Wait until your bosses machine gets infected. Maybe that's what it
will take to get the policy changed.
And you should try using another AV product if the current one is not
keeping your systems cleaned from known viruses.
How are you cleaning them when you find them? (read: are you sure
, it's going
to keep coming back - a user will download an infected archive, execute
and WHAM! It's there again.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of ASB
Sent: Monday, November 22, 2004 3:34 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] virus
Hi, I've noticed on several occasions that after a
certain machine got raped by viruses, even when
removed and the machine has all latest datfiles and
critical patches, the viruses keep on coming on in and
afflicting the same machine again and again and again.
As stated, this happens even
PROTECTED]
Sent: Monday, November 22, 2004 3:34 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] virus/worm
Wait until your bosses machine gets infected. Maybe that's what it
will take to get the policy changed.
And you should try using another AV product if the current one is not
keeping your
We've seen this, unfortunately there are thousands of variants of this
worm. First things first...
Make absolute sure you are completely cleaning a machine!!! No matter
how much patching is done if the machine has already been compromised it
WILL get reinfected. We found that Mcafee, even
-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, November 22, 2004 3:58 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] virus/worm
Hi, I've noticed on several occasions that after a
certain machine got raped by viruses, even when
removed and the machine has all latest datfiles
PROTECTED] Behalf Of Kern, Tom
Sent: Monday, November 22, 2004 4:24 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] virus/worm
I run a virus scan in safe mode and its hit or miss if Symantec gets it. So i
end up maually deleting the files and reg keys. Typically the files are found
in system32
, 2004 4:29 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] virus/worm
How can it be permanent? I mean if you delete all instances on harddisk and reg
keys in safe mode when nothing is running,where the heck is it coming back from?
I've always wanted to know.
Also,how the heck does it get
PROTECTED] On Behalf Of ASB
Sent: Monday, November 22, 2004 9:34 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] virus/worm
Wait until your bosses machine gets infected. Maybe that's what it
will take to get the policy changed.
And you should try using another AV product if the current one
for a solution that goes around
the roaming virii users without making them change.
sigh...
thanks
-Original Message-
From: Paul van Geldrop [mailto:[EMAIL PROTECTED]
Sent: Monday, November 22, 2004 4:41 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] virus/worm
Even though that first line might
concept but more products are coming out to handle just
the situation that you are experiencing.
-Original Message-
From: Kern, Tom [mailto:[EMAIL PROTECTED]
Sent: Monday, November 22, 2004 2:52 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] virus/worm
I suggested the vlan solution
for a solution that goes
around the roaming virii users without making them change.
sigh...
thanks
-Original Message-
From: Paul van Geldrop [mailto:[EMAIL PROTECTED]
Sent: Monday, November 22, 2004 4:41 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] virus/worm
Even
Title: RE: [ActiveDir] virus/worm
How strong are your passwords on those machines. I am pretty sure variants of the Spybot can try common passwords. A couple other tricks I have used:
Setup your routers to send a syslog alert and then email you any machine attempting to contact IRC ports
to this system is that it does require some IT intervention
but I would rather that than chase a virus.
Brian
-Original Message-
From: Fuller, Stuart [mailto:[EMAIL PROTECTED]
Sent: Monday, November 22, 2004 2:06 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] virus/worm
Talk to the Cisco people
Title: RE: [ActiveDir] virus/worm
I have
my firewall logging to a syslog daemon which emails me any bad ports- typically
the worm/bot goes out 445/.
Snort
doesn't do anything proactive like kill the worm. It will just email me what it
thinks is unusal.
Identifying when the worm kicks
Title: RE: [ActiveDir] virus/worm
Your right that Snort can't patch the systems but it can
help you find the source. If you think it is from a traveling laptop put Snort
or something like it near where the traveling laptops are. It should detect the
scanning by the worm and give you
16 matches
Mail list logo