So Trend says it cleaned some infections

[Duh_OZ]

Work computer that an ex-employee (retired) used (had admin rights)
and I have been using now and then lately (no admin rights). Today I
get a report from Trend saying it cleaned seven "infections" so I say
"WTF" and look at the report. The "infections" were typical host
file redirects (127.0.0.1) and it cleaned them by commenting them out
LOL.

I believe the IT department was thoroughly scanning all machines
because some malware had shut down quite a few accounts. (The host
file has out there 2 years without trend ever balking).

 

[gufus]

Hello, Duh_OZ!

You wrote on Wed, 31 Mar 2010 15:05:44 -0700 (PDT):


DO> I believe the IT department was thoroughly scanning all machines
DO> because some malware had shut down quite a few accounts. (The host
DO> file has out there 2 years without trend ever balking).

I'm assuming the HOSTS file used by Microsoft TCP/IP for Windows was full of
redirections. You should tell your IT department to make this file
READ-ONLY.

 

[FromTheRafters]

Hello, Duh_OZ!

You wrote on Wed, 31 Mar 2010 15:05:44 -0700 (PDT):


DO> I believe the IT department was thoroughly scanning all machines
DO> because some malware had shut down quite a few accounts. (The
host
DO> file has out there 2 years without trend ever balking).

I'm assuming the HOSTS file used by Microsoft TCP/IP for Windows was
full of redirections. You should tell your IT department to make this
file READ-ONLY.

It doesn't help when the malware runs as admin.)

 

[gufus]

Hello, FromTheRafters!

You wrote on Wed, 31 Mar 2010 18:49:01 -0400:

FL>> I'm assuming the HOSTS file used by Microsoft TCP/IP for Windows was
FL>> full of redirections. You should tell your IT department to make this
FL>> file READ-ONLY.

F> It doesn't help when the malware runs as admin.)

True!

It helps on /most/ malware.

 

[Duh_OZ]

Hello, Duh_OZ!

You wrote on Wed, 31 Mar 2010 15:05:44 -0700 (PDT):

 DO> I believe the IT department was thoroughly scanning all machines
 DO> because some malware had shut down quite a few accounts.   (The host
 DO> file has out there 2 years without trend ever balking).

I'm assuming the HOSTS file used by Microsoft TCP/IP for Windows was fullof
redirections. You should tell your IT department to make this file
READ-ONLY.

I put it out there when the user had admin rights. I figured it
would be an extra layer of protection and once he left no more admin
rights, hence the poor host file sits never updated (2008).

IIRC AdAware may also comment out 'some valid' host entries?

At least it wasn't like what symantec did to a company my sister works
at. Seems an update killed internet connections (on quite a few
computers) so while she was visiting she had to disable the AV in
order to get to the web. On the plus side no malware could get in
since she couldn't get out while it was running!

 

[gufus]

Hello, Duh_OZ!

You wrote on Wed, 31 Mar 2010 20:27:38 -0700 (PDT):

DO> IIRC AdAware may also comment out 'some valid' host entries?

QUOTE:

# This file contains the mappings of IP addresses to hostnames. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding IP name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.microsoft.com # source server
# 38.25.63.10 x.microsoft.com # x client host

127.0.0.1 localhost

 

[gufus]

Hello, Duh_OZ!

You wrote on Wed, 31 Mar 2010 20:27:38 -0700 (PDT):

DO> At least it wasn't like what Symantec did to a company my sister works

Id stay from Symantec

IMHO