• Hi Guest - Sign up now for Secret Santa 2024!
    Click here to sign up!
  • Hi Guest - Come check out all of the new CP Merch Shop! Now you can support CigarPass buy purchasing hats, apparel, and more...
    Click here to visit! here...

SedoParking virus

D

Diesel Grinch

I have Neal's pants.
Joined
May 18, 2005
Messages
1,292
This virus redirects your browser to www.sedoparking.com. Problem is it gets to the point of blanks pages with Explorer and FF. I try ComboFix & Malwarebytes' Anti-Malware both didn't find it. The tech guys are getting ready to wipe my hard drive. It's real hell for me to get everything over to a new hard drive as I'm right in the middle of putting in a new major system and upgrading the OS on another. Lots of programs that I'm worried I'll lose.

Anyone dealt with this? Anyone know of a fix?

Thanks,
DG
 
Diesel Grinch said:
This virus redirects your browser to www.sedoparking.com. Problem is it gets to the point of blanks pages with Explorer and FF. I try ComboFix & Malwarebytes' Anti-Malware both didn't find it. The tech guys are getting ready to wipe my hard drive. It's real hell for me to get everything over to a new hard drive as I'm right in the middle of putting in a new major system and upgrading the OS on another. Lots of programs that I'm worried I'll lose.

Anyone dealt with this? Anyone know of a fix?

Thanks,
DG
Click to expand...


This fix may work. It did for this user. I hope it works out well for you.

Sedoparking virus removal
 
Diesel Grinch said:
This virus redirects your browser to www.sedoparking.com. Problem is it gets to the point of blanks pages with Explorer and FF. I try ComboFix & Malwarebytes' Anti-Malware both didn't find it. The tech guys are getting ready to wipe my hard drive. It's real hell for me to get everything over to a new hard drive as I'm right in the middle of putting in a new major system and upgrading the OS on another. Lots of programs that I'm worried I'll lose.

Anyone dealt with this? Anyone know of a fix?

Thanks,
DG
Click to expand...

You could try this:
http://www.microsoft.com/security/malwareremove/default.aspx

Or try ad-aware.
 
Spybot is also a good free malware removal program. If all else fails, just run regedit and do a search for sedoparking and its IP addresses and delete the entries.
 
If you have this, you probably have something else that hasn't been detected, too. Best option is to wipe and re-install. I know it sucks to go through, but it's the safest bet. We don't even play around with "cleaning" anything on our networks. Wipe and re-install and hope (barely) that they have a copy of their data. :/

-John
 
Diesel Grinch said:
The tech guys are getting ready to wipe my hard drive.
Click to expand...


Then they don't know how to deal with malicious software and you should get rid of them. With the exception of a very select group of actual viruses that infect PE files, there is no malware that should require that you format and reinstall. In most of those rare instances, even then it's possible to avoid reinstalling but is often simply not time effective.

I don't have a sample or reliable logs of this particular infection but there are relatively few redirects which go out of their way to hide or protect themselves. If I had to take a guess, I'd say you've simply got a BHO tagged on to your system. If it were me, I'd first start by running HijackThis (do a scan only and review the logs for anything that looks suspicious) as well as gmer (allow it to do a preliminary scan, then go to the right and do a full scan and see what it comes up with). Be aware, Gmer installs a momentary randomly named service through which it is able to more fully evaluate the system and any hooking which has been done which HiJackThis will pick up on and display so I'd do it in this order or you'll have an errant, suspicious looking service which you don't need to worry about.


No, they're not really automated tools...but that's a not a bad thing. Oh, and...if you have time and you think about it...send me a copy of your infection? :D
 
pembroke3355 said:
Diesel Grinch said:
This virus redirects your browser to www.sedoparking.com. Problem is it gets to the point of blanks pages with Explorer and FF. I try ComboFix & Malwarebytes' Anti-Malware both didn't find it. The tech guys are getting ready to wipe my hard drive. It's real hell for me to get everything over to a new hard drive as I'm right in the middle of putting in a new major system and upgrading the OS on another. Lots of programs that I'm worried I'll lose.

Anyone dealt with this? Anyone know of a fix?

Thanks,
DG
Click to expand...


This fix may work. It did for this user. I hope it works out well for you.

Sedoparking virus removal
Click to expand...


grateful1 said:
Diesel Grinch said:
This virus redirects your browser to www.sedoparking.com. Problem is it gets to the point of blanks pages with Explorer and FF. I try ComboFix & Malwarebytes' Anti-Malware both didn't find it. The tech guys are getting ready to wipe my hard drive. It's real hell for me to get everything over to a new hard drive as I'm right in the middle of putting in a new major system and upgrading the OS on another. Lots of programs that I'm worried I'll lose.

Anyone dealt with this? Anyone know of a fix?

Thanks,
DG
Click to expand...

You could try this:
http://www.microsoft.com/security/malwareremove/default.aspx

Or try ad-aware.
Click to expand...


Strayvector said:
Spybot is also a good free malware removal program. If all else fails, just run regedit and do a search for sedoparking and its IP addresses and delete the entries.
Click to expand...


Wolfie said:
Diesel Grinch said:
The tech guys are getting ready to wipe my hard drive.
Click to expand...


Then they don't know how to deal with malicious software and you should get rid of them. With the exception of a very select group of actual viruses that infect PE files, there is no malware that should require that you format and reinstall. In most of those rare instances, even then it's possible to avoid reinstalling but is often simply not time effective.

I don't have a sample or reliable logs of this particular infection but there are relatively few redirects which go out of their way to hide or protect themselves. If I had to take a guess, I'd say you've simply got a BHO tagged on to your system. If it were me, I'd first start by running HijackThis (do a scan only and review the logs for anything that looks suspicious) as well as gmer (allow it to do a preliminary scan, then go to the right and do a full scan and see what it comes up with). Be aware, Gmer installs a momentary randomly named service through which it is able to more fully evaluate the system and any hooking which has been done which HiJackThis will pick up on and display so I'd do it in this order or you'll have an errant, suspicious looking service which you don't need to worry about.


No, they're not really automated tools...but that's a not a bad thing. Oh, and...if you have time and you think about it...send me a copy of your infection? :D
Click to expand...


First off thanks guys.

pembroke3355 my browser won't even go to that site. I'm going to try another PC.

grateful1 didn't find anything.

Wolfie tried Hijack this and got the log here. If anything jumps out at anyone let me know.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:41:30 PM, on 10/21/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\CA\eTrust\Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust\Antivirus\InoTask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Lotus\Notes\ntmulti.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\PGPsdkServ.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Network Associates\PGP for Windows 2000\PGPservice.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\CA\eTrust\ANTIVI~1\realmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WDT400\system\evfctcpd.exe
C:\WDT400\SYSTEM\EVFWLX40.EXE
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\LAUNCHER400\LNCsrv.exe
C:\Program Files\LAUNCHER400\LNCadm.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WDT400\RXAPI.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\CA\eTrust\Antivirus\InoRT.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Lotus\Notes\NLNOTES.EXE
C:\Lotus\Notes\ntaskldr.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\PROGRA~1\IBM\CLIENT~1\Emulator\pcsws.exe
C:\Program Files\IBM\Client Access\Emulator\PCSCM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\MCHT5\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\eTrust\ANTIVI~1\realmon.exe -s
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe"
O4 - HKLM\..\Run: [5733-IC1/eserver/hardware] "C:\Program Files\IBM\Information\eclipse\IC_start.bat"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINNT\inf\unregmp2.exe /FixUps
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Launcher400.LNK = C:\Program Files\LAUNCHER400\LNCsrv.exe
O4 - Startup: MochaSoft TN3812.lnk = C:\Mochasoft\mtn3812.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CODE400 Editor initialization.lnk = C:\WDT400\codebrws.exe
O4 - Global Startup: Communication Daemon.lnk = C:\WDT400\system\evfctcpd.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install-ie/alttiff.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.0.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {556F788E-BDE9-4DE9-8BEA-CADCF4B531C9} (SEAGULL J Walk ActiveX 4.1 Client) - http://191.144.120.48/jwalk/JWalkX/jwalk41.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123536295171
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://c.ancestry.com/cab/ImageViewer/MFImgVwr.cab
O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} (IBM Lotus iNotes 8.5 Control) - https://webmail.standarddata.com/dwa85W.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChatENU/TLIEFlash.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {DCBDA427-FB4C-46BF-A442-41EC5BA87F1B} - https://racalendarplugin.themeetingson.com/plugins/OP3.02000RCOGN000.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://cyclonecommerce.webex.com/client/v_mywebex-t20-localized/support/ieatgpc.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.2.cab
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINNT\CWBRXD.EXE
O23 - Service: DB2DAS - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\\bin\db2dasrrm.exe
O23 - Service: DB2 Governor (DB2GOVERNOR) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2govds.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
O23 - Service: DB2 License Server (DB2LICD) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2licd.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\Antivirus\InoTask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINNT\LogWatNT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Lotus\Notes\ntmulti.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: PGPsdkService (PGPsdkServ) - Networks Associates Technology, Inc. - C:\WINNT\System32\PGPsdkServ.exe
O23 - Service: PGPService - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\PGP for Windows 2000\PGPservice.exe
O23 - Service: Reform Spooler Service (Reform_Spooler_Service) - FabSoft - C:\Program Files\Reform\reformEnt.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10977 bytes


Thanks again.
DG
 
blush.gif
Damn,wrong thread, I thought I was looking at CC box codes .
 
Wolfie said:
Then they don't know how to deal with malicious software and you should get rid of them.
Click to expand...

While I agree that any good IT person should know how to remove the virus, I'm not so sure I agree that this is the best solution in a business environment. Typically, wiping a compromised system is the most reliable and cost effective way of dealing with maleware. Anyone worth their salt should be able to get this done in a matter of just an hour or two, which is arguably much faster than any other method of fixing the problem. With the size of hard drives today, a full virus scan alone can take hours to complete. Anti-virus and spyware tools are great as defensive products, but I typically don't recommend them for system recovery. It's usually best to backup any files or programs that will be needed later on, quarantine those files, re-image the machine, run a virus/malware scan on the quarantined files and then move them back over the the newly imaged system. Keep in mind, some of these steps can be run in parallel so this further cuts down on the amount of downtime. This solution is both faster and less prone to missing things that can lead to future issues. On my personal machines, I'd be more comfortable going through the process of trying to remove all the infected files and such. Then again, I've never had the displeasure of getting one of my machines infected. However, for a business, where IT usually has backup machines and corporate os images on hand, it's usually much more cost effective to do a backup and simply wipe the system. The only exception to this is the rare case where the user has a unique situation and they do not want the machine re-imaged. However, this usually comes at the expense of added downtime, which is the number one cost in almost any IT environment. Regardless, even with this solution, you would still need to backup the data, quarantine it, and run a scan to make sure the files aren't infected.

The only other solution that I can think of would be to use the system restore built in to windows to try and restore to an earlier point in time, but in my experience this is hit or miss for removing viruses from a compromised system.
 
dlow said:
Wolfie said:
Then they don't know how to deal with malicious software and you should get rid of them.
Click to expand...

While I agree that any good IT person should know how to remove the virus, I'm not so sure I agree that this is the best solution in a business environment. Typically, wiping a compromised system is the most reliable and cost effective way of dealing with maleware. Anyone worth their salt should be able to get this done in a matter of just an hour or two, which is arguably much faster than any other method of fixing the problem. With the size of hard drives today, a full virus scan alone can take hours to complete. Anti-virus and spyware tools are great as defensive products, but I typically don't recommend them for system recovery. It's usually best to backup any files or programs that will be needed later on, quarantine those files, re-image the machine, run a virus/malware scan on the quarantined files and then move them back over the the newly imaged system. Keep in mind, some of these steps can be run in parallel so this further cuts down on the amount of downtime. This solution is both faster and less prone to missing things that can lead to future issues. On my personal machines, I'd be more comfortable going through the process of trying to remove all the infected files and such. Then again, I've never had the displeasure of getting one of my machines infected. However, for a business, where IT usually has backup machines and corporate os images on hand, it's usually much more cost effective to do a backup and simply wipe the system. The only exception to this is the rare case where the user has a unique situation and they do not want the machine re-imaged. However, this usually comes at the expense of added downtime, which is the number one cost in almost any IT environment. Regardless, even with this solution, you would still need to backup the data, quarantine it, and run a scan to make sure the files aren't infected.

The only other solution that I can think of would be to use the system restore built in to windows to try and restore to an earlier point in time, but in my experience this is hit or miss for removing viruses from a compromised system.
Click to expand...

This happens a LOT more often than folks think.
The person would rather be down for a 1/2-1 day than take 4 hours reinstalling their software(non-OS).
 
dlow said:
While I agree that any good IT person should know how to remove the virus, I'm not so sure I agree that this is the best solution in a business environment. Typically, wiping a compromised system is the most reliable and cost effective way of dealing with maleware.
Click to expand...


You're right, this is a good point. My assumption was that this was a personal machine. However, if this were to happen to a business machine, then it's probably best to not try to remove the infection at all and instead simply hand it over to the IT department so they can handle the situation as per company policy. They need to be aware and able to take action if there is any possibility the infection is network aware or on a machine with sensitive information.

The company policy in my primary employer is that any intranet machine that is suspected of harbouring malicious software is to be immediately disconnected from the network and removed from the work environment. The machine is connected to a snakepit and the infection is evaluated to determine if there is a threat to any other device in the network before being handed over to IT ... who then physically destroy the drives. They actually smash the drive to pieces.

It's overkill but I think they do it for fun, to be honest. :D
 
This is what was found out. Looks not to be a virus on my machine. I was hitting our providers DNS which was causing the problem. Once I herd coded our DNS in the problem went away. Explains why I couldn't find anything.

DG
 
Diesel Grinch said:
This is what was found out. Looks not to be a virus on my machine. I was hitting our providers DNS which was causing the problem. Once I herd coded our DNS in the problem went away. Explains why I couldn't find anything.

DG
Click to expand...

What the heck is wrong with your provider's DNS that would cause this? That sounds like a horrible DNS setup. I use opendns to get around these kind of issues. My internet provider is Charter and they have wildcard DNS set up on their servers, which breaks every protocol except for http.
 
Do yourself a favor and get rid of any antivirus program and install NOD32. I promise, it is the best out there.

http://www.eset.com/products/compare-NOD32-vs-competition.php
 
You must log in or register to reply here.
Top