Educause Security Discussion mailing list archives
Re: IM trojan
From: "Brewer, Alex D" <Brewerad () MONTEVALLO EDU>
Date: Thu, 22 Jul 2010 07:17:08 -0500
Hi Dick, If you can send me the hijack I can look into it, this sounds like W32.Koobface.B look for these processes C:\Windows\fbtre6.exe or C:\Windows\fmark2.dat if they exist then remove this entry in the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"systray" = "C:\Windows\fbtre6.exe" Alex Brewer Univesity of Montevallo SungardHigherEd brewerad () montevallo edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of RL Vaughn Sent: Wednesday, July 21, 2010 6:25 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] IM trojan Dick Jacobson wrote:
We got hit today with a trojan that is spreading through IM. It references a Facebook presence and contains an image. When the message is clicked on, the trojan spreads to that user's IM list and infects the machine. The symptoms are not always consistent but most have gotten a pop-up when the open a web browser which asks them to click to confirm they are a human and not a robot. McAfee and MalwareBytes do not clean this; and we are rebuilding at least 2 machines because of this. Anyone else seeing this and/or have a fix ?? ----------------------------------------------------------------------- Dick Jacobson e-mail : Dick.Jacobson () ndus edu NDUS IT Security Officer office : STTC 219 phone : 701-231-6280 -----------------------------------------------------------------------
Hi Dick, Let me know if you need an appropriate Facebook contact. Do you have a binary or md5 thereof? Randy
Current thread:
- IM trojan Dick Jacobson (Jul 21)
- Re: IM trojan RL Vaughn (Jul 21)
- Re: IM trojan Brewer, Alex D (Jul 22)
- Re: IM trojan Brian Grime (Jul 22)
- Re: IM trojan Brewer, Alex D (Jul 22)
- Re: IM trojan WILLIAM I ARNOLD (Jul 22)
- Re: IM Trojan Brewer, Alex D (Jul 22)
- Re: IM trojan Jesse Thompson (Jul 22)
- Re: IM trojan Matthew Gracie (Jul 22)
- Re: IM trojan Jesse Thompson (Jul 22)
- Re: IM trojan Matthew Gracie (Jul 22)
- Re: IM trojan RL Vaughn (Jul 21)