RE: System Defragmenter malware
It is highly polymorphic and quite nasty. If you find it and VIPRE doesn't detect it, please let us know asap. Alex -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, October 29, 2010 12:04 PM To: NT System Admin Issues Subject: System Defragmenter malware I just had to go clean one of my systems, because the user was infected with System Defragmenter and it wasn't letting anything run, claiming the hard drive had bad sectors. I managed to get rid of it, but I thought I'd warn you guys. it got in even with Vipre Enterprise being up-to-date and a deep scan last night. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: System Defragmenter malware
cough Admin rights /cough Seriously, if you can't give up giving admin rights for political reasons consider creating an account which has local admin rights that users can use and move users standar accounts to nonadmin rights. In my environment, we were running with admin rights, but we afford our employees enough freedom to install software to do their jobs as necessary. Creating an account with admin rights was the best way for us to move forward. Employees are still bound to AUPs which stipulate that software not interfere with business use of applications. I don't care for the common local admin account myself, but I don't chase malware nearly as often. It's been once in the two years since the change. On Fri, Oct 29, 2010 at 12:46 PM, Alex Eckelberry al...@sunbelt-software.com wrote: It is highly polymorphic and quite nasty. If you find it and VIPRE doesn't detect it, please let us know asap. Alex -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, October 29, 2010 12:04 PM To: NT System Admin Issues Subject: System Defragmenter malware I just had to go clean one of my systems, because the user was infected with System Defragmenter and it wasn't letting anything run, claiming the hard drive had bad sectors. I managed to get rid of it, but I thought I'd warn you guys. it got in even with Vipre Enterprise being up-to-date and a deep scan last night. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: System Defragmenter malware
The user in question did NOT have admin rights. Trust me on this... I couldn't even update Java as that user. I had to log that user out and log in as myself to update Java. From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Friday, October 29, 2010 12:53 PM To: NT System Admin Issues Subject: Re: System Defragmenter malware cough Admin rights /cough Seriously, if you can't give up giving admin rights for political reasons consider creating an account which has local admin rights that users can use and move users standar accounts to nonadmin rights. In my environment, we were running with admin rights, but we afford our employees enough freedom to install software to do their jobs as necessary. Creating an account with admin rights was the best way for us to move forward. Employees are still bound to AUPs which stipulate that software not interfere with business use of applications. I don't care for the common local admin account myself, but I don't chase malware nearly as often. It's been once in the two years since the change. On Fri, Oct 29, 2010 at 12:46 PM, Alex Eckelberry al...@sunbelt-software.com wrote: It is highly polymorphic and quite nasty. If you find it and VIPRE doesn't detect it, please let us know asap. Alex -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, October 29, 2010 12:04 PM To: NT System Admin Issues Subject: System Defragmenter malware I just had to go clean one of my systems, because the user was infected with System Defragmenter and it wasn't letting anything run, claiming the hard drive had bad sectors. I managed to get rid of it, but I thought I'd warn you guys. it got in even with Vipre Enterprise being up-to-date and a deep scan last night. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: System Defragmenter malware
Well, I have seen that, too, unfortunately. Usually when some ad gets slipped in on frequented news sites. On Fri, Oct 29, 2010 at 1:11 PM, John Aldrich jaldr...@blueridgecarpet.comwrote: The user in question did NOT have admin rights. Trust me on this... I couldn't even update Java as that user. I had to log that user out and log in as myself to update Java. From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Friday, October 29, 2010 12:53 PM To: NT System Admin Issues Subject: Re: System Defragmenter malware cough Admin rights /cough Seriously, if you can't give up giving admin rights for political reasons consider creating an account which has local admin rights that users can use and move users standar accounts to nonadmin rights. In my environment, we were running with admin rights, but we afford our employees enough freedom to install software to do their jobs as necessary. Creating an account with admin rights was the best way for us to move forward. Employees are still bound to AUPs which stipulate that software not interfere with business use of applications. I don't care for the common local admin account myself, but I don't chase malware nearly as often. It's been once in the two years since the change. On Fri, Oct 29, 2010 at 12:46 PM, Alex Eckelberry al...@sunbelt-software.com wrote: It is highly polymorphic and quite nasty. If you find it and VIPRE doesn't detect it, please let us know asap. Alex -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, October 29, 2010 12:04 PM To: NT System Admin Issues Subject: System Defragmenter malware I just had to go clean one of my systems, because the user was infected with System Defragmenter and it wasn't letting anything run, claiming the hard drive had bad sectors. I managed to get rid of it, but I thought I'd warn you guys. it got in even with Vipre Enterprise being up-to-date and a deep scan last night. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin