************************************
**These are the hidden files found**
************************************
Volume in drive C has no label.
Volume Serial Number is 5067-C4CB
Directory of C:\
01/15/2007 12:01 PM 211 BOOT.INI
09/03/2002 11:13 AM 512...
c:\windows\inf\
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP132\
Yes, it did infect system restore. System restore has been disabled on that machine.
So, on Friday before I ran the combo, my Trend Micro Office Scan alerted me of two file infected by the same trojan that were quarrantined but not removed from the system:
Time/Date Computer Name Virus name Infection source Infected file Scan type Scan result View detail...
2/29/2008 12:22:08...
Silent Runners Results:
"Silent Runners.vbs", revision 56, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------...
I am the network administrator for this company. We have safeguards in place to protect the data on our servers (i.e. Acronis, BackupExec) however this bug hit our gal in human resources and we do not image all of our client pcs for roll back. Trend Micro OfficeScan is on the machine, however...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:03 PM, on 2/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe...
Thu Feb 28 12:13:36 2008 => ***** Scanning complete. *****
Thu Feb 28 12:13:36 2008 => Total Number of Files Scanned: 3330
Thu Feb 28 12:13:36 2008 => Total Number of Virus(es) Found: 0
Thu Feb 28 12:13:36 2008 => Total Number of Disinfected Files: 0
Thu Feb 28 12:13:36 2008 => Total Number of...
Thank you very much, will try and post results as soon as I have them. I cannot down the server right now as it is mid-day and too many users are connected.
pechenegs,
Thank you very much for this information, I will surely implement these fixes as soon as possible. Will post results as soon as the scans finish. This will definately be of great benefit for the future as well.
Thanks!
What I'm saying is that for the server to be functioning fine plugged into a 10mb ONLY switch, one would think that the NIC would have to be set to either 10mb/full or 10mb/half setting, right? If it were hardset @ 100mb/FULL, the server would crap out if it were plugged into a 10mb switch...
The computer is NOT on dialup, however the name servers referenced in that registry entry are the correct addresses we use for DNS. Would you still consider this to be a threat?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:22:42 AM, on 2/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe...
If it's functioning fine, plugged into a 10mb switch, then the only possible speeds the NIC could be at would be 10mb half/full right? I've tried setting the new HP switch to 10mb half/auto, but it still crashes. :\ Thanks for your help though.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.