:strip_icc():strip_exif()/u/13224/icon.jpg?f=community){kind=icon}
Een goede vriendin van werkt aan de uni van Minneapolis, en kreeg vandaag onderstaande email. Men adviseert haar de gehele laptop opnieuw te installeren. We hebben de volgende maatregelen genomen:
AVG scan in zowel normal als safemode
Malware Anti B
Trend Housecall (online)
Hitman Pro
Geen van deze scanners kan iets vinden. Tevens heb ik alle bestanden welke ik haar gestuurd heb door zowel ClamAV en BitDefender voor linux getrokken, deze files markeren ook als onbesmet.
Ben ik nu gek, of is dit systeem als 'clean' aan te merken? Wanneer men de blokkade opheft en er wordt weer een probleem geconstateerd dan volgt er een boete heb ik begrepen. Iemand die me kan adviseren wat te doen!?
De mail:
AVG scan in zowel normal als safemode
Malware Anti B
Trend Housecall (online)
Hitman Pro
Geen van deze scanners kan iets vinden. Tevens heb ik alle bestanden welke ik haar gestuurd heb door zowel ClamAV en BitDefender voor linux getrokken, deze files markeren ook als onbesmet.
Ben ik nu gek, of is dit systeem als 'clean' aan te merken? Wanneer men de blokkade opheft en er wordt weer een probleem geconstateerd dan volgt er een boete heb ik begrepen. Iemand die me kan adviseren wat te doen!?
De mail:
Subject: Re: Fwd: NETWORK ACCESS ISOLATED FOR xxxx [UMN Abuse #240964]
>>Dear xxxx
>>
>> This is bad news. The virus you have is one that does a good job
>> hiding, and most AV software can't find it. That also means that it is
>> very hard to clean it out. The best solution is as they mention -
>> reinstall Windows on your PC. This is a bit of work, since you not
>> only have to reinstall Windows, but you have to reinstall all of your
>> software too.
>>
>> xxxx
>>
>> On 11/5/10 11:09 AM, xxxx@umn.edu wrote:
>>> I got this message today. I have a antivirus (AVG) on my computer which
>>> doesn't find anything.
>>> Do you have ideas of how to fix it?
>>>
>>> Thank you,
>>> xxxx
>>>
>>>
>>>
>>> ---------- Forwarded message ----------
>>> To: xxxx@umn.edu
>>> Subject: NETWORK ACCESS ISOLATED FOR xxxx
>>> [UMN Abuse #240964]
>>> Date: Thu, 4 Nov 2010 17:39:48 -0500 (CDT)
>>> From: xxxx@umn.edu
>>>
>>>
>>>
> Because of behavior consistent with a known problem (eg. virus infection,)
>>> the computer using the address 10.20.106.44 via Wireless
>>> authenticated to xxxx
>>>
>>> will be taken off the network ASAP.
>>>
>>> ACCESS to Wireless will be inactivated
>>> until cleanup is confirmed.
>>>
>>> This problem MAY be : stormworm.
>>>
>>>
>>> The computer in question is infected with
>>> malware known as "Storm Worm". A technical writeup
>>> about an older version of this threat can be seen at
>>> http://www.secureworks.co...ew.html?threat=storm-worm
>>> or
> http://www.symantec.com/s...docid=2007-011917-1403-99
>
>>>
>>>
>>> Computers infected with this should have their
>>> hard disk formatted and have the Operating System
>>> reinstalled and patched before coming back onto the
>>> network.
>>> This infection is known to have installed "keyloggers" --
>>> software that captures your keystrokes and sends them to a remote user
>>> who can use this private information without your
>>> knowledge. It is used commonly to acquire username and passwords for
>>> private accounts.
>>>
>>> Therefore all passwords on the rebuilt system (and any that have been
>>> used THROUGH this machine) should be changed. If this system has been
>>> used to access personal accounts (for example, banking or credit card),
>>> you should change those passwords.
>>>
>>> The Storm Worm not only comes bundled with other malicious software, it
>>> also is designed to download
>>> and install even more malicious software, without
>>> the knowledge and/or consent of the computer user.
>>> Therefore, even if AntiVirus software detects and
>>> removes something, typically more malicious software
>>> is left behind, still running.
>>>
>>> The Storm Worm is updated frequently. Even up-to-date
>>> AntiVirus software often doesn't detect the latest
>>> versions. Once the AntiVirus companies start
>>> detecting a particular version, it is typically
>>> instructed to update itself to a variant that is
>>> not detected by AntiVirus.
>>>
>>> Because of the above activities, scanning for viruses
>>> with an AntiVirus product is typically not an effective
>>> remedy for a Storm Worm infection.
>>>
>>> IF THIS COMPUTER STORES PRIVATE DATA - DO NOT REBUILD. CONTACT
>>> OIT Security - abuse@umn.edu - IMMEDIATELY.
>>>
>>> For further information on cleaning up an infected machine,
>>> and news related to current threats, please visit:
>>>
>>> http://www.oit.umn.edu/safe-computing/
>>>
>>>
>>> This computer's was logged into using your X500 ID sijts001.
>>> For assistance in resolving this problem, please call 1-HELP
>>> (612) 301-4357.
>>>
>>> WEB PAGE: http://www.oit.umn.edu/safe-computing
>>>
>>>
>>>
>>> PLEASE NOTE: Contact your local technical support before continuing work
>>> on the computer or attempting any cleanup of this system.
>>> IMPORTANT: OIT Security and Assurance (abuse@umn.edu) needs to be
>>> contacted if this computer contains any legally private/protected
>>> University data information, such as social security numbers, credit
>>> card numbers, private health data, student IDs, grades, etc.
>>>
>>> For more examples of private data, visit
>>> http://www.ahc.umn.edu/privacy/what/ and
>>> http://www.policy.umn.edu/Policies/it/Use/SECUREDATA.html
>>>
>>>
>>> ---------------------------------------------------
>>> OIT Security and Assurance
>>> -------------------------------------------------
>>>
>>
She was beautiful. God I loved her. I just didn't know how to show it, that's all. I killed her, Red. I didn't pull the trigger, but I pushed her away. And that's why she died, because of me.
/u/45013/GoT%2520-%2520QR.png?f=community)
/u/97359/crop64803232ade4a_cropped.png?f=community)
:strip_icc():strip_exif()/u/242838/brilsmurf.jpg?f=community)
/u/65523/MJJ%2520Farewell%2520resized4.PNG?f=community)
/u/28468/librarian2.png?f=community)