|
Seconding the "just nuke them from orbit" philosophy for everything except the most benign adware. The amount of time spent cleaning a virus and even then still not being 100% sure everything is gone could be spent backing up files, reformat, and reinstalling drivers. A job like this takes me a max of 3 hours on average, but only 1 hour of real, actual work - yes, they get charged for all 3 hours. And let's be honest, most of these people could use a good reformat with the latest patches and an antivirus product that hasn't run out of its subscription 90 days after they purchased the pc.
|
#
¿
Feb 9, 2009 14:50
|
|
|
|
| # ¿ May 15, 2024 14:56 |
|
|
Let's just say that if conficker hits my company, we are hosed, unless they have implemented reeeeally good detection rules in the IDSs. Guess who is supposed to be monitoring the SAV server? Guess who hasn't been able to get on the SAV system console to make sure everything is running as it should and change the virus alert notification email from the old admin to the new one because the server team can't figure out how to give me permissions to the security console? e: Orange Juilius posted:List of default passwords that Conficker attempts to use on ADMIN$ shares It doesnt have the most commonly used passwords on there. I'm safe. 
devmd01 fucked around with this message at 20:13 on Feb 13, 2009 |
|
#
¿
Feb 13, 2009 20:05
|
|
|
You know what I'm thankful for? A lightning storm that fried my parents router back in November. They live a thousand miles away. Because of that I made them get a WRT54GL and while I was there for Christmas I got it all tweaked with Tomato, wireless security and SSH enabled. Fast forward to yesterday, and I get a call from my mom about some antivirus 2009 warning popup thing. Thanks to the router having ssh all I had to do was talk my dad through downloading and running tightvnc server. I could take care of the rest through ssh tunneling, instead of talking him through things that would be a pain in the rear end to explain. They apparently had some new variant called "XP Police 2009", though malwarebytes seems to have cleaned it right up. It's probably time to get Symantec Corp 7.5 changed out for AVG, update other possible infection vectors, and get noscript+adblock installed and explained. Dammit, I just realized that they just got a 22" widescreen, and are still running it at 1024x768.
|
|
#
¿
Feb 18, 2009 19:43
|
|
|
Computer Issues Again, Ugh!!!! posted:All was well last night at 10:30 with the computer. This morning, there is something preventing us from going onto our desktops. We try to go to a desktop and are immediately advised we are "shutting down" - placing us back to the desktop selection screen after seeing a glimpse of our wallpaper. The anti-virus software you placed on the computer is identifying several trojan viruses. I click on the buttons to "heal" them or remove them. *sigh*
|
|
#
¿
Mar 16, 2009 15:43
|
|
|
Midelne posted:I've been seeing that around a lot lately. I can't say that I particularly enjoy seeing it either. I ran into it last week on a co-workers laptop, wouldn't even let you in under safe mode. Since it was a company laptop, I just booted to a PE cd, copied his excel files off to a flash drive, and reimaged. This, however, presents a bit more of a challenge. As mentioned previously, my parents are a good 1000+ miles away and they are not the most technical, so this is going to be an exercise in frustration. Thankfully, I just checked their NAS and the backup jobs are current, so all of their files are available. What I'll probably end up doing is creating a slipstreamed SP3 disk with all of their drivers, wget it to their NAS from my home server, and then talk my dad through burning the disk off with Imgburn using his work laptop. Or, just convince them to get a new computer altogether since theirs is 5+ years old.
|
|
#
¿
Mar 16, 2009 17:54
|
|
|
Just got off the phone with my Dad...their computer exhibits the exact same issues as my coworker's laptop last week, can't even get into safe mode. SO IT BEGINS. Man I love the NSLU2 and the Unslung firmware, it has removed 90% of the headache involved with talking someone through a  over 1000 miles away.
|
|
#
¿
Mar 17, 2009 03:04
|
|
|
Victory is mine, I love it when a plan comes together. Click here for the full 800x500 image. EDIT: dammit, I just noticed that it installed system to F:. Time to have him run through the install again, this time deleting off all of the disk partitions. Thank God for the NAS backup. devmd01 fucked around with this message at 02:52 on Mar 18, 2009 |
|
#
¿
Mar 18, 2009 02:41
|
|
|
GREAT BOOK OF DICK posted:If the author(s) of Conficker are truly insane (like The Joker kind of crazy), they could simply use April Fool's day as a parting gift to the world. Force all infected clients to format C: on April 1st and delete everything, including Conficker. It would be a refreshing change from running a botnet for sending out penis pill emails. Quick, someone buy stock in OnTrack!
|
|
#
¿
Mar 30, 2009 14:14
|
|
|
As ugly and retarded as this is going to get, we are being directed by our pci/sox auditors to install antivirus on all servers that fall under pci scope.  For desktops, we're running Symantec Endpoint Protection, but I'm entirely reticent to put that on servers, so i'm researching other options for the servers. Is anyone running A/V on their servers, what are you using, how happy are you with it?
|
|
#
¿
Jul 8, 2011 16:24
|
|
|
|
| # ¿ May 15, 2024 14:56 |
|
|
Hex Darkstar posted:files with names like 8000000.$ and what not in %UserProfile%\Local Settings\Application Data\<random name>\U\ and explorer.exe would connect to an outside address that wasn't registered to us and to begin with explorer shouldn't be talking to remote addresses to begin with. Ran into this the last couple of days myself, endpoint protection reports it as "Trojan.Gen," which is of course super loving helpful. Thankfully the user account is limited, and considering I noticed some coupon toolbar installers in the downloads folder (  ), I dropped on the altiris job i created to reboot the machine and blow away the profile. That seems to have fixed it.I gives no fucks about your files if you're doing stupid poo poo like that. 
|
|
#
¿
Oct 20, 2011 14:15
|
|