Hi everyone!
Thought of posting this here in the hope of getting some feedback
regarding a problem we encountered with Trojan infections. Lately we had a
number of workstations, about three, infected with a number of Trojans.
Examples of these were Troj/Agent-GPK, Mal/Behav-112 and
]
Sent: Thursday, February 14, 2008 7:39 AM
To: NT System Admin Issues
Subject: RE: Regarding Trojan Infections!
I'm not sure why it's happening, but in my experience, when we have a
machine that is infected, we move it off the network. Once off, we
gather all info that is needed (which most
Not to mention, you can never be 100% sure you found and removed everything.
Carl
_
From: Joe Heaton [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 14, 2008 10:41 AM
To: NT System Admin Issues
Subject: RE: Regarding Trojan Infections!
I agree with this for the most part. Takes
Admin Issues
Subject: RE: Regarding Trojan Infections!
Not to mention, you can never be 100% sure you found and removed
everything.
Carl
From: Joe Heaton [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 14, 2008 10:41 AM
To: NT System Admin Issues
On Thu, Feb 14, 2008 at 4:40 AM, [EMAIL PROTECTED] wrote:
... infected with a number of Trojans. ... unable to remove them completely.
Let me guess: People are running with admin rights for the accounts
used for day-to-day operation. Right?
If so, then: Yes. The attackers will use the
Cause, then it would not be just clean, it would be squeaky clean!!
- Original Message -
From: Mike Gill
To: NT System Admin Issues
Sent: Thursday, February 14, 2008 1:11 PM
Subject: RE: Regarding Trojan Infections!
Why?
--
Mike Gill
From: Ziots, Edward
Why?
--
Mike Gill
From: Ziots, Edward [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 14, 2008 8:13 AM
To: NT System Admin Issues
Subject: RE: Regarding Trojan Infections!
I would also look into Dart Boot and Nuke CD, and do a sector overwrite of
the hard-drive before you re-image
No, they don't.
Adobe can be taken care of with AD GPOs or SMS or ..., Microsoft updates
can be taken care of with WSUS or SMS or ...
None of my end users have local admin, and I have absolutely no trouble
keeping their desktops up-to-date... all 250+ of 'em.
[EMAIL PROTECTED] wrote:
Security
Sorry, but you're confusing best practices with the way Windows (up
through XP, at least) actually works...
Security patches from MS and Adobe require admin rights to run.
Pieces of crap off the internet (games, screen savers, Yahoo apps, etc)
get installed no matter what kind of a user is
Which to me presents a bigger problem than the original issue altogether.
-Original Message-
From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 14, 2008 1:53 PM
To: NT System Admin Issues
Subject: Re: Regarding Trojan Infections!
+1
On Thu, Feb 14, 2008 at 11
You missed my point...
We can set the GPOs, etc when we learn of available security patches.
Low-level users cannot run them themselves when they hear of them. They
can still, however, download and install crap.
I don't mind the former - that's how it should be. It's the latter
(especially
Low-level users shouldn't be _able_ to install anything. Taking care of the
rest is process on our part. If low level users are installing ANYTHING, it
should be because they're redirecting to areas of the system (Docs and
settings, for example), that they have rights to. By extension, anything
Netwok Engineer
Lifespan Organization
MCSE,MCSA,MCP,Security+,Network+,CCA
Phone: 401-639-3505
-Original Message-
From: Mike Gill [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 14, 2008 1:12 PM
To: NT System Admin Issues
Subject: RE: Regarding Trojan Infections!
Why?
--
Mike
On Thu, Feb 14, 2008 at 1:30 PM, [EMAIL PROTECTED] wrote:
Security patches from MS and Adobe require admin rights to run.
Sure. I handle that with WSUS, GPOs, scripting, and other tools
that run under a system context (not the context of the logged in
user), and thus have admin rights.
14 matches
Mail list logo