RE: PC that can't Google

Possible file was set to read-only. read only attributes wouldn't let you edit it. That ::1 is ivp6 address. Further down in that hosts.junk should be some funny addresses there with a ton of blank space between the ::1 & the end of file. Tammy From: Bob Hartung [mailto:bhart...@wisc

RE: PC that can't Google

Likely the hosts file is hidden. attrib -s -h -r c:\windows\system32\drivers\etc\hosts Then open it in notepad Lately seeing the bad hosts entries at very bottom of hosts file after about 100 blank lines. Once in a while too I see the ACLs changed on the hosts file to make difficulty in editing

RE: test message

passed test? From: Donald Bittenbender [mailto:donald.bittenben...@gfi.com] Sent: December-09-11 5:10 PM To: NT System Admin Issues Subject: test message Just posting a friendly test message to the list. Donald Bittenbender -

RE: Mevio?

Sounds a bit nasty -- I've run into a few of these lately. What OS? and is it 32 or 64 bit? Sounds like MBR infection - possibly mbr.sst.a or .b It is commonly dropped with that & similar rogue AVs. This program should tell you if the MBR is faked http://ad13.geekstogo.com/MBRCheck.exe

RE: Renaming blank files from cmd line

System Admin Issues Subject: Re: Renaming blank files from cmd line On Mon, Oct 31, 2011 at 9:06 AM, Tammy Stewart wrote: > Del *.* /p works if the blank is not in a directory where other files reside > that I cannot blanket delete. (such as sytem32) When you do a DEL *.* /P, it will prom

RE: Renaming blank files from cmd line

Have not tried chkdsk -- good idea. Cacls/icacls usually works Del *.* /p works if the blank is not in a directory where other files reside that I cannot blanket delete. (such as sytem32) Believe I found a way to find these blanks. We have an ARK tool I can specify directories to scan from cmd li

RE: Renaming blank files from cmd line

nks, Tammy _ From: Tammy Stewart [mailto:copper...@personainternet.com] Sent: Saturday, October 29, 2011 4:52 PM To: NT System Admin Issues Subject: RE: Renaming blank files from cmd line This is a screenshot of what they look like: http://s257.photobucket.com/albums/hh239/blendersw

RE: Renaming blank files from cmd line

This is a screenshot of what they look like: http://s257.photobucket.com/albums/hh239/blendersww/?action=view ¤t=blanks.jpg In the pic - the renamed exe (exe_) is the infected file. The proper exe is the cleane

RE: Renaming blank files from cmd line

Kewl. You have a link or something with details to do/use those tools? Most of the removals I am doing is remote.. I don't actually have my hands on the box physically. Thanks, Tammy _ From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Saturday, October 29, 2011 4:4

RE: AV and malware protection?

Viruses (true file infectors) like Sality, Virut, XPAJ, xpiro, murofet, Mabezat and a few other true viruses are still quite common which Malwarebytes cannot deal with. Mabezat usually hauls in a variant of zbot/zues which is after banking/CC info... Malwarebytes might see the zbot files from mabez

RE: Torpig/Anserin/Mebroot infection

If Vipre does not find the culprit John, don't be shy to shoot us a support ticket request. We'll help find it. Support request page: www.gfi.com/supportform Indicate you need security response & ticket will get to us faster. Tammy -Original Message- From: Paul Hutchings [mailto:paul.hu

RE: Did you know...

Yes - the quotes are automatically added if path contains spaces. Cmd does it too. Something a bit more on the "evil" side of things. (I kill malware for a living so that is all I ever think about) To test I just use notepad. Drop a copy of it someplace & rename the extension to say .bla Dro

RE: Vipre- possible false positive DAT??

11 9:39 AM To: NT System Admin Issues Subject: RE: Vipre- possible false positive DAT?? We have a machine with 9900 and it still has the issue, I do not belive this has been resolved. From: Tammy Stewart [mailto:copper...@personainternet.com] Sent: Tuesday, July 19, 2011 8:32 AM To: NT Sy

RE: Vipre- possible false positive DAT??

d to restore files, etc from quarantine a support ticket can be filled out here: Support request page: www.gfi.com/supportform Regards, Tammy _ From: Tammy Stewart [mailto:copper...@personainternet.com] Sent: Tuesday, July 19, 2011 9:10 AM To: NT System Admin Issues Subject

RE: Vipre- possible false positive DAT??

Good morning everyone, I see a couple samples that have been sent in to our f/p report site so looks like they are aware. If someone wants to submit a suspect f/p file - here is where you can upload it to: http://www.sunbeltsecurity.com/falsepositive/ Regards, Tammy _

RE: question about OEM Windows License Keys

I had a machine a couple years ago Jimmy, Dell as well. Customer did not have the recovery CDs & the machine needed a new hard drive. I just called Dell, provided them with the model, serial, customer info etc & asked for a recovery CD set. Took me a couple attempts as the person who I talked to

RE: It isn't worth it

Blacklisting "keygen.exe" and "crack.exe" in your AV software, then it showing up in scans would clearly justify investigating deeper since we all know keygens can be dangerous, put networks, data etc at risk, and so on :D Tammy _ From: richardmccl...@aspca.org [mailto:richardmccl.

RE: Fake antivirus

-Original Message----- From: Tammy Stewart [mailto:copper...@personainternet.com] Sent: Friday, June 17, 2011 8:59 AM To: NT System Admin Issues Subject: RE: Fake antivirus If the machine has VIpre -- Give us a shout John, We'll find that hijacker. :) www.gfi.com/supportform -

RE: Fake antivirus

If the machine has VIpre -- Give us a shout John, We'll find that hijacker. :) www.gfi.com/supportform -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, June 17, 2011 8:48 AM To: NT System Admin Issues Subject: RE: Fake antivirus Could be... He's

RE: Fake antivirus

Looks like Sept 1 2011. http://clearclouddns.com/ If using - may want to set a secondary DNS before anyone forgets. (OpenDNS might be a decent alternative) Cheers! Tammy _ From: David [mailto:blazer...@gmail.com] Sent: Thursday, June 16, 2011 2:46 PM To: NT System Admi

RE: Fake antivirus

Good to hear Mike, Just in case some others missed it - http://supportforums.sunbeltsoftware.com/messageview.aspx?catid=76 &threadid=7944&enterthread=y If still getting redirects after the rog

RE: User accounts for shared folders

between them is that Full Control grants the ability to modify permissions. Kurt On Mon, Jun 13, 2011 at 13:05, Tammy Stewart wrote: > Hi Kurt, > > It is the NTFS permissions on the shares. (right click folder> properties> > security) (not who on the network have access) >

RE: User accounts for shared folders

ubject: Re: User accounts for shared folders On Mon, Jun 13, 2011 at 10:57, Tammy Stewart wrote: > Ran into something interesting today t-shooting a virus issue on a network. > > On every share there is no system account listed. Only Domain admins & > domain users. > > M

RE: Blow your wife's mind

Looks like someone's account might be p0wn3d? _ From: Leah Nunez [mailto:agbpnkyuayl...@gwido.com] Sent: Friday, June 10, 2011 3:32 AM To: NT System Admin Issues Subject: Blow your wife's mind Like a certain brand of watches, but never wanted to pay the pr

RE: remote support and UAC

+1 on TeamViewer. No issues answering UAC prompts etc. We use it for customer support at work. (the quick support client is awesome for those situations where you need in> do whatever> out & not likely to be a regular visit to that PC) Tammy _ From: Tony Patton [mailto:apco...@gm

RE: Win 7 recovery virus

Sounds like possibly a new variant. If you have any samples please upload them to our submit site. http://www.sunbeltsecurity.com/threat If you are also having the issue where all the files/folders are hidden & start menu icons, desktop icons missing - this page should help: (unless the unhide.ex

RE: 'All Programs' icons missing

We have a writeup at the GFI forums for this .. Bit of work but should help: http://supportforums.sunbeltsoftware.com/messageview.aspx?catid=76&threadid= 7944&enterthread=y Tammy -Original Message- From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com] Sent: Monday, June 06, 2011 4:36

RE: RE: Fake antivirus

, MCSE Thumb-typed from my HTC Droid Incredible (and yes, it really is) on the Verizon network. Please excuse brevity and any misspellings. On Jun 3, 2011 10:43 AM, "Tammy Stewart" wrote: > Hi John, > > If you can get the fake AV's name -- I can likely shoot you som

RE: Fake antivirus

If it is the fake AV/HDD tool that hides all the files/folders & moves the shortcuts to %temp% combofix is not recommended because one of the things combofix does is empty out all temp folders which is where the start menu icons are. Regards, Tammy _ From: David [mailto:blazer.

RE: Fake antivirus

Hi John, If you can get the fake AV's name -- I can likely shoot you some info. There is a new(ish) one on the block that hides files, folders, shortcuts and such. (windows recovery) If that is what you see -- let me know. We have a restore procedure to restore the hidden/moved files. Also don't n

RE: NAS drives (search tool)

/linux systems, so the ssh option should work. -- RMc Tammy Stewart wrote on 05/20/2011 09:51:33 AM: > I think it runs on Samba 3.0 > > Thanks, > > Tammy > > > From: Matthew B Ames [mailto:matthew.a...@qinetiq.com] > Sent: Friday, May 20, 2011 10:37 AM &

RE: NAS drives (search tool)

:40 AM, Tammy Stewart wrote: That indeed looks nice. Thanks. Will pass it on & see if he can get it to do what is needed. Drives are: Buffalo TeraStation PRO NAS drives (model # TS-RHTGL/R5) Not sure if that makes any difference or not but thought I would throw it out there an

RE: NAS drives (search tool)

oing process, not a one time event ! ' From: Tammy Stewart [mailto:copper...@personainternet.com] Sent: Friday, May 20, 2011 9:56 AM To: NT System Admin Issues Subject: RE: NAS drives (search tool) Has "everything" changed recently? Last time I installed it, it only showed

RE: NAS drives (search tool)

eraStation data then I would contemplate a restoration of the backup to more responsive hardware, clean that, wipe the Terastation and restore the cleaned data. On Fri, May 20, 2011 at 9:40 AM, Tammy Stewart wrote: That indeed looks nice. Thanks. Will pass it on & see if he can get it t

RE: NAS drives (search tool)

ing process, not a one time event ! ' From: Tammy Stewart [mailto:copper...@personainternet.com] Sent: Friday, May 20, 2011 9:11 AM To: NT System Admin Issues Subject: NAS drives (search tool) Hi, I am looking for some sort of tool that can search an entire NAS drive for a certain file,

RE: NAS drives (search tool)

rise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 <http://www.fiserv.com/> www.fiserv.com From: Tammy Stewart [mailto:copper...@personainternet.com] Sent: Friday, May 20, 2011 9:11 AM To: NT System Admin Issues Subject: NAS drives (s

NAS drives (search tool)

Hi, I am looking for some sort of tool that can search an entire NAS drive for a certain file, display it so it can be deleted. (not much unlike agent ransack, windows search, etc) A customer I am working with has 16 large drives with several TB of data on each and many many shares. (in the

RE: Antivirus Center

NT System Admin Issues Subject: RE: Antivirus Center Thanks. I'll have to remember that. I occasionally have to walk a sales rep through something on the phone and we all know how computer literate Sales Droids can be. ;-) -Original Message- From: Tammy Stewart [mailto:copper...@personainter

RE: Antivirus Center

, May 04, 2011 2:43 PM To: NT System Admin Issues Subject: RE: Antivirus Center Well, he's already shipping it out, and he's frustrated, I'm frustrated... wish I could get the company to spring for a "logmein" account.. *sigh* -Original Message- From: Tam

RE: Antivirus Center

: Wednesday, May 04, 2011 3:29 PM To: NT System Admin Issues Subject: RE: Antivirus Center Thanks! Will do! 'Preciate it, Tammy! :D -Original Message- From: Tammy Stewart [mailto:copper...@personainternet.com] Sent: Wednesday, May 04, 2011 3:23 PM To: NT System Admin Issues Subjec

RE: Antivirus Center

Hi John, Log onto a different account -- that one is normally profile specific. Log off first user though or you risk infecting the next account. If only one account on the machine -- try safe mode admin account or safe mode user account (threat shouldn't run in safe mode) Decent writeup on this

RE: Trend Micro Internet Security 14

p; the on-board one but the on-board one worked. Tammy Stewart -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Tuesday, April 19, 2011 5:47 PM To: NT System Admin Issues Subject: RE: Trend Micro Internet Security 14 Well, I suppose if Trend can't

RE: Windows Update problem

This might also be worth a check: (kb2524375) http://social.technet.microsoft.com/Forums/en-US/w7itproinstall/thread/eed44 107-d44b-4ce6-8c3c-9b123303920a Tammy -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Thursday, April 14, 2011 9:11 AM To: NT Syst

RE: search program

I use & like Agent Ransack: (the free version works fine) http://www.mythicsoft.com/page.aspx?type=agentransack &page=home Tammy _ From: roberto.gri...@gmail.com [mailto:roberto.gri...@gmail.com] Sent: Thursday,

RE: Rogue AV kills XP box

e free malware removal service you may want to consider: Submit support request http://www.sunbeltsoftware.com/SupportForm/ Don't be shy to give us a shout. Regards, Tammy Stewart Malware Removal Specialist GFI Software -Original Message- From: Guyer, Don [mailto:don.gu...@fiserv.co