Well, today in Systems we found a suspicious file that Norton Antivirus is not picking up as viral. It does some pretty strange things. It creates an exe file named after the parent folder that it is in (usually a username). Then, from what I was able to see, it opens the firewall to every executable that is run. Pretty intriguing. I created a batch file that will send a text file to one of our servers with a list of any %username%.exe files it finds. The file will run when staff members log on to their computer. They may notice a black box appear but it goes by within two seconds or so.
I am thinking that nobody else has this pesky file because there would be symptoms of it. The reason I even noticed the file was because we were having to back up a staff member's profile in order to re-image the computer. There were all kinds of problems with her computer, so it makes itself known to anyone who is infected. We haven't seen any other SuRF requests about similar problems.
Chances are everyone else is fine, but we will find out for sure once people are logging back into their machines tomorrow.
Interesting day....
By the way, RIO's PC Reservation installation went all right. We did have to reboot all the systems to get them to "talk" to each other, but once that happened, we were fine. Next week is ARD and KIN.
Subscribe to:
Post Comments (Atom)
Hmmm .. glad we have alert staff in IT!
ReplyDeleteRio is doing pretty good! Pin issues aside. Well and the 3 hour total connectivity loss yesterday. Once we got the net back everything was still working great.
ReplyDeleteVery weird. What do you know about Conficker? Patrons have asked me and I'm a bit clueless.
ReplyDeleteCheck this site out for information about Conficker.
ReplyDeletehttp://www.symantec.com/norton/theme.jsp?themeid=conficker_worm
Tamara