On Monday 18 August 2008 15:50:38 John Resotko wrote: > Good afternoon all, > > Last week we found one machine in our department infected with malware > that caused massive pornography popups. Also along with it was the > recent Microsoft Antivirus/antispyware 2008 infection. After several > failed attempts to rid the machine of viruses, we resorted to reimaging > the machine. > > This week, I have faculty and staff returning from the wilds of the > internet, and my individual workstation firewalls are detecting a large > number of scans on port 2869 coming from, it turns out, machines that > are now infected with something like the MS Antivirus trojan program. > I'm assuming some of these were well meaning individuals who thought it > was a legitimate program, and were fooled into downloading it on their > home Comcast/AT&T-DSL networks, and have now brought it with them into > work. > > I'm also seeing our antivirus software trying to quarrantine a program > called " ie4uinit.exe " which I tried looking up in the Symantec threat > database, but it doesn't show up in their list... yet. I'm running a > majority of WinXP workstations here, but I can't be sure that all my > users were diligent about running Windows Updates when they took their > laptops home during the summer months. > > Is anyone out there currently fending off a virus attack, and are you > seeing large amounts of activity on port 2869? Anyone out there know > what this thing is, or better yet, how to stop it, I'd love to hear from > you. I'd hate to think we're seeing another possible slammer worm > here. What anti-virus software was the machine running before you think the problems started? I think I've heard of this from a friend--scrubbing the machine is almost certainly the right thing to do. The real trick is how to prevent it from happening in the first place. --STeve Andre'