Virus? - Disable .EXE, .COM, .LNK and group policy.
From: Brian Hoyt (hoyty_at_hoyty.com)
Date: 05/25/05
- Next message: David H. Lipman: "Re: Backdoor.Lateda.C"
- Previous message: shuckie69: "Re: Backdoor.Lateda.C"
- Next in thread: Malke: "Re: Virus? - Disable .EXE, .COM, .LNK and group policy."
- Reply: Malke: "Re: Virus? - Disable .EXE, .COM, .LNK and group policy."
- Reply: Zvi Netiv: "Re: Virus? - Disable .EXE, .COM, .LNK and group policy."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 25 May 2005 05:46:04 -0700
First I want to say I am not interested in removing the problem as I can
reimage machines, I am more interested in figuring out the cause and
prevention methods.
We have recently started seeing behavior on laptops that appears to be a
virus, I am however having great problem tracking it down. The symptoms
include but are limited to:
Disable in registry .EXE, .LNK and .COM
Disable most (if not all) Group Policy settings
Add a security warning on pressing CTRL-ALT-DEL on login screen that is
random characters.
Disable Shutdown from startup screen
Disalbe display of proper icons, I belive this is related to the .LNK but it
doesn't always happen.
Once this happens a user can login to a machine. Applications cannot be
directly started but they can be started via opening an existing document for
example. I have attempted to fix the registry to allow programs to run but I
haven't had any luck.
Some background on the machines. The machines are of varied platforms of
laptops and tablets. All are running custom images and the problem has
ocurred across multiple images. The machines have Symantec Corporate
Anti-Virus and Lavasoft Ad-Aware Plus running in realtime. They are all XP
SP2 with patches within a month or two of recent.
These are all student machines so I don't get a lot of detail of cause. In
almost all cases the machines either have AOL or AIM and sometimes it is the
last thing the students ran. Most describe a burst of network traffic and
then the problem ocurrs. In most cases they continue to work fine until they
reboot and that is when all the links and applications stop working. In a
few rare cases Ad-Aware catches the registry changes and I have been able to
see some of them happen, I have not been able to find the cause though.
Any help or pointers on this much appreciated. If there are any further
details I can offer let me know.
- Next message: David H. Lipman: "Re: Backdoor.Lateda.C"
- Previous message: shuckie69: "Re: Backdoor.Lateda.C"
- Next in thread: Malke: "Re: Virus? - Disable .EXE, .COM, .LNK and group policy."
- Reply: Malke: "Re: Virus? - Disable .EXE, .COM, .LNK and group policy."
- Reply: Zvi Netiv: "Re: Virus? - Disable .EXE, .COM, .LNK and group policy."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
