Sounds like you caught one of the generic password/game info stealer trojans - but if they're in a company whoever's botting them might figure that out and start keylogging everything.
In addition to knocking off your AV program they spread via network shares, so you're going to need to pretty much drop to DEFCON 1 to knock this out.
PeregrineFalcon on
Looking for a DX:HR OnLive code for my kid brother.
Can trade TF2 items or whatever else you're interested in. PM me.
We've been knocking IT people off throughout the day and cleaning them up. Still got all these users out there (around 700 PC's) with that .exe and various bad registry entries just waiting to kick it off.
Seems like with the IT people cleaned up, the pushing around has stopped (or at least waned because users don't have permissions to write to other users folders). Now to wait on a patch or solution... or make our own script to clean up the files. While it spread fast and persistantly hit everyone in the company... there doesn't SEEM to be damage at this very moment... but for those that had the file actually run, we can't be sure of what it was doing (50-100% CPU use)
... you're going to "wait and see" on a fucking trojan? o_O
PeregrineFalcon on
Looking for a DX:HR OnLive code for my kid brother.
Can trade TF2 items or whatever else you're interested in. PM me.
You've got to clean off all infected PCs. Now. I don't care if it's 400 or so, they all have to be brought offline and cleaned before rejiggering it into the network.
bowen on
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
Do you have any software distribution system? (e.g. Microsoft SMS, etc) Can you make something that deletes the offending file and replaces it with a 0 byte version with the same name, and set the permissions on it to deny deletion/modification by all? It's a quick way to stop some things from running. Often, other unseen processes are starting the offending processes, and this can at least help until you can get a full handle on it. You also need to be prepared for the possibility that there won't be a good way to remove it, (like if it ends up being a bad rootkit) so you should be able to start reimaging/rebuilding workstations.
embrik on
"Damn you and your Daily Doubles, you brigand!"
I don't believe it - I'm on my THIRD PS3, and my FIRST XBOX360. What the heck?
Our place got hit with this today too, looked like the Oliga Win32 virus. Near as we could tell it was spreading via Microsoft AD when people were logging in. We also saw "1.exe".
I am in Networking so there wasn't much we could do, but I think they are also talking to CA to get an Etrust update or something out there.
Posts
Has some information on that, that may or may not pertain to your particular virus.
Sounds like you caught one of the generic password/game info stealer trojans - but if they're in a company whoever's botting them might figure that out and start keylogging everything.
In addition to knocking off your AV program they spread via network shares, so you're going to need to pretty much drop to DEFCON 1 to knock this out.
Can trade TF2 items or whatever else you're interested in. PM me.
... you're going to "wait and see" on a fucking trojan? o_O
Can trade TF2 items or whatever else you're interested in. PM me.
What?
You've got to clean off all infected PCs. Now. I don't care if it's 400 or so, they all have to be brought offline and cleaned before rejiggering it into the network.
I don't believe it - I'm on my THIRD PS3, and my FIRST XBOX360. What the heck?
I am in Networking so there wasn't much we could do, but I think they are also talking to CA to get an Etrust update or something out there.