Office network...one girl gets FBI Ransomware, rest of the network has rootkits

[FremontPC]

Nicely written and gave me a leg up on the subject. Has the feature set changed so much since then?

 

[YeOldeStonecat]

Has the feature set changed so much since then?

The basic stuff is still there....some new stuff has been added since then. I think that article was back with version 5, which was all java based admin...sorta slow. Has since gone to a more snappy web admin, and quite a few new features. So the core stuff is basically the same...just improved..and some new stuff.

 

[Galdorf]

I use an norton dns for stuff like that filters out varying stuff 40 filters out just malware, 50 filters out malware/porn ans 60 filters out malware/porn/gambling stuff perfect for business.
I had lawyers the secretaries were going to gambling sites and getting infected changed router to norton dns blocked all that and malware.

 

[YeOldeStonecat]

Yeah I use a safe DNS service also...OpenDNS. Noticed it helps quite a bit.

However this new variant...and the LinkedIn Phish e-mail points to a few domains such as
***WARNING DO NOT GO TO THESE***

chinafishingtackle dot com don cn

doddee dot com

jwr-landsberg dot de

Some of the latest new phishing sites don't get on the safe DNS services block list yet.

 

[AndyM]

Just out of curiosity, do you use the N-Able Security Manager ¦ AntiSpam? I've found that solution to be a great one for grabbing virus infected emails, and also phishing emails.

Andy

 

[YeOldeStonecat]

They use a different filtering service...but I had already planned on moving them to Office 365 via Appriver next year...as we have a planned retirement of their current SBS03 box coming up soon.

 

[Wheelie]

Man what a nasty onsite!
All workstations hit from that XPaj rootkit. Some of them can't even boot up in safe mode, bluescreen with a 21a no matter what.

Took one of the drives of the bluescreening rigs and slaved into my laptop..external SATA dock, and my laptops MSE jumps right up and goes to finding and cleaning the XPaj.

Had been using Eset and Kaspersky on the other rigs and they were unsuccessful. Heh..sometimes MSE really surprises me.

Whelp... back to making rounds of this office and blowing away MBRs and getting rigs back up.

Got this FBI virus thing on 2 PC's (2 different customers) today. Both BSOD in Safe Mode on 7B. Can't do anything in normal mode boot. Pull hard disk, slave to bench PC clean off 10 to 15 threats with fully updated Avast and Malwarebytes, even ran TDSS Killer (no threats detected) and put back into PC and the dam things respawns after about 30 seconds. Still will not boot safe mode (BSOD 7B). Nothing I saw on the Internet reflects how to deal with this variant.

Guess these 2 PC's are data backups and reloads.

.