Could someone let me know if the following is Malware or related?

Could someone let me know if the following is Malware or related?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Could someone let me know if the following is Malware or related? =?Utf-8?B?SGVsZW5E?= 04-30-2007
Posted by =?Utf-8?B?SGVsZW5E?= on April 30, 2007, 10:06 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
A few weeks ago, I found that a large number of adult material files appeared
on my computer over the weekend when it was not connected to the internet and
I was not using the computer. Last week, I found that a similar incident had
occurred one week earlier when I did not have the computer but it was
connected to the company network.

From quick analysis I found the following:
* Both events were bounded by two failed logon attempts under my user ID
* Time time duration between the two failed logon attempts was two days and
twenty one hours.
* Over the time period between the two failed logon attempts 72 event ID
636 and 72 event ID 637 occurred. Event ID 636 is : A user or group account
was added to a local security group on the computer or on the domain, and
Event ID 637 is:A user or group account was removed from a local security
group on the computer or on the domain.
* MS Installer events occured post the creation of the adult material files
when the computer was next logged onto the network.

I am interested in knowing whether anyone thinks this is still Malware or if
these two events are related.

I have attached the logs over the two incidents below just in case.

Any help is appreciated,

Helen

Logs:
First Event ___________________________________________________________

Failure Audit        16/02/2007        4:29:53 PM        Security        Logon/Logoff         529        SYSTEM
Success Audit        16/02/2007        4:32:07 PM        Security        Account Management         636        SYSTEM
Success Audit        16/02/2007        4:32:07 PM        Security        Account Management         636        SYSTEM
Success Audit        16/02/2007        4:32:07 PM        Security        Account Management         637        SYSTEM
Success Audit        16/02/2007        4:32:07 PM        Security        Account Management         637        SYSTEM
Success Audit        16/02/2007        4:32:22 PM        Security        Account Management         637        SYSTEM
Success Audit        16/02/2007        4:32:22 PM        Security        Account Management         637        SYSTEM
Success Audit        16/02/2007        4:32:23 PM        Security        Account Management         636        SYSTEM
Success Audit        16/02/2007        4:32:23 PM        Security        Account Management         636        SYSTEM
Warning        16/02/2007        5:05:38 PM        Userenv        None        1517        SYSTEM
Warning        16/02/2007        5:05:38 PM        Userenv        None        1517        SYSTEM
Information        16/02/2007        5:05:42 PM        eventlog        None        6006        N/A
Information        18/02/2007        10:24:09 AM        b57w2k        None        15        N/A
Warning        18/02/2007        10:24:11 AM        b57w2k        None        4        N/A
Warning        18/02/2007        10:24:32 AM        disk        None        51        N/A
Information        18/02/2007        10:24:32 AM        eventlog        None        6005        N/A
Information        18/02/2007        10:24:32 AM        eventlog        None        6009        N/A
Information        18/02/2007        10:24:34 AM        EvtEng        None        0        N/A
Information        18/02/2007        10:24:34 AM        EvtEng        None        0        N/A
Success Audit        18/02/2007        10:24:36 AM        Security        Policy Change         806        SYSTEM
Information        18/02/2007        10:24:39 AM        ccSetMgr        None        1        SYSTEM
Information        18/02/2007        10:24:39 AM        ccSetMgr        None        1        SYSTEM
Information        18/02/2007        10:24:39 AM        ccEvtMgr        None        26        SYSTEM
Information        18/02/2007        10:24:39 AM        ccSetMgr        None        26        SYSTEM
Information        18/02/2007        10:24:39 AM        ccEvtMgr        None        26        SYSTEM
Information        18/02/2007        10:24:39 AM        ccSetMgr        None        26        SYSTEM
Information        18/02/2007        10:24:41 AM        ccEvtMgr        None        1        SYSTEM
Information        18/02/2007        10:24:41 AM        ccEvtMgr        None        1        SYSTEM
Error        18/02/2007        10:24:42 AM        Userenv        None        1054        SYSTEM
Error        18/02/2007        10:24:42 AM        Userenv        None        1054        SYSTEM
Error        18/02/2007        10:24:42 AM        Netlogon        None        5719        N/A
Information        18/02/2007        10:24:43 AM        ccProxy        None        26        SYSTEM
Information        18/02/2007        10:24:43 AM        ccProxy        None        26        SYSTEM
Information        18/02/2007        10:24:45 AM        RegSrvc        None        0        N/A
Information        18/02/2007        10:24:45 AM        RegSrvc        None        0        N/A
Failure Audit        18/02/2007        10:24:45 AM        Security        Policy Change         615        NETWORK
SERVICE
Success Audit        18/02/2007        10:24:45 AM        Security        Policy Change         615        NETWORK
SERVICE
Information        18/02/2007        10:24:46 AM        ccProxy        None        1        SYSTEM
Information        18/02/2007        10:24:46 AM        SNDSrvc        None        1        SYSTEM
Information        18/02/2007        10:24:46 AM        ccProxy        None        1        SYSTEM
Information        18/02/2007        10:24:46 AM        SNDSrvc        None        1        SYSTEM
Information        18/02/2007        10:24:46 AM        SNDSrvc        None        26        SYSTEM
Information        18/02/2007        10:24:46 AM        SNDSrvc        None        26        SYSTEM
Information        18/02/2007        10:24:49 AM        SecurityCenter        None        1807        N/A
Information        18/02/2007        10:24:49 AM        SecurityCenter        None        1807        N/A
Error        18/02/2007        10:24:52 AM        Userinit        None        1000        N/A
Error        18/02/2007        10:24:52 AM        Userinit        None        1000        N/A
Error        18/02/2007        10:24:52 AM        Userinit        None        1000        N/A
Error        18/02/2007        10:24:52 AM        Userinit        None        1000        N/A
Error        18/02/2007        10:24:52 AM        Userinit        None        1000        N/A
Error        18/02/2007        10:24:52 AM        UserInit        None        1000        N/A
Error        18/02/2007        10:24:52 AM        UserInit        None        1000        N/A
Error        18/02/2007        10:24:52 AM        UserInit        None        1000        N/A
Error        18/02/2007        10:24:52 AM        UserInit        None        1000        N/A
Error        18/02/2007        10:24:52 AM        UserInit        None        1000        N/A
Error        18/02/2007        10:25:00 AM        Service Control Manager        None        7000        N/A
Information        18/02/2007        10:25:00 AM        Service Control Manager        None        7035        SYSTEM
Information        18/02/2007        10:25:00 AM        Service Control Manager        None        7035        LOCAL
SERVICE
Information        18/02/2007        10:25:00 AM        Service Control Manager        None        7036        N/A
Information        18/02/2007        10:25:00 AM        Service Control Manager        None        7036        N/A
Information        18/02/2007        10:25:01 AM        Symantec AntiVirus        None        14        N/A
Information        18/02/2007        10:25:01 AM        Symantec AntiVirus        None        14        N/A
Information        18/02/2007        10:25:01 AM        Service Control Manager        None        7036        N/A
Information        18/02/2007        10:25:11 AM        Service Control Manager        None        7035        SYSTEM
Error        18/02/2007        10:25:27 AM        Userenv        None        1054        SYSTEM
Error        18/02/2007        10:25:27 AM        Userenv        None        1054        SYSTEM
Information        18/02/2007        10:25:28 AM        Service Control Manager        None        7035        SYSTEM
Error        18/02/2007        10:25:29 AM        Userinit        None        1000        N/A
Error        18/02/2007        10:25:29 AM        UserInit        None        1000        N/A
Information        18/02/2007        10:25:29 AM        Service Control Manager        None        7036        N/A
Information        18/02/2007        10:25:41 AM        Service Control Manager        None        7035        SYSTEM
Information        18/02/2007        10:25:41 AM        Service Control Manager        None        7036        N/A
Error        18/02/2007        10:25:43 AM        AutoEnrollment        None        15        N/A
Error        18/02/2007        10:25:43 AM        AutoEnrollment        None        15        N/A
Warning        18/02/2007        10:25:43 AM        disk        None        51        N/A
Information        18/02/2007        10:25:45 AM        Service Control Manager        None        7035        SYSTEM
Information        18/02/2007        10:25:47 AM        Service Control Manager        None        7036        N/A
Information        18/02/2007        10:25:49 AM        Service Control Manager        None        7036        N/A
Information        18/02/2007        10:25:53 AM        Service Control Manager        None        7035        SYSTEM
Information        18/02/2007        10:25:53 AM        Service Control Manager        None        7036        N/A
Information        18/02/2007        10:25:57 AM        Service Control
Manager        None        7035        richard.walkland
Information        18/02/2007        10:25:57 AM        Service Control Manager        None        7036        N/A
Warning        18/02/2007        10:26:04 AM        WSH        None        2        N/A
Warning        18/02/2007        10:26:04 AM        WSH        None        2        N/A
Information        18/02/2007        10:26:08 AM        Service Control Manager        None        7036        N/A
Information        18/02/2007        10:26:14 AM        Service Control
Manager        None        7035        richard.walkland
Information        18/02/2007        10:26:16 AM        Offline Files        None        3        N/A
Information        18/02/2007        10:26:16 AM        Offline Files        None        3        N/A
Information        18/02/2007        10:26:16 AM        EAPOL        None        2002        N/A
Information        18/02/2007        10:26:16 AM        EAPOL        None        2002        N/A
Information        18/02/2007        10:26:16 AM        EAPOL        None        2003        N/A
Information        18/02/2007        10:26:16 AM        EAPOL        None        2003        N/A
Information        18/02/2007        10:26:17 AM        Service Control Manager        None        7036        N/A
Warning        18/02/2007        10:29:53 AM        disk        None        51        N/A
Information        18/02/2007        10:34:55 AM        Service Control Manager        None        7036        N/A
Warning        18/02/2007        10:37:54 AM        disk        None        51        N/A
Warning        18/02/2007        10:41:13 AM        disk        None        51        N/A
Warning        18/02/2007        10:41:19 AM        disk        None        51        N/A
Error        18/02/2007        10:41:25 AM        DCOM        None        10016        NETWORK SERVICE
Warning        18/02/2007        10:41:30 AM        LsaSrv        SPNEGO (Negotiator)         40960        N/A
Warning        18/02/2007        10:41:30 AM        LsaSrv        SPNEGO (Negotiator)         40961        N/A
Warning        18/02/2007        10:53:39 AM        disk        None        51        N/A
Warning        18/02/2007        10:57:44 AM        disk        None        51        N/A
Warning        18/02/2007        11:15:14 AM        disk        None        51        N/A
Warning        18/02/2007        11:15:22 AM        disk        None        51        N/A
Warning        18/02/2007        12:24:25 PM        disk        None        51        N/A
Adult Material        18/02/2007        12:46:18 PM        MEDIATAB1.DAT file appears on
computer                        
Warning        18/02/2007        12:57:50 PM        disk        None        51        N/A
Warning        18/02/2007        12:58:00 PM        disk        None        51        N/A
Warning        18/02/2007        12:58:11 PM        disk        None        51        N/A
Warning        18/02/2007        1:35:20 PM        disk        None        51        N/A
Error        18/02/2007        2:24:42 PM        Netlogon        None        5719        N/A
Error        18/02/2007        6:25:43 PM        AutoEnrollment        None        15        N/A
Error        18/02/2007        6:25:43 PM        AutoEnrollment        None        15        N/A
Error        18/02/2007        6:39:42 PM        Netlogon        None        5719        N/A
Error        18/02/2007        10:54:42 PM        Netlogon        None        5719        N/A

Second Event_________________________________________________________

Failure Audit        22/02/2007        1:36:49 PM        Security        Logon/Logoff         529        SYSTEM
Information        23/02/2007        5:03:33 PM        Service Control Manager        None        7036        N/A
Warning        23/02/2007        5:03:40 PM        disk        None        51        N/A
Warning        23/02/2007        5:04:22 PM        disk        None        51        N/A
Warning        23/02/2007        5:05:27 PM        disk        None        51        N/A
Warning        23/02/2007        5:06:13 PM        disk        None        51        N/A
Warning        23/02/2007        5:06:19 PM        disk        None        51        N/A
Warning        23/02/2007        5:06:26 PM        disk        None        51        N/A
Information        23/02/2007        5:06:28 PM        Offline Files        None        4        N/A
Information        23/02/2007        5:06:28 PM        Offline Files        None        4        N/A
Information        23/02/2007        5:06:37 PM        W32Time        None        35        N/A
Success Audit        23/02/2007        5:16:49 PM        Security        Account Management         636        SYSTEM
Success Audit        23/02/2007        5:16:49 PM        Security        Account Management         636        SYSTEM
Success Audit        23/02/2007        5:16:49 PM        Security        Account Management         637        SYSTEM
Success Audit        23/02/2007        5:16:49 PM        Security        Account Management         637        SYSTEM
Success Audit        23/02/2007        5:17:04 PM        Security        Account Management         637        SYSTEM
Success Audit        23/02/2007        5:17:04 PM        Security        Account Management         637        SYSTEM
Success Audit        23/02/2007        5:17:05 PM        Security        Account Management         636        SYSTEM
Success Audit        23/02/2007        5:17:05 PM        Security        Account Management         636        SYSTEM
Warning        23/02/2007        5:37:23 PM        ftdisk        Disk         57        N/A
Success Audit        23/02/2007        6:46:53 PM        Security        Account Management         636        SYSTEM
Success Audit        23/02/2007        6:46:53 PM        Security        Account Management         636        SYSTEM
Success Audit        23/02/2007        6:46:53 PM        Security        Account Management         637        SYSTEM
Success Audit        23/02/2007        6:46:53 PM        Security        Account Management         637        SYSTEM
Success Audit        23/02/2007        6:47:08 PM        Security        Account Management         636        SYSTEM
Success Audit        23/02/2007        6:47:08 PM        Security        Account Management         637        SYSTEM
Success Audit        23/02/2007        6:47:08 PM        Security        Account Management         637        SYSTEM
Success Audit        23/02/2007        6:47:09 PM        Security        Account Management         636        SYSTEM
Success Audit        23/02/2007        8:22:51 PM        Security        Account Management         636        SYSTEM
Success Audit        23/02/2007        8:22:51 PM        Security        Account Management         636        SYSTEM
Success Audit        23/02/2007        8:22:51 PM        Security        Account Management         637        SYSTEM
Success Audit        23/02/2007        8:22:51 PM        Security        Account Management         637        SYSTEM
Success Audit        23/02/2007        8:23:06 PM        Security        Account Management         637        SYSTEM
Success Audit        23/02/2007        8:23:07 PM        Security        Account Management         636        SYSTEM
Success Audit        23/02/2007        8:23:07 PM        Security        Account Management         636        SYSTEM
Success Audit        23/02/2007        8:23:07 PM        Security        Account Management         637        SYSTEM
Warning        24/02/2007        11:36:20 PM        LsaSrv        SPNEGO (Negotiator)         40960        N/A
Information        24/02/2007        11:36:21 PM        intelppm        Devices         2        N/A
Information        24/02/2007        11:36:21 PM        intelppm        Devices         2        N/A
Error        24/02/2007        11:36:21 PM        Userenv        None        1054        SYSTEM
Error        24/02/2007        11:36:21 PM        Userenv        None        1054        SYSTEM
Error        24/02/2007        11:36:21 PM        Userenv        None        1054        SYSTEM
Error        24/02/2007        11:36:21 PM        Userenv        None        1054        SYSTEM
Warning        24/02/2007        11:36:21 PM        LsaSrv        SPNEGO (Negotiator)         40961        N/A
Warning        24/02/2007        11:36:26 PM        b57w2k        None        4        N/A
Failure Audit        24/02/2007        11:36:34 PM        Security        Policy Change         615        NETWORK
SERVICE
Warning        24/02/2007        11:36:34 PM        Dhcp        None        1003        N/A
Information        24/02/2007        11:36:34 PM        Tcpip        None        4202        N/A
Information        24/02/2007        11:36:35 PM        Offline Files        None        1        N/A
Information        24/02/2007        11:36:35 PM        Offline Files        None        1        N/A
Error        24/02/2007        11:36:36 PM        AutoEnrollment        None        15        N/A
Error        24/02/2007        11:36:36 PM        AutoEnrollment        None        15        N/A
Error        24/02/2007        11:37:01 PM        PlugPlayManager        None        12        N/A
Error        24/02/2007        11:37:01 PM        PlugPlayManager        None        12        N/A
Information        24/02/2007        11:37:11 PM        Offline Files        None        3        N/A
Information        24/02/2007        11:37:11 PM        Offline Files        None        3        N/A
Error        24/02/2007        11:37:16 PM        PlugPlayManager        None        12        N/A
Information        24/02/2007        11:37:36 PM        Offline Files        None        4        N/A
Information        24/02/2007        11:37:36 PM        Offline Files        None        4        N/A
Warning        24/02/2007        11:37:36 PM        W32Time        None        14        N/A
Error        24/02/2007        11:37:36 PM        W32Time        None        29        N/A
Information        24/02/2007        11:37:42 PM        Offline Files        None        4        N/A
Information        24/02/2007        11:37:42 PM        Offline Files        None        4        N/A
Warning        24/02/2007        11:38:22 PM        disk        None        51        N/A
Warning        24/02/2007        11:38:52 PM        disk        None        51        N/A
Adult Material        24/02/2007        11:39:00 PM        JPEG files appear on computer                        
Adult Material        24/02/2007        11:50:00 PM                                
Warning        24/02/2007        11:52:39 PM        W32Time        None        14        N/A
Error        24/02/2007        11:52:39 PM        W32Time        None        29        N/A
Warning        24/02/2007        11:55:32 PM        disk        None        51        N/A
Error        24/02/2007        11:55:42 PM        DCOM        None        10016        NETWORK SERVICE
Warning        24/02/2007        11:55:51 PM        LsaSrv        SPNEGO (Negotiator)         40960        N/A
Warning        24/02/2007        11:55:51 PM        LsaSrv        SPNEGO (Negotiator)         40961        N/A
Information        24/02/2007        11:58:15 PM        Offline Files        None        3        N/A
Information        24/02/2007        11:58:15 PM        Offline Files        None        3        N/A
Failure Audit        24/02/2007        11:58:16 PM        Security        Policy Change         615        NETWORK
SERVICE







Posted by David H. Lipman on April 30, 2007, 10:36 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| A few weeks ago, I found that a large number of adult material files appeared
| on my computer over the weekend when it was not connected to the internet and
| I was not using the computer. Last week, I found that a similar incident had
| occurred one week earlier when I did not have the computer but it was
| connected to the company network.
|
| From quick analysis I found the following:
| * Both events were bounded by two failed logon attempts under my user ID
| * Time time duration between the two failed logon attempts was two days and
| twenty one hours.
| * Over the time period between the two failed logon attempts 72 event ID
| 636 and 72 event ID 637 occurred. Event ID 636 is : A user or group account
| was added to a local security group on the computer or on the domain, and
| Event ID 637 is:A user or group account was removed from a local security
| group on the computer or on the domain.
| * MS Installer events occured post the creation of the adult material files
| when the computer was next logged onto the network.
|
| I am interested in knowing whether anyone thinks this is still Malware or if
| these two events are related.
|
| I have attached the logs over the two incidents below just in case.
|
| Any help is appreciated,
|
| Helen

< snip >

Have you scanned for viral and non-viral malware using various anti virus and
anti spyware
software ?

Have you mitigated ALL known vulnerabilities on the PC ?

Have you properly secured the PC and all passwords ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Posted by =?Utf-8?B?SGVsZW5E?= on May 1, 2007, 12:00 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi David,

The following scans were conducted on the computer that were available
between the 30th March and 4th April and none of these returned the presence
of any virus or malware – in particular Symantec Anti-Virus v9.0.0.33.8,
F-Prot v6.0.6.3, Avast! Anti-Virus v4.7.942 and Ad-Aware v1.06r1. Is it
possible that they could have missed something? Are you aware of any other
malware / viruses that could have demonstrated this behaviour?

In regards to vulnerabilities, not sure how to look for these. The software
on the computer is ACTIVESYNC V4.1, Symantec Client Firewall V 7.1.3.1039,
Symantec AntiVirus 9.0.3.1000, Microsoft Windows XP Professional Version 2002
Service Pack 2, Sun Java j2re1.4.2_09.

Your help is appreciated.








"David H. Lipman" wrote:

>
> | A few weeks ago, I found that a large number of adult material files appeared
> | on my computer over the weekend when it was not connected to the internet and
> | I was not using the computer. Last week, I found that a similar incident had
> | occurred one week earlier when I did not have the computer but it was
> | connected to the company network.
> |
> | From quick analysis I found the following:
> | * Both events were bounded by two failed logon attempts under my user ID
> | * Time time duration between the two failed logon attempts was two days and
> | twenty one hours.
> | * Over the time period between the two failed logon attempts 72 event ID
> | 636 and 72 event ID 637 occurred. Event ID 636 is : A user or group account
> | was added to a local security group on the computer or on the domain, and
> | Event ID 637 is:A user or group account was removed from a local security
> | group on the computer or on the domain.
> | * MS Installer events occured post the creation of the adult material files
> | when the computer was next logged onto the network.
> |
> | I am interested in knowing whether anyone thinks this is still Malware or if
> | these two events are related.
> |
> | I have attached the logs over the two incidents below just in case.
> |
> | Any help is appreciated,
> |
> | Helen
>
> < snip >
>
> Have you scanned for viral and non-viral malware using various anti virus and
anti spyware
> software ?
>
> Have you mitigated ALL known vulnerabilities on the PC ?
>
> Have you properly secured the PC and all passwords ?
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

Posted by David H. Lipman on May 1, 2007, 4:09 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| Hi David,
|
| The following scans were conducted on the computer that were available
| between the 30th March and 4th April and none of these returned the presence
| of any virus or malware – in particular Symantec Anti-Virus v9.0.0.33.8,
| F-Prot v6.0.6.3, Avast! Anti-Virus v4.7.942 and Ad-Aware v1.06r1. Is it
| possible that they could have missed something? Are you aware of any other
| malware / viruses that could have demonstrated this behaviour?
|
| In regards to vulnerabilities, not sure how to look for these. The software
| on the computer is ACTIVESYNC V4.1, Symantec Client Firewall V 7.1.3.1039,
| Symantec AntiVirus 9.0.3.1000, Microsoft Windows XP Professional Version 2002
| Service Pack 2, Sun Java j2re1.4.2_09.
|
| Your help is appreciated.
|

So you have NOT mitigated all vulnerabilities.




If you are using any version of Sun Java that is prior to JRE Version 6.0,
then you are strongly urged to remove any/all versions.
There are numerous vulnerabilities in them and they are actively being exploited.

It is highly suggested that you update to the latest version which is Sun Java
JRE/JSE
Version 6.0 update 1 (jre 6u1)

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version.

Such as...
C:\Program Files\Java\jre1.6.0_01

http://java.sun.com/javase/downloads/index.jsp
http://www.java.com/en/download/manual.jsp

FYI:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1



--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Posted by =?Utf-8?B?SGVsZW5E?= on May 5, 2007, 12:27 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
David, Thanks for this. Is there anywhere I can go to get a good listing of
what these vulnerabilties are and how they are being exploited. See if I can
establish a pattern?

HelenD

"David H. Lipman" wrote:

>
> | Hi David,
> |
> | The following scans were conducted on the computer that were available
> | between the 30th March and 4th April and none of these returned the presence
> | of any virus or malware – in particular Symantec Anti-Virus v9.0.0.33.8,
> | F-Prot v6.0.6.3, Avast! Anti-Virus v4.7.942 and Ad-Aware v1.06r1. Is it
> | possible that they could have missed something? Are you aware of any other
> | malware / viruses that could have demonstrated this behaviour?
> |
> | In regards to vulnerabilities, not sure how to look for these. The software
> | on the computer is ACTIVESYNC V4.1, Symantec Client Firewall V 7.1.3.1039,
> | Symantec AntiVirus 9.0.3.1000, Microsoft Windows XP Professional Version 2002
> | Service Pack 2, Sun Java j2re1.4.2_09.
> |
> | Your help is appreciated.
> |
>
> So you have NOT mitigated all vulnerabilities.
>
>
>
>
> If you are using any version of Sun Java that is prior to JRE Version 6.0,
> then you are strongly urged to remove any/all versions.
> There are numerous vulnerabilities in them and they are actively being
exploited.
>
> It is highly suggested that you update to the latest version which is Sun Java
JRE/JSE
> Version 6.0 update 1 (jre 6u1)
>
> Simple check, look under...
> C:\Program Files\Java
>
> The only folder under that folder should be the latest version.
>
> Such as...
> C:\Program Files\Java\jre1.6.0_01
>
> http://java.sun.com/javase/downloads/index.jsp
> http://www.java.com/en/download/manual.jsp
>
> FYI:
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1
>
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

Similar ThreadsPosted
Security Warning. (HOSTS related??) November 4, 2005, 12:34 am
HELP!! Virus affecting installing security-related programs? October 22, 2006, 10:07 pm
New Malware.j August 29, 2005, 6:02 am
malware September 5, 2005, 11:16 am
Malware March 5, 2006, 7:39 am
VBS: Malware (GEN) March 14, 2006, 3:11 pm
Spyware/malware July 20, 2005, 6:09 am
Is ewgef.exe malware? November 12, 2005, 12:03 am
RE: SafetyDefender MalWare April 22, 2006, 5:41 am
Re: SafetyDefender MalWare April 30, 2006, 5:11 pm

The site map in XML format XML site map

Contact Us | Privacy Policy