[37916] in Resnet-Forum
Re: Sendori
daemon@ATHENA.MIT.EDU (Lyons, Andrew H)
Wed Jan 30 12:33:24 2013
Content-Language: en-US
Content-Type: multipart/alternative; boundary="_000_523EF5A91051FE469D813F5D5A4CEB4D66E48592CH1PRD0411MB444_"
MIME-Version: 1.0
Message-ID: <523EF5A91051FE469D813F5D5A4CEB4D66E48592@CH1PRD0411MB444.namprd04.prod.outlook.com>
Date: Wed, 30 Jan 2013 17:32:22 +0000
Reply-To: Resnet Forum <RESNET-L@LISTSERV.ND.EDU>
From: "Lyons, Andrew H" <alyons@albany.edu>
To: RESNET-L@LISTSERV.ND.EDU
In-Reply-To: <56FFE475BC71CD4E984A5F7285548C0A7DF5EBF4@Messenger9.central.edu>
--_000_523EF5A91051FE469D813F5D5A4CEB4D66E48592CH1PRD0411MB444_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Haven't seen it myself, but Google-fu suggests that it is adware, though pe=
rhaps removable via Control Panel:
http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scan=
ning/how-to-remove-sendori-malware/a35e5c4b-63c5-4a59-abab-669a76717ed9
Andrew Lyons
IT Support Specialist
ITS Client Support Services
University at Albany
From: Resnet Forum [mailto:RESNET-L@LISTSERV.ND.EDU] On Behalf Of Sandy Ver=
hoef
Sent: Wednesday, January 30, 2013 12:28 PM
To: RESNET-L@LISTSERV.ND.EDU
Subject: [RESNET-L] Sendori
Today, we have had 3 machines used by faculty/staff that will add DNS IP nu=
mbers to machines using DHCP or change static DNS IP numbers. We have deter=
mined the new DNS numbers came from Sendori software. Does anyone know anyt=
hing about where the software came from, how it was loaded, and why did it =
start today to cause problems. In at least two cases, it was loaded on Dec =
17 or Dec 27. When we did a ping on the ip number - this name came back. S=
endor-rdns1.dyndns.com
Thanks in advance!
Sandra Verhoef
Central College
IT Services
Assistant Director For Desktop Support
641.628.7692
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.=
EDU/archives/resnet-l.html ________________________________________________=
___
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--_000_523EF5A91051FE469D813F5D5A4CEB4D66E48592CH1PRD0411MB444_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Malgun Gothic";
panose-1:2 11 5 3 2 0 0 2 0 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Georgia;
panose-1:2 4 5 2 5 4 5 2 3 3;}
@font-face
{font-family:"\@Malgun Gothic";
panose-1:2 11 5 3 2 0 0 2 0 4;}
@font-face
{font-family:"Copperplate Gothic Light";
panose-1:2 14 5 7 2 2 6 2 4 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.hoenzb
{mso-style-name:hoenzb;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Georgia","serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Ge=
orgia","serif";color:#1F497D">Haven’t seen it myself, =
but Google-fu suggests that it is adware, though perhaps removable via Cont=
rol Panel:<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Ge=
orgia","serif";color:#1F497D"><a href=3D"http://answers.micr=
osoft.com/en-us/protect/forum/protect_other-protect_scanning/how-to-remove-=
sendori-malware/a35e5c4b-63c5-4a59-abab-669a76717ed9">http://answers.micros=
oft.com/en-us/protect/forum/protect_other-protect_scanning/how-to-remove-se=
ndori-malware/a35e5c4b-63c5-4a59-abab-669a76717ed9</a><o:p></o:p></span></p=
>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Ge=
orgia","serif";color:#1F497D"><o:p> </o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Ge=
orgia","serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Ge=
orgia","serif";color:#1F497D">Andrew Lyons<o:p></o:p></span>=
</p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Ge=
orgia","serif";color:#1F497D">IT Support Specialist<o:p></o:=
p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Ge=
orgia","serif";color:#1F497D">ITS Client Support Services<o:=
p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Ge=
orgia","serif";color:#1F497D">University at Albany<o:p></o:p=
></span></p>
</div>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Ge=
orgia","serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style=3D"border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in =
0in 0in">
<p class=3D"MsoNormal"><b><span style=3D"font-size:10.0pt;font-family:"=
;Tahoma","sans-serif"">From:</span></b><span style=3D"font-s=
ize:10.0pt;font-family:"Tahoma","sans-serif""> Resnet F=
orum [mailto:RESNET-L@LISTSERV.ND.EDU]
<b>On Behalf Of </b>Sandy Verhoef<br>
<b>Sent:</b> Wednesday, January 30, 2013 12:28 PM<br>
<b>To:</b> RESNET-L@LISTSERV.ND.EDU<br>
<b>Subject:</b> [RESNET-L] Sendori<o:p></o:p></span></p>
</div>
</div>
<p class=3D"MsoNormal"><o:p> </o:p></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:"Ca=
libri","sans-serif";color:#1F497D">Today, we have had 3 mach=
ines used by faculty/staff that will add DNS IP numbers to machines using D=
HCP or change static DNS IP numbers. We have determined
the new DNS numbers came from Sendori software. Does anyone know anything =
about where the software came from, how it was loaded, and why did it start=
today to cause problems. In at least two cases, it was loaded on Dec 17 or=
Dec 27. When we did a ping on the
ip number – this name came back. Sendor-rdns1.dyndns.com<o:p><=
/o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:"Ca=
libri","sans-serif";color:#1F497D"><o:p> </o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:"Ca=
libri","sans-serif";color:#1F497D">Thanks in advance!<o:p></=
o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:"Ca=
libri","sans-serif";color:#1F497D"><o:p> </o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:"Ca=
libri","sans-serif";color:#1F497D"><o:p> </o:p></span><=
/p>
<div>
<p class=3D"MsoNormal"><b><i><span style=3D"font-size:11.0pt;font-family:&q=
uot;Copperplate Gothic Light","sans-serif";color:#17365D">Sa=
ndra Verhoef<o:p></o:p></span></i></b></p>
<p class=3D"MsoNormal"><b><i><span style=3D"font-size:11.0pt;font-family:&q=
uot;Copperplate Gothic Light","sans-serif";color:#17365D">Ce=
ntral College<o:p></o:p></span></i></b></p>
<p class=3D"MsoNormal"><b><i><span style=3D"font-size:11.0pt;font-family:&q=
uot;Copperplate Gothic Light","sans-serif";color:#17365D">IT=
Services<o:p></o:p></span></i></b></p>
<p class=3D"MsoNormal"><b><i><span style=3D"font-size:11.0pt;font-family:&q=
uot;Copperplate Gothic Light","sans-serif";color:#17365D">As=
sistant Director For Desktop Support<o:p></o:p></span></i></b></p>
<p class=3D"MsoNormal"><b><i><span style=3D"font-size:11.0pt;font-family:&q=
uot;Copperplate Gothic Light","sans-serif";color:#17365D">64=
1.628.7692<o:p></o:p></span></i></b></p>
<p class=3D"MsoNormal"><b><i><span style=3D"font-size:11.0pt;font-family:&q=
uot;Copperplate Gothic Light","sans-serif";color:#17365D"><o=
:p> </o:p></span></i></b></p>
<p class=3D"MsoNormal"><b><i><span style=3D"font-size:11.0pt;font-family:&q=
uot;Copperplate Gothic Light","sans-serif";color:#17365D"><o=
:p> </o:p></span></i></b></p>
<p class=3D"MsoNormal"><b><i><span style=3D"font-size:11.0pt;font-family:&q=
uot;Copperplate Gothic Light","sans-serif";color:#17365D"><o=
:p> </o:p></span></i></b></p>
</div>
<p class=3D"MsoNormal">___________________________________________________ =
You are subscribed to the ResNet-L mailing list.
<o:p></o:p></p>
<p>To subscribe, unsubscribe or search the archives, go to <a href=3D"http:=
//LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">
http://LISTSERV.ND.EDU/archives/resnet-l.html</a> _________________________=
__________________________
<o:p></o:p></p>
</div>
</body>
</html>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
--_000_523EF5A91051FE469D813F5D5A4CEB4D66E48592CH1PRD0411MB444_--
