So Trend says it cleaned some infections

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


Work computer that an ex-employee (retired) used (had admin rights)
and I have been using now and then lately (no admin rights).   Today I
get a report from Trend saying it cleaned seven "infections" so I say
"WTF" and look at the report.    The "infections" were typical host
file redirects (127.0.0.1) and it cleaned them by commenting them out
LOL.

I believe the IT department was thoroughly scanning all machines
because some malware had shut down quite a few accounts.   (The host
file has out there 2 years without trend ever balking).


Re: So Trend says it cleaned some infections



Hello, Duh_OZ!

You wrote on Wed, 31 Mar 2010 15:05:44 -0700 (PDT):


 DO> I believe the IT department was thoroughly scanning all machines
 DO> because some malware had shut down quite a few accounts.   (The host
 DO> file has out there 2 years without trend ever balking).

I'm assuming the HOSTS file used by Microsoft TCP/IP for Windows was full of
redirections. You should tell your IT department to make this file
READ-ONLY.

--
With best regards, gufus.  E-mail: stop.nospam.gbbsg@shaw.ca



Re: So Trend says it cleaned some infections



Quoted text here. Click to load it

It doesn't help when the malware runs as admin.:o)



Re: So Trend says it cleaned some infections



Hello, FromTheRafters!

You wrote on Wed, 31 Mar 2010 18:49:01 -0400:

 FL>> I'm assuming the HOSTS file used by Microsoft TCP/IP for Windows was
 FL>> full of redirections. You should tell your IT department to make this
 FL>> file READ-ONLY.

 F> It doesn't help when the malware runs as admin.:o)

True!

It helps on /most/ malware.

--
With best regards, gufus.  E-mail: stop.nospam.gbbsg@shaw.ca



Re: So Trend says it cleaned some infections



Quoted text here. Click to load it

I put it out there when the user had admin rights.   I figured it
would be an extra layer of protection and once he left no more admin
rights, hence the poor host file sits never updated (2008).

IIRC AdAware may also comment out 'some valid' host entries?

At least it wasn't like what symantec did to a company my sister works
at.   Seems an update killed internet connections (on quite a few
computers) so while she was visiting she had to disable the AV in
order to get to the web.     On the plus side no malware could get in
since she couldn't get out while it was running!

Re: So Trend says it cleaned some infections



Hello, Duh_OZ!

You wrote on Wed, 31 Mar 2010 20:27:38 -0700 (PDT):

 DO> IIRC AdAware may also comment out 'some valid' host entries?

QUOTE:

# This file contains the mappings of IP addresses to hostnames. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding IP name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally,  comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.microsoft.com     # source server
#       38.25.63.10     x.microsoft.com         # x client host

127.0.0.1       localhost

--
With best regards, gufus.  E-mail: stop.nospam.gbbsg@shaw.ca



Re: So Trend says it cleaned some infections



Hello, Duh_OZ!

You wrote on Wed, 31 Mar 2010 20:27:38 -0700 (PDT):

 DO> At least it wasn't like what Symantec did to a company my sister works

Id stay from Symantec

IMHO
--
With best regards, gufus.  E-mail: stop.nospam.gbbsg@shaw.ca



Site Timeline