Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 21 replies
  • Subscribers 1 subscriber
  • Views 7578 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Infected Machine with Windows 7 AV 2012

Dakrisht
One of our machines on our LAN (.160) was infected with a Windows 7 AV 2012 rogue malware app today. Took about an hour to remove this thing.

I've seen it before, I guess it somehow manages to pass through the HTTP/S filters and proxies.

My questions are:

1) Is there a way to isolate the machine (.160) and see logs for all HTTP traffic that went to this.

2) How can I identify the origin of the malware (site most likely that the user visited to download this spyware)

Thanks in advance


This thread was automatically locked due to age.
Parents
  • 0
    Yeap, all Java (Flash, ActiveX, etc.) is disabled since your post from yesterday.

    I'll keep scanning systems in the meantime.

    One employee: I visited a bunch of Russian photography websites. IT team = heads rolling.

    Any MIME types you recommend blocking?
Reply
  • 0
    Yeap, all Java (Flash, ActiveX, etc.) is disabled since your post from yesterday.

    I'll keep scanning systems in the meantime.

    One employee: I visited a bunch of Russian photography websites. IT team = heads rolling.

    Any MIME types you recommend blocking?
Children
  • 0 in reply to Dakrisht
    One employee: I visited a bunch of Russian photography websites. IT team = heads rolling.


    I think there might be a slight misinterpretation of that English idiom. [;)] "Heads Rolling" (or Heads Roll) usually refers to people getting fired from their jobs, usually because someone messed up, badly. Comes from Europe's fondness for decapitation in times past.

    facepalm might be the better idiom. Usually that one refers to the person(s) disbelief at how stupid the other person was. [:D]