.


 Sincerely,

 Jeffrey and Mary Jane Harris
 VIPCS


 -Original Message-

 From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu]
 Sent: Wednesday, December 15, 2010 11:07 AM
 To: NT System Admin Issues
 Subject: Re: System Tool 2011 malware

 Don't forget combofix - taken care of some things that can't be cleaned
 otherwise.

 
 Jack Kramer
 Computer Systems Specialist
 University Relations, Michigan State University
 w: 517-884-1231 / c: 248-635-4955




 On 12/15/10 10:37 AM, John Aldrich jaldr...@blueridgecarpet.com wrote:

 Thanks for the info, guys... I downloaded it and will start using it as
 part
 of my regular troubleshooting/cleaning toolkit. :-)
 
 
 
 From: Scott Weber [mailto:swe...@thanksal.com]
 Sent: Wednesday, December 15, 2010 10:24 AM
 To: NT System Admin Issues
 Subject: RE: System Tool 2011 malware
 
 James,
 Recently (this past weekend) found out about secunia PSI and I like it.
 
 +1
 
 Scott
 
 
 From: James Rankin [mailto:kz2...@googlemail.com]
 Sent: Wednesday, December 15, 2010 7:53 AM
 To: NT System Admin Issues
 Subject: Re: System Tool 2011 malware
 
 Secunia PSI FTWI've got that down as part of the standard toolset I
 put on home users' PCs now. It's also not too hard to use, which is a big
 plus for these kind of jobs
 On 15 December 2010 13:50, Erik Goldoff egold...@gmail.com wrote:
 I wonder the status of patching on his system, not just Microsoft but
 Adobe
 and other applications.  I've seen a bit of these fake av type malware
 gems
 arrive via suspected 'drive by' website visits, possibly from hitting
 flash/shockwave vulnerabilities on linked animated advertisements.
 
 
 Erik Goldoff
 IT  Consultant

RE: New Policy UPN vs samAccountname

2010-12-15 Thread Michael B. Smith 
My advice hasn't changed since 2004. :-)

http://theessentialexchange.com/blogs/michael/archive/2009/04/07/handling-the-userprincipalname-in-powershell.aspx

http://theessentialexchange.com/blogs/michael/archive/2007/11/13/the-user-principle-name-and-you.aspx

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com


From: Juned Shaikh [jsha...@gmail.com]
Sent: Wednesday, December 15, 2010 5:57 PM
To: NT System Admin Issues
Subject: New Policy UPN vs samAccountname

Trying to draft new policy for user accounts? What is the most effecitve 
advice? samAccountname - which is generally truncated, cryptic version of 
realname or nice and clean UPN which is i.e. first.lastn...@gmail.com.

Certainly UPN seems scalable, cloud friendly and future proof?

Any thoughts or incompatibilites experienced?

Thanks in advance,
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: New Policy UPN vs samAccountname

2010-12-15 Thread Juned Shaikh 
Fantastic! Thanks Michael.. 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin