 |
 |
>>> On 6/1/2011 at 3:45 PM, Jon Galbreath <[log in to unmask]> wrote: > I've seen a few cases lately in the last couple weeks. I remotely kill the > process and delete it when someone calls about it. It's almost always a > single executable in c:\D&S\username\Application Data folder, but it's > hidden/system. Then I check the other profiles to make sure they're clean. > I upload the executable to virustotal.com to make sure it wasn't a slip up by > VIPRE. It seems they're slow to update the definitions for those things and > apparently they've eliminated the option to download a missed detection so it > gets into the definitions faster :( It's when they *don't* call about it or shut down to kill it before it gets its hooks into the OS. I've had two cases now of a variant that warns the user his/her hard drive is failing and then marks the desktop files hidden and deletes all menu shortcuts. If they're getting this from some drive-by script on a web site, which I think is the case but I'm not positive, is there further tightening of browser settings anyone can recommend? That giant sucking sound you hear is my time going down the tubes... -- Kim Geiger Information Technologist Broadcasting Services Michigan State University 517-432-3120 x 429