R: Friday Reading... Windows 8 Preview: 23 Potential Features You Should Know About - Gizmodo

[HELP_PC]

I wasn't so impressed 
 
GuidoElia
HELPPC
 

  _  

Da: Sam Cayze [mailto:sca...@gmail.com] 
Inviato: venerdì 20 maggio 2011 22.37
A: NT System Admin Issues
Oggetto: Friday Reading... Windows 8 Preview: 23 Potential Features You Should 
Know About - Gizmodo



http://gizmodo.com/5803954/windows-8-preview-23-potential-features-you-should-know-about
 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Dual Booting a PC with Win 7 and Snow leopard

[Sam Cayze]

It's doable.  I think 'hackintosh' is your keyword to search for.

Also, double check the legality/ licensing.  I think this might break their
EULA, etc
On May 20, 2011 9:10 PM, "MMF"  wrote:

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Root Hints or Forwards on Windows 2008/2008 R2 DNS Servers

[Michael B. Smith]

The challenge is that neustar.us (the primary registrar for US domains) isn't 
very good about updating the roots.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com


-Original Message-
From: Jim Majorowicz [mailto:jmajorow...@gmail.com] 
Sent: Friday, May 20, 2011 6:03 PM
To: NT System Admin Issues
Subject: Root Hints or Forwards on Windows 2008/2008 R2 DNS Servers

We had an issue with a client a couple months back where their DNS
server (Windows 2008 SP2) was unable to properly resolve a .US domain
without adding Forwarders to the mix.  Now my boss insists that I add
forwarders to all the DNS servers we manage.  I've always prefered to
allow the servers to just use the Root Hints, but I can't really seem
to explain the benefit vs. Forwarders.  Ultimately, doesn't DNS come
down to what is stored on the Root Servers?

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Root Hints or Forwards on Windows 2008/2008 R2 DNS Servers

[Mike Sullivan]

It sounds like you may have run into a firewall issue. Take a look at this
article:
http://www.anitkb.com/2010/03/windows-server-2008-r2-dns-issues-edns0.html

Here's
a KB Article about this: http://support.microsoft.com/kb/832223



On Fri, May 20, 2011 at 3:03 PM, Jim Majorowicz wrote:

> We had an issue with a client a couple months back where their DNS
> server (Windows 2008 SP2) was unable to properly resolve a .US domain
> without adding Forwarders to the mix.  Now my boss insists that I add
> forwarders to all the DNS servers we manage.  I've always prefered to
> allow the servers to just use the Root Hints, but I can't really seem
> to explain the benefit vs. Forwarders.  Ultimately, doesn't DNS come
> down to what is stored on the Root Servers?
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
Thank you,
Mike Sullivan

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Root Hints or Forwards on Windows 2008/2008 R2 DNS Servers

[Jim Majorowicz]

We had an issue with a client a couple months back where their DNS
server (Windows 2008 SP2) was unable to properly resolve a .US domain
without adding Forwarders to the mix.  Now my boss insists that I add
forwarders to all the DNS servers we manage.  I've always prefered to
allow the servers to just use the Root Hints, but I can't really seem
to explain the benefit vs. Forwarders.  Ultimately, doesn't DNS come
down to what is stored on the Root Servers?

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Recommendations - Laptop for Virtualization

[Sam Cayze]

Not bad!  :)

 

From: Mark Smith [mailto:winsysad...@gmail.com] 
Sent: Friday, May 20, 2011 2:47 PM
To: NT System Admin Issues
Subject: Re: Recommendations - Laptop for Virtualization

 

Thanks for the Lenovo suggestion Bill. I always forget about Lenovo. Have
had good luck with them in the past. Ending up buying a w520, quad-core with
dual 500GB 7200RPM drives at RAID 0. Will replace with SSD's at a later
date. Got a coupon code from Lenovo, so total incl. tax came to
$1,650.Thanks everyone for your suggestions.

 

Mark

On Mon, May 16, 2011 at 4:24 PM, Bill Humphries 
wrote:

Thinkpad w520.  quad core and also 4 DIMM slots.  You can configure the
WWAN, etc at lenovo's website.  Sign up for their shareholder purchase
program and get a bit more of a discount.  You can use an ultrabay adapter
to replace DVD drive with a hard drive.

Bill

Mark Smith wrote:

Hi All,
 I need to purchase a laptop to run a virtualized test environment on.
So it will need a CPU that supports VT of course. I'm thinking quad core
would be best to handle the VM load.
I'd like to have the option of running an SSD for the primary drive and a
large SATA drive for storage. I'm having a hard time finding which laptops
support 2 hard drives.
It would be nice if it had mobile broadband (WWAN) support, so I could just
pop a SIM card in it - I keep breaking my dongle ;)  but I doubt I'll find a
high powered laptop with that option.
Any recommendations, opinions would be great.
 Thanks,
Mark

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/

or send an email to listmana...@lyris.sunbeltsoftware.com
 


with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: System Restore and Scareware

[Rankin, James R]

In the context of system restore, a virus is just for xmas, but a rootkit is 
for life

Typed frustratingly slowly on my BlackBerry® wireless device

-Original Message-
From: "Maglinger, Paul" 
Date: Fri, 20 May 2011 15:03:46 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: RE: System Restore and Scareware

I've had some good luck with system restores, but it doesn't seem to
reliably work against a root kit.  Those that didn't I took care of with
combofix.

 

From: Rankin, James R [mailto:kz2...@googlemail.com] 
Sent: Friday, May 20, 2011 2:51 PM
To: NT System Admin Issues
Subject: Re: System Restore and Scareware

 

Some of these little beasties are easy to beat - I've seen ones where
deleting a file did the trick. Unfortunately at the other end of the
scale live some crafty process-injection nasties that are a veritable
nightmare to find. Fortunately MalwareBYtes has a good track record of
pulling them out for you.

Typed frustratingly slowly on my BlackBerry(r) wireless device



From: "Bob Hartung"  

Date: Fri, 20 May 2011 14:47:23 -0500

To: NT System Admin Issues

ReplyTo: "NT System Admin Issues"


Subject: System Restore and Scareware

 

I've had a couple of recent cases of scareware infecting some Windows XP
Pro systems here. One reported lots of virus infestations and prevented
the user from accessing the internet and, for a low price, would fix
all. The other reported that the hard drive had tons of errors and the
boot sector was gone, etc. And for a small fee, their utility could fix
it. This system was unusable.

Maybe this is pretty basic but I haven't seen mention of it but in both
cases, Window's System Restore easily removed both. I've seen
descriptions of fixing infected systems involving fairly complex
procedures and multiple utilities. I guess I just wanted to recommend
giving System Restore a try first before resorting to the heavy
artillery.

On the system that had the failed hard drive scareware, it was
impossible to access System Restore in normal windows. I figured Safe
Mode was the way to go but I discovered System Restore is not available
in Safe Mode. I did learn that you can run System Restore in Safe Mode
with Command Prompt. Just enter
"%systemroot%\system32\restore\rstrui.exe" at the command prompt and
you're in System Restore. Not sure why regular Safe Mode wouldn't have
that command available.

Hope that's of help to someone else.

--

Bob Hartung
Wisco Industries, Inc.
736 Janesville St.
Oregon, WI 53575
Tel: (608) 835-3106 x215
Fax: (608) 835-7399
e-mail: bhartung(at)wiscoind.com 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: System Restore and Scareware

[Maglinger, Paul]

I've had some good luck with system restores, but it doesn't seem to
reliably work against a root kit.  Those that didn't I took care of with
combofix.

 

From: Rankin, James R [mailto:kz2...@googlemail.com] 
Sent: Friday, May 20, 2011 2:51 PM
To: NT System Admin Issues
Subject: Re: System Restore and Scareware

 

Some of these little beasties are easy to beat - I've seen ones where
deleting a file did the trick. Unfortunately at the other end of the
scale live some crafty process-injection nasties that are a veritable
nightmare to find. Fortunately MalwareBYtes has a good track record of
pulling them out for you.

Typed frustratingly slowly on my BlackBerry(r) wireless device



From: "Bob Hartung"  

Date: Fri, 20 May 2011 14:47:23 -0500

To: NT System Admin Issues

ReplyTo: "NT System Admin Issues"


Subject: System Restore and Scareware

 

I've had a couple of recent cases of scareware infecting some Windows XP
Pro systems here. One reported lots of virus infestations and prevented
the user from accessing the internet and, for a low price, would fix
all. The other reported that the hard drive had tons of errors and the
boot sector was gone, etc. And for a small fee, their utility could fix
it. This system was unusable.

Maybe this is pretty basic but I haven't seen mention of it but in both
cases, Window's System Restore easily removed both. I've seen
descriptions of fixing infected systems involving fairly complex
procedures and multiple utilities. I guess I just wanted to recommend
giving System Restore a try first before resorting to the heavy
artillery.

On the system that had the failed hard drive scareware, it was
impossible to access System Restore in normal windows. I figured Safe
Mode was the way to go but I discovered System Restore is not available
in Safe Mode. I did learn that you can run System Restore in Safe Mode
with Command Prompt. Just enter
"%systemroot%\system32\restore\rstrui.exe" at the command prompt and
you're in System Restore. Not sure why regular Safe Mode wouldn't have
that command available.

Hope that's of help to someone else.

--

Bob Hartung
Wisco Industries, Inc.
736 Janesville St.
Oregon, WI 53575
Tel: (608) 835-3106 x215
Fax: (608) 835-7399
e-mail: bhartung(at)wiscoind.com 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: System Restore and Scareware

[Roger Wright]

I've used SR several times to recover from malware.  It's always good,
though, to run a scan or two in Safe Mode after just to be sure.


Roger Wright
___

I'm out of bed and dressed... what more do you want?





On Fri, May 20, 2011 at 3:47 PM, Bob Hartung  wrote:
> I've had a couple of recent cases of scareware infecting some Windows XP Pro
> systems here. One reported lots of virus infestations and prevented the user
> from accessing the internet and, for a low price, would fix all. The other
> reported that the hard drive had tons of errors and the boot sector was
> gone, etc. And for a small fee, their utility could fix it. This system was
> unusable.
>
> Maybe this is pretty basic but I haven't seen mention of it but in both
> cases, Window's System Restore easily removed both. I've seen descriptions
> of fixing infected systems involving fairly complex procedures and multiple
> utilities. I guess I just wanted to recommend giving System Restore a try
> first before resorting to the heavy artillery.
>
> On the system that had the failed hard drive scareware, it was impossible to
> access System Restore in normal windows. I figured Safe Mode was the way to
> go but I discovered System Restore is not available in Safe Mode. I did
> learn that you can run System Restore in Safe Mode with Command Prompt. Just
> enter "%systemroot%\system32\restore\rstrui.exe" at the command prompt and
> you're in System Restore. Not sure why regular Safe Mode wouldn't have that
> command available.
>
> Hope that's of help to someone else.
>
> --
>
> Bob Hartung
> Wisco Industries, Inc.
> 736 Janesville St.
> Oregon, WI 53575
> Tel: (608) 835-3106 x215
> Fax: (608) 835-7399
> e-mail: bhartung(at)wiscoind.com
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: System Restore and Scareware

[Rankin, James R]

Some of these little beasties are easy to beat - I've seen ones where deleting 
a file did the trick. Unfortunately at the other end of the scale live some 
crafty process-injection nasties that are a veritable nightmare to find. 
Fortunately MalwareBYtes has a good track record of pulling them out for you.

Typed frustratingly slowly on my BlackBerry® wireless device

-Original Message-
From: "Bob Hartung" 
Date: Fri, 20 May 2011 14:47:23 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: System Restore and Scareware

I've had a couple of recent cases of scareware infecting some Windows XP Pro 
systems here. One reported lots of virus infestations and prevented the user 
from accessing the internet and, for a low price, would fix all. The other 
reported that the hard drive had tons of errors and the boot sector was gone, 
etc. And for a small fee, their utility could fix it. This system was unusable.

Maybe this is pretty basic but I haven't seen mention of it but in both cases, 
Window's System Restore easily removed both. I've seen descriptions of fixing 
infected systems involving fairly complex procedures and multiple utilities. I 
guess I just wanted to recommend giving System Restore a try first before 
resorting to the heavy artillery.

On the system that had the failed hard drive scareware, it was impossible to 
access System Restore in normal windows. I figured Safe Mode was the way to go 
but I discovered System Restore is not available in Safe Mode. I did learn that 
you can run System Restore in Safe Mode with Command Prompt. Just enter 
"%systemroot%\system32\restore\rstrui.exe" at the command prompt and you're in 
System Restore. Not sure why regular Safe Mode wouldn't have that command 
available.

Hope that's of help to someone else.

--

Bob Hartung
Wisco Industries, Inc.
736 Janesville St.
Oregon, WI 53575
Tel: (608) 835-3106 x215
Fax: (608) 835-7399
e-mail: bhartung(at)wiscoind.com
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Recommendations - Laptop for Virtualization

[Mark Smith]

Thanks for the Lenovo suggestion Bill. I always forget about Lenovo. Have
had good luck with them in the past. Ending up buying a w520, quad-core with
dual 500GB 7200RPM drives at RAID 0. Will replace with SSD's at a later
date. Got a coupon code from Lenovo, so total incl. tax came to
$1,650.Thanks everyone for your suggestions.

Mark

On Mon, May 16, 2011 at 4:24 PM, Bill Humphries wrote:

> Thinkpad w520.  quad core and also 4 DIMM slots.  You can configure the
> WWAN, etc at lenovo's website.  Sign up for their shareholder purchase
> program and get a bit more of a discount.  You can use an ultrabay adapter
> to replace DVD drive with a hard drive.
>
> Bill
>
> Mark Smith wrote:
>
>> Hi All,
>>  I need to purchase a laptop to run a virtualized test environment on.
>> So it will need a CPU that supports VT of course. I'm thinking quad core
>> would be best to handle the VM load.
>> I'd like to have the option of running an SSD for the primary drive and a
>> large SATA drive for storage. I'm having a hard time finding which laptops
>> support 2 hard drives.
>> It would be nice if it had mobile broadband (WWAN) support, so I could
>> just pop a SIM card in it - I keep breaking my dongle ;)  but I doubt I'll
>> find a high powered laptop with that option.
>> Any recommendations, opinions would be great.
>>  Thanks,
>> Mark
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com > listmana...@lyris.sunbeltsoftware.com>
>>
>> with the body: unsubscribe ntsysadmin
>>
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

System Restore and Scareware

[Bob Hartung]

I've had a couple of recent cases of scareware infecting some Windows XP Pro 
systems here. One reported lots of virus infestations and prevented the user 
from accessing the internet and, for a low price, would fix all. The other 
reported that the hard drive had tons of errors and the boot sector was gone, 
etc. And for a small fee, their utility could fix it. This system was unusable.

Maybe this is pretty basic but I haven't seen mention of it but in both cases, 
Window's System Restore easily removed both. I've seen descriptions of fixing 
infected systems involving fairly complex procedures and multiple utilities. I 
guess I just wanted to recommend giving System Restore a try first before 
resorting to the heavy artillery.

On the system that had the failed hard drive scareware, it was impossible to 
access System Restore in normal windows. I figured Safe Mode was the way to go 
but I discovered System Restore is not available in Safe Mode. I did learn that 
you can run System Restore in Safe Mode with Command Prompt. Just enter 
"%systemroot%\system32\restore\rstrui.exe" at the command prompt and you're in 
System Restore. Not sure why regular Safe Mode wouldn't have that command 
available.

Hope that's of help to someone else.

--

Bob Hartung
Wisco Industries, Inc.
736 Janesville St.
Oregon, WI 53575
Tel: (608) 835-3106 x215
Fax: (608) 835-7399
e-mail: bhartung(at)wiscoind.com
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Good Free Utility like IAS log file viewer?

[N Parr]

Any recommendations?

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

OT: Need Lotus Domino on-site consultant(s)

[RichardMcClary]

Greetings!

I am in central Illinois, but I need to locate 3 (or more) IBM authorized 
partners specializing in Lotus Domino in the New York City area.

IBM support has offered to come on-site, but they also warned me that just 
about any authorized partner would probably charge half of what IBM would 
change to send their actual employees.

We need to migrate from Domino 7.0.2 FP2 to Domino 8.5.2 FP2 (which should 
be no problem, but...)

When our Domino enviromnent was set up, a few rather serious mistakes were 
made.  It was years before said mistakes began to jump up and bite us, but 
now they've bitten and are holding tight.

SO, we are needing professional service, on-site, with a certified IBM 
partner to see if there is any way to make this Domino upgrade and to 
correct the initial set-up mistakes (hopefully without needing to resort 
to setting up a brand new Domino environment and simply wiping our current 
one).

I'm trying to search w/Google and the IBM "Partners" page.  However, that 
leaves me trying to find my way through just over 1100 entries.

SO, can anyone out there recommend a Lotus Domino dealer, IBM certified 
"partner", in the NYC area?

Thanks!
--
Richard D. McClary
Jr Infrastructure Architect, Information Technology Group 
ASPCA®
1717 S. Philo Rd, Ste 36
Urbana, IL  61802
 
richardmccl...@aspca.org
 
P: 217-337-9761
C: 217-417-1182
F: 217-337-9761
www.aspca.org
 
The information contained in this e-mail, and any attachments hereto, is 
from The American Society for the Prevention of Cruelty to Animals® (ASPCA
®) and is intended only for use by the addressee(s) named herein and may 
contain legally privileged and/or confidential information. If you are not 
the intended recipient of this e-mail, you are hereby notified that any 
dissemination, distribution, copying or use of the contents of this 
e-mail, and any attachments hereto, is strictly prohibited. If you have 
received this e-mail in error, please immediately notify me by reply email 
and permanently delete the original and any copy of this e-mail and any 
printout thereof.
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Account Names Not Resolving

[Miller Bonnie L .]

Download sidtoname.exe and run it against your live DC to determine if those 
are just old SIDS that no longer exist in your AD.  When accounts/groups are 
deleted, this stuff gets left behind.

If they are real, the machine (that server) is having trouble with name 
resolution or the computer account-might just need a remove/rejoin.

-Bonnie

From: Cameron [mailto:cameron.orl...@gmail.com]
Sent: Wednesday, May 18, 2011 8:06 AM
To: NT System Admin Issues
Subject: Re: Account Names Not Resolving

LOL...no it isn't!...Had to double check..LOL
On Wed, May 18, 2011 at 11:04 AM, Michael B. Smith 
mailto:mich...@smithcons.com>> wrote:
It isn't point to itself, right?

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Cameron [mailto:cameron.orl...@gmail.com]
Sent: Wednesday, May 18, 2011 11:01 AM

To: NT System Admin Issues
Subject: Re: Account Names Not Resolving

Yes it does (ran nltest /sc_verify:domain - successful). DNS updated...as in 
pointing to a different DNS server?...no, that hasn't changed.
On Wed, May 18, 2011 at 10:52 AM, Michael B. Smith 
mailto:mich...@smithcons.com>> wrote:
Does it have a secure channel to another DC in the site? Has DNS been updated 
on the server's NIC(s) since it was demoted?

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Cameron [mailto:cameron.orl...@gmail.com]
Sent: Wednesday, May 18, 2011 10:27 AM
To: NT System Admin Issues
Subject: Account Names Not Resolving

Good morning all,

I'm finally getting around to an issue that has been driving me a *bit* crazy 
for months. The scenario...
- Win2K Server - did have Exchange 2003 installed and *was* a DC 
- Installed new server and did a swing migration to Exchange 2010
- Uninstalled Exchange 2003
- DCPromo'd the Win2K server to member server 

Now the problem
- When you look at any shares on that server that have specific users added, 
all you see are the SIDs instead of account name.
- If you add a new user, they show fine...for a bit...
- When you go back into the security settings, all you see that resolve 
correctly are default ID's (Administrators/Everyone/Etc)

The server is due to be nuked and repaved, but there are a whack of 
Shares/Folders with really silly securities set on them that have to be moved 
to a new box.

Any ideas?

TIA!
Cameron

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: NAS drives (search tool)

[Tammy Stewart]

Goes to show you how much Linus experience I have (or not)

 

Thanks,

 

Tammy

 

  _  

From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] 
Sent: Friday, May 20, 2011 10:54 AM
To: NT System Admin Issues
Subject: RE: NAS drives (search tool)

 


Samba, in turn, runs on unix/linux systems, so the ssh option should work. 
--
RMc 

Tammy Stewart  wrote on 05/20/2011 09:51:33
AM:

> I think it runs on Samba 3.0 
>   
> Thanks, 
>   
> Tammy 
>   
> 
> From: Matthew B Ames [mailto:matthew.a...@qinetiq.com] 
> Sent: Friday, May 20, 2011 10:37 AM
> To: NT System Admin Issues
> Subject: RE: NAS drives (search tool) 
>   
> Mine lives in the loft in its original box.  Useless piece of junk. 
>   
> On a more useful note, if it runs a version of linux, I think you 
> can ssh to it, and then use find on rather than having to access it 
> via any shares it may be presenting. 
>   
> From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
> Sent: 20 May 2011 14:53
> To: NT System Admin Issues
> Subject: Re: NAS drives (search tool) 
>   
> Just give up.  Those things are truly awful speedwise. 
>   
> If you have a backup of the TeraStation data then I would 
> contemplate a restoration of the backup to more responsive hardware,
> clean that, wipe the Terastation and restore the cleaned data. 
> On Fri, May 20, 2011 at 9:40 AM, Tammy Stewart
 > wrote: 
> That indeed looks nice. Thanks. 
> Will pass it on & see if he can get it to do what is needed. 
>   
> Drives are: Buffalo TeraStation PRO NAS drives (model # TS-RHTGL/R5) 
>   
> Not sure if that makes any difference or not but thought I would 
> throw it out there anyway. 
>   
> Thanks, 
>   
> Tammy 
>   
> 
> From: Guyer, Don [mailto:don.gu...@fiserv.com] 
> Sent: Friday, May 20, 2011 9:20 AM 
> 
> To: NT System Admin Issues 
> Subject: RE: NAS drives (search tool) 
>   
> How about something like TreeSize? 
>   
> Don Guyer 
> Windows Systems Engineer 
> RIM Operations Engineering Distributed - A Team, Tier 2 
> Enterprise Technology Group 
> Fiserv 
> don.gu...@fiserv.com 
> Office: 1-800-523-7282 x 1673 
> Fax: 610-233-0404 
> www.fiserv.com 
>   
> From: Tammy Stewart [mailto:copper...@personainternet.com] 
> Sent: Friday, May 20, 2011 9:11 AM
> To: NT System Admin Issues
> Subject: NAS drives (search tool) 
>   
> Hi, 
>   
> I am looking for some sort of tool that can search an entire NAS 
> drive for a certain file, display it so it can be deleted. (not much
> unlike agent ransack, windows search, etc) 
>   
> A customer I am working with has 16 large drives with several TB of 
> data on each and many many shares. (in the hundreds) 
> They have conficker & I expect to find several instances of the fake
> recycler bins, the worm copies & the autorun.inf files in these shares. 
> Scanning with AV takes ages because of the amount of data involved &
> by the time the scan is done & items removed - they (worm copies) 
> already have been re-written again. 
> Is there such a tool? 
> Trying to get more info about the NAS model numbers & setup so to 
> make it easier to narrow down what will work & what will not. 
>   
> Yes - autorun is killed via GPO at the site (although it is possible
> the GPO didn't take on every machine) 
> Yes - it is believed that every machine is fitted with AV & it is 
> set up properly. (although it is possible that a few machines have 
> missed the install or AV is broke) - this part is being investigated
> (in order to figure out why it keeps re-propagating) 
>   
> TIA! 
>   
> Tammy 
>   
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here: http://lyris.sunbelt-software.
> com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here: http://lyris.sunbelt-software.
> com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here: http://lyris.sunbelt-software.
> com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin 
>   
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here: http://lyris.sunbelt-software.
> com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin 
> This email and any attachments to it may be confidential and are 
> intended solely for the use

RE: NAS drives (search tool)

[RichardMcClary]

Samba, in turn, runs on unix/linux systems, so the ssh option should work.
--
RMc

Tammy Stewart  wrote on 05/20/2011 09:51:33 
AM:

> I think it runs on Samba 3.0
> 
> Thanks,
> 
> Tammy
> 
> 
> From: Matthew B Ames [mailto:matthew.a...@qinetiq.com] 
> Sent: Friday, May 20, 2011 10:37 AM
> To: NT System Admin Issues
> Subject: RE: NAS drives (search tool)
> 
> Mine lives in the loft in its original box.  Useless piece of junk.
> 
> On a more useful note, if it runs a version of linux, I think you 
> can ssh to it, and then use find on rather than having to access it 
> via any shares it may be presenting.
> 
> From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
> Sent: 20 May 2011 14:53
> To: NT System Admin Issues
> Subject: Re: NAS drives (search tool)
> 
> Just give up.  Those things are truly awful speedwise.
> 
> If you have a backup of the TeraStation data then I would 
> contemplate a restoration of the backup to more responsive hardware,
> clean that, wipe the Terastation and restore the cleaned data.
> On Fri, May 20, 2011 at 9:40 AM, Tammy Stewart 
 > wrote:
> That indeed looks nice. Thanks.
> Will pass it on & see if he can get it to do what is needed.
> 
> Drives are: Buffalo TeraStation PRO NAS drives (model # TS-RHTGL/R5)
> 
> Not sure if that makes any difference or not but thought I would 
> throw it out there anyway.
> 
> Thanks,
> 
> Tammy
> 
> 
> From: Guyer, Don [mailto:don.gu...@fiserv.com] 
> Sent: Friday, May 20, 2011 9:20 AM 
> 
> To: NT System Admin Issues
> Subject: RE: NAS drives (search tool) 
> 
> How about something like TreeSize?
> 
> Don Guyer
> Windows Systems Engineer
> RIM Operations Engineering Distributed ? A Team, Tier 2
> Enterprise Technology Group
> Fiserv
> don.gu...@fiserv.com
> Office: 1-800-523-7282 x 1673
> Fax: 610-233-0404
> www.fiserv.com
> 
> From: Tammy Stewart [mailto:copper...@personainternet.com] 
> Sent: Friday, May 20, 2011 9:11 AM
> To: NT System Admin Issues
> Subject: NAS drives (search tool)
> 
> Hi,
> 
> I am looking for some sort of tool that can search an entire NAS 
> drive for a certain file, display it so it can be deleted. (not much
> unlike agent ransack, windows search, etc)
> 
> A customer I am working with has 16 large drives with several TB of 
> data on each and many many shares. (in the hundreds)
> They have conficker & I expect to find several instances of the fake
> recycler bins, the worm copies & the autorun.inf files in these shares.
> Scanning with AV takes ages because of the amount of data involved &
> by the time the scan is done & items removed ? they (worm copies) 
> already have been re-written again.
> Is there such a tool?
> Trying to get more info about the NAS model numbers & setup so to 
> make it easier to narrow down what will work & what will not.
> 
> Yes ? autorun is killed via GPO at the site (although it is possible
> the GPO didn?t take on every machine)
> Yes ? it is believed that every machine is fitted with AV & it is 
> set up properly. (although it is possible that a few machines have 
> missed the install or AV is broke) ? this part is being investigated
> (in order to figure out why it keeps re-propagating)
> 
> TIA!
> 
> Tammy
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here: http://lyris.sunbelt-software.
> com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here: http://lyris.sunbelt-software.
> com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here: http://lyris.sunbelt-software.
> com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here: http://lyris.sunbelt-software.
> com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> This email and any attachments to it may be confidential and are 
> intended solely for the use of the individual to whom it is 
> addressed. If you are not the intended recipient of this email, you 
> must neither take any action based upon its contents, nor copy or 
> show it to anyone. Please contact the sender if you believe you have
> received this email in error. QinetiQ may monitor email traffic data
> and also the content of email for the pur

Re: NAS drives (search tool)

[Jonathan Link]

It uses Samba, to present the shares, while running on Linux.
Samba is not na OS/Distribution.

On Fri, May 20, 2011 at 10:51 AM, Tammy Stewart <
copper...@personainternet.com> wrote:

>  I think it runs on Samba 3.0
>
>
>
> Thanks,
>
>
>
> Tammy
>
>
>  --
>
> *From:* Matthew B Ames [mailto:matthew.a...@qinetiq.com]
> *Sent:* Friday, May 20, 2011 10:37 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: NAS drives (search tool)
>
>
>
> Mine lives in the loft in its original box.  Useless piece of junk.
>
>
>
> On a more useful note, if it runs a version of linux, I think you can ssh
> to it, and then use find on rather than having to access it via any shares
> it may be presenting.
>
>
>
> *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
> *Sent:* 20 May 2011 14:53
> *To:* NT System Admin Issues
> *Subject:* Re: NAS drives (search tool)
>
>
>
> Just give up.  Those things are truly awful speedwise.
>
>
>
> If you have a backup of the TeraStation data then I would contemplate
> a restoration of the backup to more responsive hardware, clean that, wipe
> the Terastation and restore the cleaned data.
>
> On Fri, May 20, 2011 at 9:40 AM, Tammy Stewart <
> copper...@personainternet.com> wrote:
>
> That indeed looks nice. Thanks.
>
> Will pass it on & see if he can get it to do what is needed.
>
>
>
> Drives are: Buffalo TeraStation PRO NAS drives (model # TS-RHTGL/R5)
>
>
>
> Not sure if that makes any difference or not but thought I would throw it
> out there anyway.
>
>
>
> Thanks,
>
>
>
> Tammy
>
>
>  --
>
> *From:* Guyer, Don [mailto:don.gu...@fiserv.com]
> *Sent:* Friday, May 20, 2011 9:20 AM
>
>
> *To:* NT System Admin Issues
>
> *Subject:* RE: NAS drives (search tool)
>
>
>
> How about something like TreeSize?
>
>
>
> *Don Guyer*
>
> Windows Systems Engineer
>
> RIM Operations Engineering Distributed – A Team, Tier 2
>
> Enterprise Technology Group
>
> *Fiserv*
>
> don.gu...@fiserv.com
>
> Office: 1-800-523-7282 x 1673
>
> Fax: 610-233-0404
>
> www.fiserv.com
>
>
>
> *From:* Tammy Stewart [mailto:copper...@personainternet.com]
> *Sent:* Friday, May 20, 2011 9:11 AM
> *To:* NT System Admin Issues
> *Subject:* NAS drives (search tool)
>
>
>
> Hi,
>
>
>
> I am looking for some sort of tool that can search an entire NAS drive for
> a certain file, display it so it can be deleted. (not much unlike agent
> ransack, windows search, etc)
>
>
>
> A customer I am working with has 16 large drives with several TB of data on
> each and many many shares. (in the hundreds)
>
> They have conficker & I expect to find several instances of the fake
> recycler bins, the worm copies & the autorun.inf files in these shares.
>
> Scanning with AV takes ages because of the amount of data involved & by the
> time the scan is done & items removed – they (worm copies) already have been
> re-written again.
>
> Is there such a tool?
>
> Trying to get more info about the NAS model numbers & setup so to make it
> easier to narrow down what will work & what will not.
>
>
>
> Yes – autorun is killed via GPO at the site (although it is possible the
> GPO didn’t take on every machine)
>
> Yes – it is believed that every machine is fitted with AV & it is set up
> properly. (although it is possible that a few machines have missed the
> install or AV is broke) – this part is being investigated (in order to
> figure out why it keeps re-propagating)
>
>
>
> TIA!
>
>
>
> Tammy
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> This email and any attachments to it may be confidential and are intended
> solely for the use of the individual to whom it is addressed. If you are not
> the intended recipient of 

RE: NAS drives (search tool)

[Tammy Stewart]

I think it runs on Samba 3.0

 

Thanks,

 

Tammy

 

  _  

From: Matthew B Ames [mailto:matthew.a...@qinetiq.com] 
Sent: Friday, May 20, 2011 10:37 AM
To: NT System Admin Issues
Subject: RE: NAS drives (search tool)

 

Mine lives in the loft in its original box.  Useless piece of junk.

 

On a more useful note, if it runs a version of linux, I think you can ssh to
it, and then use find on rather than having to access it via any shares it
may be presenting.

 

From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: 20 May 2011 14:53
To: NT System Admin Issues
Subject: Re: NAS drives (search tool)

 

Just give up.  Those things are truly awful speedwise.

 

If you have a backup of the TeraStation data then I would contemplate a
restoration of the backup to more responsive hardware, clean that, wipe the
Terastation and restore the cleaned data.

On Fri, May 20, 2011 at 9:40 AM, Tammy Stewart
 wrote:

That indeed looks nice. Thanks.

Will pass it on & see if he can get it to do what is needed.

 

Drives are: Buffalo TeraStation PRO NAS drives (model # TS-RHTGL/R5)

 

Not sure if that makes any difference or not but thought I would throw it
out there anyway.

 

Thanks,

 

Tammy

 

  _  

From: Guyer, Don [mailto:don.gu...@fiserv.com] 
Sent: Friday, May 20, 2011 9:20 AM 


To: NT System Admin Issues

Subject: RE: NAS drives (search tool) 

 

How about something like TreeSize?

 

Don Guyer

Windows Systems Engineer

RIM Operations Engineering Distributed - A Team, Tier 2

Enterprise Technology Group

Fiserv

don.gu...@fiserv.com

Office: 1-800-523-7282   x 1673

Fax: 610-233-0404

  www.fiserv.com

 

From: Tammy Stewart [mailto:copper...@personainternet.com] 
Sent: Friday, May 20, 2011 9:11 AM
To: NT System Admin Issues
Subject: NAS drives (search tool)

 

Hi,

 

I am looking for some sort of tool that can search an entire NAS drive for a
certain file, display it so it can be deleted. (not much unlike agent
ransack, windows search, etc)

 

A customer I am working with has 16 large drives with several TB of data on
each and many many shares. (in the hundreds)

They have conficker & I expect to find several instances of the fake
recycler bins, the worm copies & the autorun.inf files in these shares.

Scanning with AV takes ages because of the amount of data involved & by the
time the scan is done & items removed - they (worm copies) already have been
re-written again.

Is there such a tool?

Trying to get more info about the NAS model numbers & setup so to make it
easier to narrow down what will work & what will not.

 

Yes - autorun is killed via GPO at the site (although it is possible the GPO
didn't take on every machine)

Yes - it is believed that every machine is fitted with AV & it is set up
properly. (although it is possible that a few machines have missed the
install or AV is broke) - this part is being investigated (in order to
figure out why it keeps re-propagating)

 

TIA!

 

Tammy

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

This email and any attachments to it may be confidential and are intended
solely for the use of the individual to whom it is addressed. If you are not
the intended recipient of this email, you must neither take any action based
upon its contents, nor copy or show it to anyone. Please contact the sender
if you believe you have received this email in error. QinetiQ may monitor
email traffic data and also the content of email for the purposes of
security. QinetiQ Limited (Registered in England & Wales: Company Number:
3796233) Registered office: Cody Technology Park, Ively Road, Farnborough,
Hampshire, GU14 0LX http://www.qinetiq.com.
  http://www.qinetiq.com

 

~ Finally, powerful endp

RE: NAS drives (search tool)

[Matthew B Ames]

Mine lives in the loft in its original box.  Useless piece of junk.

On a more useful note, if it runs a version of linux, I think you can ssh to 
it, and then use find on rather than having to access it via any shares it may 
be presenting.

From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: 20 May 2011 14:53
To: NT System Admin Issues
Subject: Re: NAS drives (search tool)

Just give up.  Those things are truly awful speedwise.

If you have a backup of the TeraStation data then I would contemplate a 
restoration of the backup to more responsive hardware, clean that, wipe the 
Terastation and restore the cleaned data.
On Fri, May 20, 2011 at 9:40 AM, Tammy Stewart 
mailto:copper...@personainternet.com>> wrote:
That indeed looks nice. Thanks.
Will pass it on & see if he can get it to do what is needed.

Drives are: Buffalo TeraStation PRO NAS drives (model # TS-RHTGL/R5)

Not sure if that makes any difference or not but thought I would throw it out 
there anyway.

Thanks,

Tammy


From: Guyer, Don [mailto:don.gu...@fiserv.com]
Sent: Friday, May 20, 2011 9:20 AM

To: NT System Admin Issues
Subject: RE: NAS drives (search tool)

How about something like TreeSize?

Don Guyer
Windows Systems Engineer
RIM Operations Engineering Distributed - A Team, Tier 2
Enterprise Technology Group
Fiserv
don.gu...@fiserv.com
Office: 1-800-523-7282 x 1673
Fax: 610-233-0404
www.fiserv.com

From: Tammy Stewart 
[mailto:copper...@personainternet.com]
Sent: Friday, May 20, 2011 9:11 AM
To: NT System Admin Issues
Subject: NAS drives (search tool)

Hi,

I am looking for some sort of tool that can search an entire NAS drive for a 
certain file, display it so it can be deleted. (not much unlike agent ransack, 
windows search, etc)

A customer I am working with has 16 large drives with several TB of data on 
each and many many shares. (in the hundreds)
They have conficker & I expect to find several instances of the fake recycler 
bins, the worm copies & the autorun.inf files in these shares.
Scanning with AV takes ages because of the amount of data involved & by the 
time the scan is done & items removed - they (worm copies) already have been 
re-written again.
Is there such a tool?
Trying to get more info about the NAS model numbers & setup so to make it 
easier to narrow down what will work & what will not.

Yes - autorun is killed via GPO at the site (although it is possible the GPO 
didn't take on every machine)
Yes - it is believed that every machine is fitted with AV & it is set up 
properly. (although it is possible that a few machines have missed the install 
or AV is broke) - this part is being investigated (in order to figure out why 
it keeps re-propagating)

TIA!

Tammy


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

This email and any attachments to it may be confidential and are
intended solely for the use of the individual to whom it is addressed.
If you are not the intended recipient of this email, you must neither
take any action based upon its contents, nor copy or show it to anyone.
Please contact the sender if you believe you have received this email in
error. QinetiQ may monitor email traffic data and also the content of
email for the purposes of security. QinetiQ Limited (Registered in
England & Wales: Company Number: 3796233) Registered office: Cody Technology 
Park, Ively Road, Farnborough, Hampshire, GU14 0LX http://www.qinetiq.com.

~ Finally, powerful e

RE: NAS drives (search tool)

[Tammy Stewart]

Sweet!

Will send him that info as well.

 

Thanks,

 

Tammy

 

  _  

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Friday, May 20, 2011 10:00 AM
To: NT System Admin Issues
Subject: RE: NAS drives (search tool)

 

I've got version 1.2.1.371 and from the results, I can select files the
normal way, contiguous or non-contiguous, and then shift-delete all at once
to bypass the recycle bin.  Sounds to me exactly like what you want, and
it's fast once the index is complete.

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Tammy Stewart [mailto:copper...@personainternet.com] 
Sent: Friday, May 20, 2011 9:56 AM
To: NT System Admin Issues
Subject: RE: NAS drives (search tool)

 

Has "everything" changed recently? Last time I installed it, it only showed
the folders where said file exists. Therefore one would have to open each
directory in turn & delete file.

He has many hundred shares so I expect several hundred worm copies.

 

Thanks,

 

Tammy

 

  _  

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Friday, May 20, 2011 9:52 AM
To: NT System Admin Issues
Subject: RE: NAS drives (search tool)

 

Have you tried 'everything' ?

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Tammy Stewart [mailto:copper...@personainternet.com] 
Sent: Friday, May 20, 2011 9:11 AM
To: NT System Admin Issues
Subject: NAS drives (search tool)

 

Hi,

 

I am looking for some sort of tool that can search an entire NAS drive for a
certain file, display it so it can be deleted. (not much unlike agent
ransack, windows search, etc)

 

A customer I am working with has 16 large drives with several TB of data on
each and many many shares. (in the hundreds)

They have conficker & I expect to find several instances of the fake
recycler bins, the worm copies & the autorun.inf files in these shares.

Scanning with AV takes ages because of the amount of data involved & by the
time the scan is done & items removed - they (worm copies) already have been
re-written again.

Is there such a tool?

Trying to get more info about the NAS model numbers & setup so to make it
easier to narrow down what will work & what will not.

 

Yes - autorun is killed via GPO at the site (although it is possible the GPO
didn't take on every machine)

Yes - it is believed that every machine is fitted with AV & it is set up
properly. (although it is possible that a few machines have missed the
install or AV is broke) - this part is being investigated (in order to
figure out why it keeps re-propagating)

 

TIA!

 

Tammy

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: NAS drives (search tool)

[Tammy Stewart]

Thanks,

 

I'll throw that idea out to him as well. Hopefully he does have a decent
backup or at least enough space to create one on.

Wiping/reloading cleaned data will take him some time though - he's in the
middle of some testing stuff at the school so that can't be interrupted at
the moment.

 

Thanks,

 

Tammy 

  _  

From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: Friday, May 20, 2011 9:53 AM
To: NT System Admin Issues
Subject: Re: NAS drives (search tool)

 

Just give up.  Those things are truly awful speedwise.

 

If you have a backup of the TeraStation data then I would contemplate a
restoration of the backup to more responsive hardware, clean that, wipe the
Terastation and restore the cleaned data.

On Fri, May 20, 2011 at 9:40 AM, Tammy Stewart
 wrote:

That indeed looks nice. Thanks.

Will pass it on & see if he can get it to do what is needed.

 

Drives are: Buffalo TeraStation PRO NAS drives (model # TS-RHTGL/R5)

 

Not sure if that makes any difference or not but thought I would throw it
out there anyway.

 

Thanks,

 

Tammy

 

  _  

From: Guyer, Don [mailto:don.gu...@fiserv.com] 
Sent: Friday, May 20, 2011 9:20 AM 


To: NT System Admin Issues

Subject: RE: NAS drives (search tool) 

 

How about something like TreeSize?

 

Don Guyer

Windows Systems Engineer

RIM Operations Engineering Distributed - A Team, Tier 2

Enterprise Technology Group

Fiserv

don.gu...@fiserv.com

Office: 1-800-523-7282 x 1673  

Fax: 610-233-0404

  www.fiserv.com

 

From: Tammy Stewart [mailto:copper...@personainternet.com] 
Sent: Friday, May 20, 2011 9:11 AM
To: NT System Admin Issues
Subject: NAS drives (search tool)

 

Hi,

 

I am looking for some sort of tool that can search an entire NAS drive for a
certain file, display it so it can be deleted. (not much unlike agent
ransack, windows search, etc)

 

A customer I am working with has 16 large drives with several TB of data on
each and many many shares. (in the hundreds)

They have conficker & I expect to find several instances of the fake
recycler bins, the worm copies & the autorun.inf files in these shares.

Scanning with AV takes ages because of the amount of data involved & by the
time the scan is done & items removed - they (worm copies) already have been
re-written again.

Is there such a tool?

Trying to get more info about the NAS model numbers & setup so to make it
easier to narrow down what will work & what will not.

 

Yes - autorun is killed via GPO at the site (although it is possible the GPO
didn't take on every machine)

Yes - it is believed that every machine is fitted with AV & it is set up
properly. (although it is possible that a few machines have missed the
install or AV is broke) - this part is being investigated (in order to
figure out why it keeps re-propagating)

 

TIA!

 

Tammy

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: NAS drives (search tool)

[Erik Goldoff]

I’ve got version 1.2.1.371 and from the results, I can select files the
normal way, contiguous or non-contiguous, and then shift-delete all at once
to bypass the recycle bin.  Sounds to me exactly like what you want, and
it’s fast once the index is complete.

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Tammy Stewart [mailto:copper...@personainternet.com] 
Sent: Friday, May 20, 2011 9:56 AM
To: NT System Admin Issues
Subject: RE: NAS drives (search tool)

 

Has “everything” changed recently? Last time I installed it, it only showed
the folders where said file exists. Therefore one would have to open each
directory in turn & delete file.

He has many hundred shares so I expect several hundred worm copies.

 

Thanks,

 

Tammy

 

  _  

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Friday, May 20, 2011 9:52 AM
To: NT System Admin Issues
Subject: RE: NAS drives (search tool)

 

Have you tried ‘everything’ ?

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Tammy Stewart [mailto:copper...@personainternet.com] 
Sent: Friday, May 20, 2011 9:11 AM
To: NT System Admin Issues
Subject: NAS drives (search tool)

 

Hi,

 

I am looking for some sort of tool that can search an entire NAS drive for a
certain file, display it so it can be deleted. (not much unlike agent
ransack, windows search, etc)

 

A customer I am working with has 16 large drives with several TB of data on
each and many many shares. (in the hundreds)

They have conficker & I expect to find several instances of the fake
recycler bins, the worm copies & the autorun.inf files in these shares.

Scanning with AV takes ages because of the amount of data involved & by the
time the scan is done & items removed – they (worm copies) already have been
re-written again.

Is there such a tool?

Trying to get more info about the NAS model numbers & setup so to make it
easier to narrow down what will work & what will not.

 

Yes – autorun is killed via GPO at the site (although it is possible the GPO
didn’t take on every machine)

Yes – it is believed that every machine is fitted with AV & it is set up
properly. (although it is possible that a few machines have missed the
install or AV is broke) – this part is being investigated (in order to
figure out why it keeps re-propagating)

 

TIA!

 

Tammy

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: NAS drives (search tool)

[Tammy Stewart]

Has "everything" changed recently? Last time I installed it, it only showed
the folders where said file exists. Therefore one would have to open each
directory in turn & delete file.

He has many hundred shares so I expect several hundred worm copies.

 

Thanks,

 

Tammy

 

  _  

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Friday, May 20, 2011 9:52 AM
To: NT System Admin Issues
Subject: RE: NAS drives (search tool)

 

Have you tried 'everything' ?

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Tammy Stewart [mailto:copper...@personainternet.com] 
Sent: Friday, May 20, 2011 9:11 AM
To: NT System Admin Issues
Subject: NAS drives (search tool)

 

Hi,

 

I am looking for some sort of tool that can search an entire NAS drive for a
certain file, display it so it can be deleted. (not much unlike agent
ransack, windows search, etc)

 

A customer I am working with has 16 large drives with several TB of data on
each and many many shares. (in the hundreds)

They have conficker & I expect to find several instances of the fake
recycler bins, the worm copies & the autorun.inf files in these shares.

Scanning with AV takes ages because of the amount of data involved & by the
time the scan is done & items removed - they (worm copies) already have been
re-written again.

Is there such a tool?

Trying to get more info about the NAS model numbers & setup so to make it
easier to narrow down what will work & what will not.

 

Yes - autorun is killed via GPO at the site (although it is possible the GPO
didn't take on every machine)

Yes - it is believed that every machine is fitted with AV & it is set up
properly. (although it is possible that a few machines have missed the
install or AV is broke) - this part is being investigated (in order to
figure out why it keeps re-propagating)

 

TIA!

 

Tammy

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Fake AV site

[Erik Goldoff]

Often you’ll get these browser based fake av popups as a result of SEO
and/or DNS poisoning , not so much from any ‘errant’ click.

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Jeff Bunting [mailto:bunting.j...@gmail.com] 
Sent: Friday, May 20, 2011 9:18 AM
To: NT System Admin Issues
Subject: Re: Fake AV site

 

more so to crop the password toolbar and other tabs I had open (no, there
was nothin' naughty, I promise!).  

The domain name is visible on the file download warning;  page was index.php
with a long string of characters as a parameter to it.  I didn't go back to
see if  the parameter was necessary to launch that particular page; maybe
this weekend in a VM if I'm bored.   I have the URL and page source
(obfuscated javascript) saved.

 

On a related note, does anyone know how to search within the Temporary
Internet Files on Win7?  I'm curious as to where this site came from; I
think it may have been an errant click on an advertisement.  I was going to
try a findstr on the directory, but its all hidden and virtualized now; what
you see in explorer is not what you see on the command line.   Of course,  I
may not find a thing if it was a redirect from an ad site, but thought it
worth knowing how to do anyway.

 

On Fri, May 20, 2011 at 8:00 AM, Erik Goldoff  wrote:

Jeff, did you intentionally crop the top of the screen capture to eliminate
the URL ?

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Matthew B Ames [mailto:matthew.a...@qinetiq.com] 
Sent: Friday, May 20, 2011 4:02 AM


To: NT System Admin Issues

Subject: RE: Fake AV site

 

I saw that site about a week ago when I was at home.  I think I was using
Chrome at the time however.  Likewise I just closed my browser tab (and
performed a full scan with ESET).

 

From: Jeff Bunting [mailto:bunting.j...@gmail.com] 
Sent: 20 May 2011 01:29
To: NT System Admin Issues
Subject: Fake AV site

 

Ran across a fake AV site this evening, with a faux-windows explorer web
page.   Anyone have favorite places to report this sort of thing?  I sent
the URL to Google's malware reporting, didn't know if there were other
well-regarded places to submit these

 

Here's a .png screenshot of the web page I took if anyone's interested
(SkyDrive).  The green progress bar was animated and completed its "scan"
before the "windows security alert" popped up.   The page was easily closed
by killing the IE tab  (the domain name appears in the image)

 

http://public.blu.livefilestore.com/y1pHzOqf6GUpj4i-Jmq3CZd6VhkMg0yNK33pu-4P
cTBzLjmkydC3bY_BUfYoKsbnH-a7DaUXp9fq8CyGwHEQAepWw/FakeAV.png?psid=1

 

 

Jeff

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

This email and any attachments to it may be confidential and are intended
solely for the use of the individual to whom it is addressed. If you are not
the intended recipient of this email, you must neither take any action based
upon its contents, nor copy or show it to anyone. Please contact the sender
if you believe you have received this email in error. QinetiQ may monitor
email traffic data and also the content of email for the purposes of
security. QinetiQ Limited (Registered in England & Wales: Company Number:
3796233) Registered office: Cody Technology Park, Ively Road, Farnborough,
Hampshire, GU14 0LX http://www.qinetiq.com.
  http://www.qinetiq.com

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyri

RE: NAS drives (search tool)

[Erik Goldoff]

Have you tried ‘everything’ ?

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Tammy Stewart [mailto:copper...@personainternet.com] 
Sent: Friday, May 20, 2011 9:11 AM
To: NT System Admin Issues
Subject: NAS drives (search tool)

 

Hi,

 

I am looking for some sort of tool that can search an entire NAS drive for a
certain file, display it so it can be deleted. (not much unlike agent
ransack, windows search, etc)

 

A customer I am working with has 16 large drives with several TB of data on
each and many many shares. (in the hundreds)

They have conficker & I expect to find several instances of the fake
recycler bins, the worm copies & the autorun.inf files in these shares.

Scanning with AV takes ages because of the amount of data involved & by the
time the scan is done & items removed – they (worm copies) already have been
re-written again.

Is there such a tool?

Trying to get more info about the NAS model numbers & setup so to make it
easier to narrow down what will work & what will not.

 

Yes – autorun is killed via GPO at the site (although it is possible the GPO
didn’t take on every machine)

Yes – it is believed that every machine is fitted with AV & it is set up
properly. (although it is possible that a few machines have missed the
install or AV is broke) – this part is being investigated (in order to
figure out why it keeps re-propagating)

 

TIA!

 

Tammy

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Fake AV site

[Erik Goldoff]

Incredible the number of fake av variants … here’s a google link for
‘images’ for “fake av” showing screen captures of all sorts !

 

http://www.google.com/search?hl=en

&q=fake+av&bav=on.2,or.r_gc.r_pw.&um=1&ie=UTF-8&tbm=isch&source=og&sa=N&tab=
wi&biw=1334&bih=803

 

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Guyer, Don [mailto:don.gu...@fiserv.com] 
Sent: Friday, May 20, 2011 9:08 AM
To: NT System Admin Issues
Subject: RE: Fake AV site

 

I’ve seen this a handful of times within the last month or so, seems to be
more prevalent recently.

 

Don Guyer

Windows Systems Engineer

RIM Operations Engineering Distributed – A Team, Tier 2

Enterprise Technology Group

Fiserv

don.gu...@fiserv.com

Office: 1-800-523-7282 x 1673

Fax: 610-233-0404

  www.fiserv.com

 

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Friday, May 20, 2011 8:34 AM
To: NT System Admin Issues
Subject: RE: Fake AV site

 

Hmmm, must be a fake-av construction kit.  The interior dialog box titled
‘Windows Security Alert’  is identical, word for word, letter for letter,
except for a seemingly random display of the ‘threats’ found to a fake-av I
dealt with at a client site a few months ago, that was triggered from
momentecue4.com .  Identical including the same heinous spelling and
grammatical errors !

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Jeff Bunting [mailto:bunting.j...@gmail.com] 
Sent: Thursday, May 19, 2011 8:29 PM
To: NT System Admin Issues
Subject: Fake AV site

 

Ran across a fake AV site this evening, with a faux-windows explorer web
page.   Anyone have favorite places to report this sort of thing?  I sent
the URL to Google's malware reporting, didn't know if there were other
well-regarded places to submit these

 

Here's a .png screenshot of the web page I took if anyone's interested
(SkyDrive).  The green progress bar was animated and completed its "scan"
before the "windows security alert" popped up.   The page was easily closed
by killing the IE tab  (the domain name appears in the image)

 

http://public.blu.livefilestore.com/y1pHzOqf6GUpj4i-Jmq3CZd6VhkMg0yNK33pu-4P
cTBzLjmkydC3bY_BUfYoKsbnH-a7DaUXp9fq8CyGwHEQAepWw/FakeAV.png?psid=1

 

 

Jeff

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: NAS drives (search tool)

[Guyer, Don]

Yeah, as long as you can map a drive, you're golden. I've used it a
bunch of times with different NAS/SAN environments.

 

 

Don Guyer

Windows Systems Engineer

RIM Operations Engineering Distributed - A Team, Tier 2

Enterprise Technology Group

Fiserv

don.gu...@fiserv.com

Office: 1-800-523-7282 x 1673

Fax: 610-233-0404

www.fiserv.com  

 

From: Tammy Stewart [mailto:copper...@personainternet.com] 
Sent: Friday, May 20, 2011 9:41 AM
To: NT System Admin Issues
Subject: RE: NAS drives (search tool)

 

That indeed looks nice. Thanks.

Will pass it on & see if he can get it to do what is needed.

 

Drives are: Buffalo TeraStation PRO NAS drives (model # TS-RHTGL/R5)

 

Not sure if that makes any difference or not but thought I would throw
it out there anyway.

 

Thanks,

 

Tammy

 



From: Guyer, Don [mailto:don.gu...@fiserv.com] 
Sent: Friday, May 20, 2011 9:20 AM
To: NT System Admin Issues
Subject: RE: NAS drives (search tool)

 

How about something like TreeSize?

 

Don Guyer

Windows Systems Engineer

RIM Operations Engineering Distributed - A Team, Tier 2

Enterprise Technology Group

Fiserv

don.gu...@fiserv.com

Office: 1-800-523-7282 x 1673

Fax: 610-233-0404

www.fiserv.com  

 

From: Tammy Stewart [mailto:copper...@personainternet.com] 
Sent: Friday, May 20, 2011 9:11 AM
To: NT System Admin Issues
Subject: NAS drives (search tool)

 

Hi,

 

I am looking for some sort of tool that can search an entire NAS drive
for a certain file, display it so it can be deleted. (not much unlike
agent ransack, windows search, etc)

 

A customer I am working with has 16 large drives with several TB of data
on each and many many shares. (in the hundreds)

They have conficker & I expect to find several instances of the fake
recycler bins, the worm copies & the autorun.inf files in these shares.

Scanning with AV takes ages because of the amount of data involved & by
the time the scan is done & items removed - they (worm copies) already
have been re-written again.

Is there such a tool?

Trying to get more info about the NAS model numbers & setup so to make
it easier to narrow down what will work & what will not.

 

Yes - autorun is killed via GPO at the site (although it is possible the
GPO didn't take on every machine)

Yes - it is believed that every machine is fitted with AV & it is set up
properly. (although it is possible that a few machines have missed the
install or AV is broke) - this part is being investigated (in order to
figure out why it keeps re-propagating)

 

TIA!

 

Tammy

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: NAS drives (search tool)

[Tammy Stewart]

That indeed looks nice. Thanks.

Will pass it on & see if he can get it to do what is needed.

 

Drives are: Buffalo TeraStation PRO NAS drives (model # TS-RHTGL/R5)

 

Not sure if that makes any difference or not but thought I would throw it
out there anyway.

 

Thanks,

 

Tammy

 

  _  

From: Guyer, Don [mailto:don.gu...@fiserv.com] 
Sent: Friday, May 20, 2011 9:20 AM
To: NT System Admin Issues
Subject: RE: NAS drives (search tool)

 

How about something like TreeSize?

 

Don Guyer

Windows Systems Engineer

RIM Operations Engineering Distributed - A Team, Tier 2

Enterprise Technology Group

Fiserv

don.gu...@fiserv.com

Office: 1-800-523-7282 x 1673

Fax: 610-233-0404

  www.fiserv.com

 

From: Tammy Stewart [mailto:copper...@personainternet.com] 
Sent: Friday, May 20, 2011 9:11 AM
To: NT System Admin Issues
Subject: NAS drives (search tool)

 

Hi,

 

I am looking for some sort of tool that can search an entire NAS drive for a
certain file, display it so it can be deleted. (not much unlike agent
ransack, windows search, etc)

 

A customer I am working with has 16 large drives with several TB of data on
each and many many shares. (in the hundreds)

They have conficker & I expect to find several instances of the fake
recycler bins, the worm copies & the autorun.inf files in these shares.

Scanning with AV takes ages because of the amount of data involved & by the
time the scan is done & items removed - they (worm copies) already have been
re-written again.

Is there such a tool?

Trying to get more info about the NAS model numbers & setup so to make it
easier to narrow down what will work & what will not.

 

Yes - autorun is killed via GPO at the site (although it is possible the GPO
didn't take on every machine)

Yes - it is believed that every machine is fitted with AV & it is set up
properly. (although it is possible that a few machines have missed the
install or AV is broke) - this part is being investigated (in order to
figure out why it keeps re-propagating)

 

TIA!

 

Tammy

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: NAS drives (search tool)

[Guyer, Don]

How about something like TreeSize?

 

Don Guyer

Windows Systems Engineer

RIM Operations Engineering Distributed - A Team, Tier 2

Enterprise Technology Group

Fiserv

don.gu...@fiserv.com

Office: 1-800-523-7282 x 1673

Fax: 610-233-0404

www.fiserv.com  

 

From: Tammy Stewart [mailto:copper...@personainternet.com] 
Sent: Friday, May 20, 2011 9:11 AM
To: NT System Admin Issues
Subject: NAS drives (search tool)

 

Hi,

 

I am looking for some sort of tool that can search an entire NAS drive
for a certain file, display it so it can be deleted. (not much unlike
agent ransack, windows search, etc)

 

A customer I am working with has 16 large drives with several TB of data
on each and many many shares. (in the hundreds)

They have conficker & I expect to find several instances of the fake
recycler bins, the worm copies & the autorun.inf files in these shares.

Scanning with AV takes ages because of the amount of data involved & by
the time the scan is done & items removed - they (worm copies) already
have been re-written again.

Is there such a tool?

Trying to get more info about the NAS model numbers & setup so to make
it easier to narrow down what will work & what will not.

 

Yes - autorun is killed via GPO at the site (although it is possible the
GPO didn't take on every machine)

Yes - it is believed that every machine is fitted with AV & it is set up
properly. (although it is possible that a few machines have missed the
install or AV is broke) - this part is being investigated (in order to
figure out why it keeps re-propagating)

 

TIA!

 

Tammy

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Fake AV site

[Jeff Bunting]

more so to crop the password toolbar and other tabs I had open (no, there
was nothin' naughty, I promise!).
The domain name is visible on the file download warning;  page was index.php
with a long string of characters as a parameter to it.  I didn't go back
to see if  the parameter was necessary to launch that particular page; maybe
this weekend in a VM if I'm bored.   I have the URL and page source
(obfuscated javascript) saved.

On a related note, does anyone know how to search within the Temporary
Internet Files on Win7?  I'm curious as to where this site came from; I
think it may have been an errant click on an advertisement.  I was going to
try a findstr on the directory, but its all hidden and virtualized now; what
you see in explorer is not what you see on the command line.   Of course,  I
may not find a thing if it was a redirect from an ad site, but thought it
worth knowing how to do anyway.

On Fri, May 20, 2011 at 8:00 AM, Erik Goldoff  wrote:

>  Jeff, did you intentionally crop the top of the screen capture to
> eliminate the URL ?
>
>
>
> *Erik Goldoff***
>
> *IT  Consultant*
>
> *Systems, Networks, & Security *
>
> '  Security is an ongoing process, not a one time event ! '
>
> *From:* Matthew B Ames [mailto:matthew.a...@qinetiq.com]
> *Sent:* Friday, May 20, 2011 4:02 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Fake AV site
>
>
>
> I saw that site about a week ago when I was at home.  I think I was using
> Chrome at the time however.  Likewise I just closed my browser tab (and
> performed a full scan with ESET).
>
>
>
> *From:* Jeff Bunting [mailto:bunting.j...@gmail.com]
> *Sent:* 20 May 2011 01:29
> *To:* NT System Admin Issues
> *Subject:* Fake AV site
>
>
>
> Ran across a fake AV site this evening, with a faux-windows explorer web
> page.   Anyone have favorite places to report this sort of thing?  I sent
> the URL to Google's malware reporting, didn't know if there were other
> well-regarded places to submit these
>
>
>
> Here's a .png screenshot of the web page I took if anyone's interested
> (SkyDrive).  The green progress bar was animated and completed its
> "scan" before the "windows security alert" popped up.   The page was easily
> closed by killing the IE tab  (the domain name appears in the image)
>
>
>
>
> http://public.blu.livefilestore.com/y1pHzOqf6GUpj4i-Jmq3CZd6VhkMg0yNK33pu-4PcTBzLjmkydC3bY_BUfYoKsbnH-a7DaUXp9fq8CyGwHEQAepWw/FakeAV.png?psid=1
>
>
>
>
>
> Jeff
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> This email and any attachments to it may be confidential and are intended
> solely for the use of the individual to whom it is addressed. If you are not
> the intended recipient of this email, you must neither take any action based
> upon its contents, nor copy or show it to anyone. Please contact the sender
> if you believe you have received this email in error. QinetiQ may monitor
> email traffic data and also the content of email for the purposes of
> security. QinetiQ Limited (Registered in England & Wales: Company Number:
> 3796233) Registered office: Cody Technology Park, Ively Road, Farnborough,
> Hampshire, GU14 0LX http://www.qinetiq.com.
> http://www.qinetiq.com
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

NAS drives (search tool)

[Tammy Stewart]

Hi,

 

I am looking for some sort of tool that can search an entire NAS drive for a
certain file, display it so it can be deleted. (not much unlike agent
ransack, windows search, etc)

 

A customer I am working with has 16 large drives with several TB of data on
each and many many shares. (in the hundreds)

They have conficker & I expect to find several instances of the fake
recycler bins, the worm copies & the autorun.inf files in these shares.

Scanning with AV takes ages because of the amount of data involved & by the
time the scan is done & items removed - they (worm copies) already have been
re-written again.

Is there such a tool?

Trying to get more info about the NAS model numbers & setup so to make it
easier to narrow down what will work & what will not.

 

Yes - autorun is killed via GPO at the site (although it is possible the GPO
didn't take on every machine)

Yes - it is believed that every machine is fitted with AV & it is set up
properly. (although it is possible that a few machines have missed the
install or AV is broke) - this part is being investigated (in order to
figure out why it keeps re-propagating)

 

TIA!

 

Tammy

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Fake AV site

[Guyer, Don]

I've seen this a handful of times within the last month or so, seems to
be more prevalent recently.

 

Don Guyer

Windows Systems Engineer

RIM Operations Engineering Distributed - A Team, Tier 2

Enterprise Technology Group

Fiserv

don.gu...@fiserv.com

Office: 1-800-523-7282 x 1673

Fax: 610-233-0404

www.fiserv.com  

 

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Friday, May 20, 2011 8:34 AM
To: NT System Admin Issues
Subject: RE: Fake AV site

 

Hmmm, must be a fake-av construction kit.  The interior dialog box
titled 'Windows Security Alert'  is identical, word for word, letter for
letter, except for a seemingly random display of the 'threats' found to
a fake-av I dealt with at a client site a few months ago, that was
triggered from momentecue4.com .  Identical including the same heinous
spelling and grammatical errors !

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Jeff Bunting [mailto:bunting.j...@gmail.com] 
Sent: Thursday, May 19, 2011 8:29 PM
To: NT System Admin Issues
Subject: Fake AV site

 

Ran across a fake AV site this evening, with a faux-windows explorer web
page.   Anyone have favorite places to report this sort of thing?  I
sent the URL to Google's malware reporting, didn't know if there were
other well-regarded places to submit these

 

Here's a .png screenshot of the web page I took if anyone's interested
(SkyDrive).  The green progress bar was animated and completed its
"scan" before the "windows security alert" popped up.   The page was
easily closed by killing the IE tab  (the domain name appears in the
image)

 

http://public.blu.livefilestore.com/y1pHzOqf6GUpj4i-Jmq3CZd6VhkMg0yNK33p
u-4PcTBzLjmkydC3bY_BUfYoKsbnH-a7DaUXp9fq8CyGwHEQAepWw/FakeAV.png?psid=1

 

 

Jeff

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: server locks up

[John Aldrich]

Yeah... as long as the hardware was shipped before a certain date...
10/2008, I think it was. Fortunately mine was. :D



-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Friday, May 20, 2011 7:30 AM
To: NT System Admin Issues
Subject: Re: server locks up

On Thu, May 19, 2011 at 1:37 PM, John Aldrich
 wrote:
> Thanks... I was reluctant to contact Dell support as the server is out of
> warranty... is this going to be a "chargeable" event or will this be free?

  Dell standard tech support is included with the purchase price.  No
additional charge.

  You won't get parts without a service contract, and the paid service
contracts give you better support (shorter hold times, more clueful
people, etc.), but you get the standard support forever.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Fake AV site

[Erik Goldoff]

Hmmm, must be a fake-av construction kit.  The interior dialog box titled
‘Windows Security Alert’  is identical, word for word, letter for letter,
except for a seemingly random display of the ‘threats’ found to a fake-av I
dealt with at a client site a few months ago, that was triggered from
momentecue4.com .  Identical including the same heinous spelling and
grammatical errors !

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Jeff Bunting [mailto:bunting.j...@gmail.com] 
Sent: Thursday, May 19, 2011 8:29 PM
To: NT System Admin Issues
Subject: Fake AV site

 

Ran across a fake AV site this evening, with a faux-windows explorer web
page.   Anyone have favorite places to report this sort of thing?  I sent
the URL to Google's malware reporting, didn't know if there were other
well-regarded places to submit these

 

Here's a .png screenshot of the web page I took if anyone's interested
(SkyDrive).  The green progress bar was animated and completed its "scan"
before the "windows security alert" popped up.   The page was easily closed
by killing the IE tab  (the domain name appears in the image)

 

http://public.blu.livefilestore.com/y1pHzOqf6GUpj4i-Jmq3CZd6VhkMg0yNK33pu-4P
cTBzLjmkydC3bY_BUfYoKsbnH-a7DaUXp9fq8CyGwHEQAepWw/FakeAV.png?psid=1

 

 

Jeff

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Fake AV site

[Erik Goldoff]

Jeff, did you intentionally crop the top of the screen capture to eliminate
the URL ?

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Matthew B Ames [mailto:matthew.a...@qinetiq.com] 
Sent: Friday, May 20, 2011 4:02 AM
To: NT System Admin Issues
Subject: RE: Fake AV site

 

I saw that site about a week ago when I was at home.  I think I was using
Chrome at the time however.  Likewise I just closed my browser tab (and
performed a full scan with ESET).

 

From: Jeff Bunting [mailto:bunting.j...@gmail.com] 
Sent: 20 May 2011 01:29
To: NT System Admin Issues
Subject: Fake AV site

 

Ran across a fake AV site this evening, with a faux-windows explorer web
page.   Anyone have favorite places to report this sort of thing?  I sent
the URL to Google's malware reporting, didn't know if there were other
well-regarded places to submit these

 

Here's a .png screenshot of the web page I took if anyone's interested
(SkyDrive).  The green progress bar was animated and completed its "scan"
before the "windows security alert" popped up.   The page was easily closed
by killing the IE tab  (the domain name appears in the image)

 

http://public.blu.livefilestore.com/y1pHzOqf6GUpj4i-Jmq3CZd6VhkMg0yNK33pu-4P
cTBzLjmkydC3bY_BUfYoKsbnH-a7DaUXp9fq8CyGwHEQAepWw/FakeAV.png?psid=1

 

 

Jeff

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

This email and any attachments to it may be confidential and are intended
solely for the use of the individual to whom it is addressed. If you are not
the intended recipient of this email, you must neither take any action based
upon its contents, nor copy or show it to anyone. Please contact the sender
if you believe you have received this email in error. QinetiQ may monitor
email traffic data and also the content of email for the purposes of
security. QinetiQ Limited (Registered in England & Wales: Company Number:
3796233) Registered office: Cody Technology Park, Ively Road, Farnborough,
Hampshire, GU14 0LX http://www.qinetiq.com.
  http://www.qinetiq.com

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: server locks up

[Ben Scott]

On Thu, May 19, 2011 at 1:37 PM, John Aldrich
 wrote:
> Thanks... I was reluctant to contact Dell support as the server is out of
> warranty... is this going to be a "chargeable" event or will this be free?

  Dell standard tech support is included with the purchase price.  No
additional charge.

  You won't get parts without a service contract, and the paid service
contracts give you better support (shorter hold times, more clueful
people, etc.), but you get the standard support forever.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Fake AV site

[Matthew B Ames]

I saw that site about a week ago when I was at home.  I think I was using 
Chrome at the time however.  Likewise I just closed my browser tab (and 
performed a full scan with ESET).

From: Jeff Bunting [mailto:bunting.j...@gmail.com]
Sent: 20 May 2011 01:29
To: NT System Admin Issues
Subject: Fake AV site

Ran across a fake AV site this evening, with a faux-windows explorer web page.  
 Anyone have favorite places to report this sort of thing?  I sent the URL to 
Google's malware reporting, didn't know if there were other well-regarded 
places to submit these

Here's a .png screenshot of the web page I took if anyone's interested 
(SkyDrive).  The green progress bar was animated and completed its "scan" 
before the "windows security alert" popped up.   The page was easily closed by 
killing the IE tab  (the domain name appears in the image)

http://public.blu.livefilestore.com/y1pHzOqf6GUpj4i-Jmq3CZd6VhkMg0yNK33pu-4PcTBzLjmkydC3bY_BUfYoKsbnH-a7DaUXp9fq8CyGwHEQAepWw/FakeAV.png?psid=1


Jeff

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

This email and any attachments to it may be confidential and are
intended solely for the use of the individual to whom it is addressed.
If you are not the intended recipient of this email, you must neither
take any action based upon its contents, nor copy or show it to anyone.
Please contact the sender if you believe you have received this email in
error. QinetiQ may monitor email traffic data and also the content of
email for the purposes of security. QinetiQ Limited (Registered in
England & Wales: Company Number: 3796233) Registered office: Cody Technology 
Park, Ively Road, Farnborough, Hampshire, GU14 0LX http://www.qinetiq.com.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin