ShizCakes posted:

I can't find references to spdz.sys on google (like you said) - find the file on your system and determine if it's related to something of value by inferring from it's location and from it's properties.

The SiWinAcc seems to be related to a storage driver - so you should leave it alone. (Silicon Image makes storage controller chipsets)

JonM1827 posted:

TDSServ EVIL BABY EATER

Hillridge posted:

Crap, still seeing goougly links in google.
I found some info on it, but nothing helpful.

I also turned off 3rd party cookies in Firefox.

I think I'm going to drop into safe mode and run:
spybot, superantispyware, ccleaner, malwarebytes, then combofix.

If that combo doesn't cure it, I don't know what will.

BigKOfJustice posted:

Hillridge posted:

I think this may be a side effect of all the cleaning I did to get rid of my infection. Some text comes up like this in firefox. How do I fix this?

Edit: It's not a font or encoding issue either.

Otacon posted:

The other case was a Toshiba laptop that freezes upon the insertion of any USB plug. All of the plugs freeze the system. Flashdrives, Printers, anything USB will freeze it. This sounds like hardware to me, but she claims it just started happening a few weeks ago. Any ideas on this one? I've never experienced these problems before. Please help.

quote:

The trojan in question (Troj/Qhost-AC) identified by anti-virus company Sophos, is a rather unusual one. It doesn’t seem to install spyware or traditional malware, but instead blocks access to the two most popular BitTorrent sites.

Leonard Leroy posted:

Any good registry guards around? I was using Spybot for a bit, but that seems outdated, and it was kinda unpolished in the first place. Still, it was a good line of defense against malware.

Capnbigboobies posted:

The problem with Teatimer is that if we install it on all the computers we are constantly fixing, the users would just mash accept or even worse delete a benign process/program/registry key.

Mantrid posted:

Don't know if you guys saw this, but here's an interview with an adware coder: http://philosecurity.org/2009/01/12/interview-with-an-adware-author

Some of the stuff he did is pretty clever, like the undeletable registry keys.

macado posted:

crazy virus

Drighton posted:

On Friday computers started losing connections to the network and the only way I could find to get them going again was to assign a static ip address. I noticed the DHCP Server on the computers was different that what we use, and my boss just happened to make some changes to our subnet and DHCP settings that week, so I forwarded the problem to him.

He got back to me yesterday and updated me today with what he found:
-Guy has Bittorrent/P2P/whatever on his computer, most likely source of the virus
-Virus spoof's itself as the default gateway
-Virus listens for DHCP requests on the network, constructs a packet, tells the computer to keep it's current address and changes the DNS servers.
-DNS servers resolve to Russia and redirect every major Bank's webpage to an duplicate

Not very conspicuous on a business network, but for a home network that is one very sneaky virus. I'm hoping to get a better look at it before I wipe his computer, but my boss may have already tried removing it.

Delicious Sci Fi posted:

One of my users got a trojan I have never seen before. SuperAntiSpyWare picks it up as:

Trojan.Agent/Gen.RedDragon

I can't find anything on it. Google returns a whole bunch of reggae and D&D matches. Anyone know anything about it?

Also what is a good trusted site to look up info on trojans/ viruses?

taiyoko posted:

No proxy settings on IE or FF. Nothing suspicious listed in running processes, but this is rather strange to me...

CraigK posted:

Well, saw my first instance of MS Antivirus; it was on a public computer used to sign up for timeslots for advising or something; anyway, I never knew how evil it was. Of course, I'm assuming that it's totally unrelated to the "www.sexyteensluts.biz" and "www.hairydykes.net" that I noticed in the search history.

Is it hard to get off a computer, or are the computer janitors in charge going to have a real fun time getting rid of it?

hobb posted:

So I have a weird problem with Avira Antivir that started a few days ago, namely it stopped being able to autoupdate itself. The update takes ages and just hangs on "scanning for updates.." before I just force it to stop.

I dont think the update servers down because its been days, the last update before I manually updated it was on 6/26. I haven't changed anything so I'm not sure what caused it to start. I'm using the win 7 RC, and prior to this it was auto updating just fine.

Grand Fromage posted:

That makes me feel better at least. I have a C: partition for Windows, then all my programs on D: partition, then another internal and three external drives. If I format C: and reinstall, I shouldn't have to worry about reinfection from those other drives/partitions? Or would I have to completely wipe the physical drive that the C: partition is on? Or both internals?

devmd01 posted:

As ugly and retarded as this is going to get, we are being directed by our pci/sox auditors to install antivirus on all servers that fall under pci scope.

For desktops, we're running Symantec Endpoint Protection, but I'm entirely reticent to put that on servers, so i'm researching other options for the servers. Is anyone running A/V on their servers, what are you using, how happy are you with it?