[27071] in resnet
Re: Trojan DNS Changer Virus
daemon@ATHENA.MIT.EDU (Rachel Boutilier)
Fri Dec 2 13:38:19 2011
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=0015174484305cfb9f04b3203fe4
Message-ID: <CACGRg4eR1hwfx2eGEuPEDZkG2NW2D0V2Z-HXF=Q-c9FBX9=aSg@mail.gmail.com>
Date: Fri, 2 Dec 2011 12:36:09 -0600
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: Rachel Boutilier <rboutili@MACALESTER.EDU>
To: RESNET-L@listserv.nd.edu
In-Reply-To: <4ED9180D.3030905@utc.edu>
--0015174484305cfb9f04b3203fe4
Content-Type: text/plain; charset=ISO-8859-1
We run TDSSKiller <http://support.kaspersky.com/faq/?qid=208283363> on any
machine that comes in with an infection nowadays. It seems like it does a
pretty good job of detecting rootkits.
Rachel
Rachel Boutilier
Client Services Consultant
Macalester College ITS
(651)696-6507
rboutili@macalester.edu
On Fri, Dec 2, 2011 at 12:25 PM, Jeff Kell <jeff-kell@utc.edu> wrote:
> On 12/2/2011 12:59 PM, Doughty, Marc wrote:
>
> I've personally seen two machines with 'undetectable' malware in the last
> few weeks. Undetectable inside the booted system (even running Forefront
> and Symantec), but clearly visible from a boot disk.
>
>
> The DNS Changer was often included in TDSS payload packages. TDSS is very
> prolific at hiding and restoring itself.
>
> Jeff
> ___________________________________________________ You are subscribed to
> the ResNet-L mailing list.
>
> To subscribe, unsubscribe or search the archives, go to
> http://LISTSERV.ND.EDU/archives/resnet-l.html___________________________________________________
>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--0015174484305cfb9f04b3203fe4
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
We run <a href=3D"http://support.kaspersky.com/faq/?qid=3D208283363">TDSSKi=
ller</a> on any machine that comes in with an infection nowadays.=A0 It see=
ms like it does a pretty good job of detecting rootkits.<br><br>Rachel<br><=
br clear=3D"all">
Rachel Boutilier <br>Client Services Consultant<br>Macalester College ITS<b=
r>(651)696-6507<br><a href=3D"mailto:rboutili@macalester.edu">rboutili@maca=
lester.edu</a><br><br>
<br><br><div class=3D"gmail_quote">On Fri, Dec 2, 2011 at 12:25 PM, Jeff Ke=
ll <span dir=3D"ltr"><<a href=3D"mailto:jeff-kell@utc.edu">jeff-kell@utc=
.edu</a>></span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"ma=
rgin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
=20
=20
=20
<div bgcolor=3D"#FFFFFF" text=3D"#000000"><div class=3D"im">
On 12/2/2011 12:59 PM, Doughty, Marc wrote:
<blockquote type=3D"cite">
=20
I've personally seen two machines with 'undetectable' mal=
ware in
the last few weeks. Undetectable inside the booted system (even
running Forefront and Symantec), but clearly visible from a boot
disk.<br>
</blockquote>
<br></div>
The DNS Changer was often included in TDSS payload packages.=A0 TDSS
is very prolific at hiding and restoring itself.<br><font color=3D"#888=
888">
<br>
Jeff<br>
</font></div><div><div></div><div class=3D"h5">
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_=
blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
</p></div></div></blockquote></div><br>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--0015174484305cfb9f04b3203fe4--
