[27072] in resnet
Re: Trojan DNS Changer Virus
daemon@ATHENA.MIT.EDU (Drury, Mary C.)
Fri Dec 2 13:46:00 2011
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID: <271CA67B407A7041A86DF72953F88137026E00D549@ExchMail.usi.edu>
Date: Fri, 2 Dec 2011 12:40:49 -0600
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: "Drury, Mary C." <MCDrury@usi.edu>
To: RESNET-L@listserv.nd.edu
In-Reply-To: <CACGRg4eR1hwfx2eGEuPEDZkG2NW2D0V2Z-HXF=Q-c9FBX9=aSg@mail.gmail.com>
HitmanPro has been good in the past. No recent (3 months or so) experience.
-------------------------------------------------------------------------------
Mary C. Drury USI Network Administrator
812/464-1976 812/465-1080 (Help Desk)
-------------------------------------------------------------------------------
Confidentiality Statement: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.
-----Original Message-----
From: Resnet Forum [mailto:RESNET-L@LISTSERV.ND.EDU] On Behalf Of Rachel Boutilier
Sent: Friday, December 02, 2011 12:36 PM
To: RESNET-L@LISTSERV.ND.EDU
Subject: Re: Trojan DNS Changer Virus
We run TDSSKiller <http://support.kaspersky.com/faq/?qid=208283363> on any machine that comes in with an infection nowadays. It seems like it does a pretty good job of detecting rootkits.
Rachel
Rachel Boutilier
Client Services Consultant
Macalester College ITS
(651)696-6507
rboutili@macalester.edu
On Fri, Dec 2, 2011 at 12:25 PM, Jeff Kell <jeff-kell@utc.edu> wrote:
On 12/2/2011 12:59 PM, Doughty, Marc wrote:
I've personally seen two machines with 'undetectable' malware in the last few weeks. Undetectable inside the booted system (even running Forefront and Symantec), but clearly visible from a boot disk.
The DNS Changer was often included in TDSS payload packages. TDSS is very prolific at hiding and restoring itself.
Jeff
___________________________________________________ You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.EDU/archives/resnet-l.html ___________________________________________________
___________________________________________________ You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.EDU/archives/resnet-l.html ___________________________________________________
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
