Content-Type: text/html

No matter how "secure" the system is, users are always the weak point.

-t



On Jun 26, 2008, at 9:05 AM, Lee Duynslager wrote:

> I’ve seen the ravages of this ransomware ./ malware on a couple of  
> peoples systems.  I’ve always asked what preceded the infection.   
> You know ….. So then I could tell other users to avoid that.  I’ve  
> not been able to pin point exactly what happened maybe the users are  
> so embarrassed that they’ve been had?
>
> Does anybody know how this gets installed?  Is it a popup that tells  
> the user that their computer is infected with Viruses or Trojans?   
> Is it a supposed video codec that contains the malware?
>
> Once I know I am going to tell my users about it.
>
> LD
>
>
>
> Lee Duynslager
> Information Technology Professional
> Michigan State University
> 517-432-5296
>
> From: MSU Network Administrators Group [mailto:<a href="/cgi-bin/wa?LOGON=A3%3Dind0806%26L%3DMSUNAG%26E%3Dquoted-printable%26P%3D355850%26B%3D--Apple-Mail-3--44753712%26T%3Dtext%252Fplain%3B%2520charset%3DWINDOWS-1252" >[log in to unmask]</a>]  
> On Behalf Of Skutt, Tim
> Sent: Thursday, June 26, 2008 6:46 AM
> To: <a href="/cgi-bin/wa?LOGON=A3%3Dind0806%26L%3DMSUNAG%26E%3Dquoted-printable%26P%3D355850%26B%3D--Apple-Mail-3--44753712%26T%3Dtext%252Fplain%3B%2520charset%3DWINDOWS-1252" >[log in to unmask]</a>
> Subject: Re: [MSUNAG] Removing Vista Antivirus 2008?
>
> Al,
> I came across a system with this last week.  It was quite a pain,  
> but I did notice that I could get most of the stuff removed if I  
> logged into the machine with a different profile.  I then used  
> superantispyware to scan and delete the malware.  I finally had to  
> delete the users profile as there were still reminants of this  
> running to reinstall it from there.
>
> Symantec Antivirus 10.2 didn’t detect anything either.
>
>
> From: MSU Network Administrators Group [mailto:<a href="/cgi-bin/wa?LOGON=A3%3Dind0806%26L%3DMSUNAG%26E%3Dquoted-printable%26P%3D355850%26B%3D--Apple-Mail-3--44753712%26T%3Dtext%252Fplain%3B%2520charset%3DWINDOWS-1252" >[log in to unmask]</a>]  
> On Behalf Of Al Puzzuoli
> Sent: Wednesday, June 25, 2008 10:15 PM
> To: <a href="/cgi-bin/wa?LOGON=A3%3Dind0806%26L%3DMSUNAG%26E%3Dquoted-printable%26P%3D355850%26B%3D--Apple-Mail-3--44753712%26T%3Dtext%252Fplain%3B%2520charset%3DWINDOWS-1252" >[log in to unmask]</a>
> Subject: [MSUNAG] Removing Vista Antivirus 2008?
>
> I'm working on a pC that has this malware.  It's one of those  
> programs that pop up a fake  antivirus dialog and try to scare the  
> user into either installing something, or buying something that they  
> shouldn't.  Has anyone seen this particular variant before?  Nod32   
> isn't detecting it at all.  I've seen similar trojans in the past,  
> and I was able to remove those using a little utility called  
> SmitfraudFix.exe; However, SmitfraudFix isn't  detecting this  
> particular worm.  The issue is further complicated by the fact that  
> this machine is offsite, and I'm trying to talk a user through  
> fixing this over the phone.  I therefore really want to stay away  
> from solutions that require hand editing the registry if at all  
> possible.
>
> Thanks,
>
>
>
>
>  Al Puzzuoli
>
> Michigan State University
>
> Information Technologist
> http://www.rcpd.msu.edu
>
> Resource Center for Persons with Disabilities
>
> 120 Bessey Hall East Lansing, MI  48824-1033
>
> 517-884-1915
>

-- 
Troy Murray
Systems Administrator
Michigan State University
Biomedical Research and Informatics Center (BRIC)
100 Conrad Hall
East Lansing, MI 48824
Phone: 517-432-4248
Fax: 517-353-9420
E-mail: <a href="/cgi-bin/wa?LOGON=A3%3Dind0806%26L%3DMSUNAG%26E%3Dquoted-printable%26P%3D355850%26B%3D--Apple-Mail-3--44753712%26T%3Dtext%252Fplain%3B%2520charset%3DWINDOWS-1252" >[log in to unmask]</a>
Calendar
HTML - http://www.icalx.com/html/troymurray72/month.php?cal=Work
iCalendar - http://www.icalx.com/public/troymurray72/Work.ics