|
Posted by Cloud9Flyer on August 24, 2007, 3:25 am
Please log in for more thread options
On Aug 23, 10:45 am, "Kurt Sarens [MSFT]"
> Hi Cloud9Flyer,
>
> First of all, get your AV vendor envolved!
> If your box gets reinfected, it means that it is not properly cleaned or
> that there is still other malware envolved controlling your box.
> Inform your AV vendor about the reinfection and provide them with the binary
> of the virus (if possible).
>
> You can run below online scanners to verify if your box is clean, as said by
> Leythos, there is never a guarantee that your system is clean after a
> compromise.
>
> OneCare:http://safety.live.com
> Kaspersky:http://www.kaspersky.com/virusscanner
> eTrust Antivirus Web
Scanner:http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
> Trend Micro HouseCall:http://housecall.trendmicro.com/
> Panda
ActiveScan:http://www.pandasoftware.com/activescan/com/activescan_principal.htm
> McAfee FreeScan:http://us.mcafee.com/root/mfs/default.asp?cid=9914
> F-Secure Online Virus Scanner:http://support.f-secure.com/enu/home/ols.shtml
>
> Also, raise a case with
Microsofthttp://www.microsoft.com/protect/support/default.mspx.
>
> Thanks,
> Kurt Sarens [MSFT]
> Security Resources online:http://support.microsoft.com/security
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> This e-mail address does not receive e-mail, but is used for newsgroup
>
>
> >> sean.bl...@hifiit.com says...
>
> >> > I totally agree, normally. But regretfully we're dealing with a
> >> > horrible ISP that will take weeks to wipe the box. We also have no
> >> > clean area to do a reinstall in because it's remote. Also, it's
> >> > supposed to be behind a firewall, but I just don't think the ISP has
> >> > very strict rules on the firewall.
>
> >> Why are you using ISP's hardware if they have shown they can't protect
> >> the OS/apps?
>
> >> Either get your own servers and firewall or find another ISP to host
> >> your applications.
>
> >> --
>
> >> Leythos
> >> - Igitur qui desiderat pacem, praeparet bellum.
> >> - Calling an illegal alien an "undocumented worker" is like calling a
> >> drug dealer an "unlicensed pharmacist"
> >> spam999f...@rrohio.com (remove 999 for proper email
>
> > It's political. The client's CEO and the owner of the ISP are old
> > drinking buddies. I've tried to get the servers moved, but the boss
> > won't let it happen.
>
> > At any rate, my hands being tied how they are, we're way off-topic. I
> > would LOVE to move the server to a better ISP, and I would LOVE to
> > have the machine rebuilt, but I cannot make that happen in any
> > reasonable amount of time. So, I have to work with the cards I'm
> > dealt. I don't like it more than anybody else.
>
> > Does anybody have any ideas on how to clean this up? I need to get
> > this port out of the firewall, but I can't figure out where it's
> > hiding. I deleted a registry entry for windows Firewall, and it now
> > shows the policy = none when I do the show state, so that's good.
> > But, that open port is still open and grayed out so I can't modify
> > it. Does anybody have any idea where this might be hiding.
I did manage to get the port exception removed using netsh commands.
The exception "name" was null, so I think that was causing the
problem.
I'll run those online scans as well.
| 
XML Sitemap