^`d}qZxu and ~`d}qzxu3zYF Help me to find this
Moderator: Moderators
^`d}qZxu and ~`d}qzxu3zYF Help me to find this
Look in your registry for these. Post a reply if you see either
^`d}qZxu
~`d}qzxu3zYF
Specifically look under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
^`d}qZxu
~`d}qzxu3zYF
Specifically look under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-
- Knowledgeable
- Posts: 1312
- Joined: Wed Oct 16, 2002 10:44 pm
- Location: Northern Sonoma County
- Contact:
-
- Knowledgeable
- Posts: 1333
- Joined: Tue Oct 15, 2002 4:55 pm
- Location: Seattle, WA
- Contact:
Booting safe mode and running stiner 2.1.5 will get rid of most the files.
Check your host file for redirection of many web sites to 127.0.0.1
The two registry entry I mentioned should be manually deleted
One way I thought of preventing infection was to create a file named soundman.exe in the system32 folder and removing all permissions from it (click advanced and then uncheck inherity permissions and choose remove).
Also changing the host file back to original and giving everyone including administrators and the system account read only access will prevent redirection.
So far this virus seems to spread through an unpatched hole. We have had machines without email applications get infected.
Machines that did not have a c$ administrative share where infected
Machines that DIDNT have a blank local password got it
Machines that werent part of the domain got it
Plus we use SUS on some machines and they got infected.
Check your host file for redirection of many web sites to 127.0.0.1
The two registry entry I mentioned should be manually deleted
One way I thought of preventing infection was to create a file named soundman.exe in the system32 folder and removing all permissions from it (click advanced and then uncheck inherity permissions and choose remove).
Also changing the host file back to original and giving everyone including administrators and the system account read only access will prevent redirection.
So far this virus seems to spread through an unpatched hole. We have had machines without email applications get infected.
Machines that did not have a c$ administrative share where infected
Machines that DIDNT have a blank local password got it
Machines that werent part of the domain got it
Plus we use SUS on some machines and they got infected.
did the machines still have the admin$ share there....that gets shared out too
Other then that....I don't really see how it'd get through......
Other then that....I don't really see how it'd get through......
Josh
surrealmirage.com/subaru
1990 Legacy (AWD, 6MT, & EJ22T Swap)
2020 Outback Limted XT
If you need to get a hold of me please email me rather then pm
surrealmirage.com/subaru
1990 Legacy (AWD, 6MT, & EJ22T Swap)
2020 Outback Limted XT
If you need to get a hold of me please email me rather then pm
wonderful....that means I get the fun job of patching all our stupid old nt4 automation machines........at least the 2k machines will get it through policies....and will just need reboots.
Josh
surrealmirage.com/subaru
1990 Legacy (AWD, 6MT, & EJ22T Swap)
2020 Outback Limted XT
If you need to get a hold of me please email me rather then pm
surrealmirage.com/subaru
1990 Legacy (AWD, 6MT, & EJ22T Swap)
2020 Outback Limted XT
If you need to get a hold of me please email me rather then pm
Yeah I had it setup on one of our servers and was going to use it, but it changed permissions. So I need to set it up on another server and change the group policies to point to it.
Right now it's just going to WU site to get the stuff.
This network of automation machines was put together so hap-hazardly....it's pityful....and thing that gets me is these are mission critcal machines and some of them are running old dell desktop machines 400 mhz 128mb ram
Right now it's just going to WU site to get the stuff.
This network of automation machines was put together so hap-hazardly....it's pityful....and thing that gets me is these are mission critcal machines and some of them are running old dell desktop machines 400 mhz 128mb ram
Josh
surrealmirage.com/subaru
1990 Legacy (AWD, 6MT, & EJ22T Swap)
2020 Outback Limted XT
If you need to get a hold of me please email me rather then pm
surrealmirage.com/subaru
1990 Legacy (AWD, 6MT, & EJ22T Swap)
2020 Outback Limted XT
If you need to get a hold of me please email me rather then pm