This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Infected Machine with Windows 7 AV 2012

One of our machines on our LAN (.160) was infected with a Windows 7 AV 2012 rogue malware app today. Took about an hour to remove this thing.

I've seen it before, I guess it somehow manages to pass through the HTTP/S filters and proxies.

My questions are:

1) Is there a way to isolate the machine (.160) and see logs for all HTTP traffic that went to this.

2) How can I identify the origin of the malware (site most likely that the user visited to download this spyware)

Thanks in advance

This thread was automatically locked due to age.

Parents

0 William Warren over 13 years ago

Lock down the content filter and get them off ie. Astaro can't stop everything especially if folks are surfing dsngerous areas of the net or they brought in an infested usb stick.

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 William Warren over 13 years ago

Lock down the content filter and get them off ie. Astaro can't stop everything especially if folks are surfing dsngerous areas of the net or they brought in an infested usb stick.

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data