This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Infected Machine with Windows 7 AV 2012

One of our machines on our LAN (.160) was infected with a Windows 7 AV 2012 rogue malware app today. Took about an hour to remove this thing.

I've seen it before, I guess it somehow manages to pass through the HTTP/S filters and proxies.

My questions are:

1) Is there a way to isolate the machine (.160) and see logs for all HTTP traffic that went to this.

2) How can I identify the origin of the malware (site most likely that the user visited to download this spyware)

Thanks in advance

This thread was automatically locked due to age.

Parents

0 William Warren over 13 years ago

ssl scanning works until it breaks stuff the correctly sees the man in the middle the proxy does. using the basics of not getting infected I've reduced my infections(and my clients who follow ALL of these suggestions) to zero(astaro is part of the package..)
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 William Warren over 13 years ago

ssl scanning works until it breaks stuff the correctly sees the man in the middle the proxy does. using the basics of not getting infected I've reduced my infections(and my clients who follow ALL of these suggestions) to zero(astaro is part of the package..)
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data