Security Basics mailing list archives
RE: Bad Antivirus
From: Dan Lynch <DLynch () placer ca gov>
Date: Wed, 30 Jan 2013 09:31:42 -0800
You can no longer trust those servers. Cut your losses, format, re-install, and restore the executables from known-good backups. Change any passwords that may have been typed at the server's console, or stored or cached locally on the server. If the servers stored or handled any sensitive data make the appropriate notifications. Evaluate any other hosts in the environment, keeping in mind that this can spread via shares and removable drives. Then determine how the infection occurred, and take steps to ensure that it doesn't happen again. Dan Lynch Information Technology Analyst County of Placer Auburn, CA
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of sec milis Sent: Tuesday, January 29, 2013 7:40 PM To: security-basics () securityfocus com; bugtraq () securityfocus com Subject: Bad Antivirus Dear folks, I have 3 W2K3 servers, each are running same software binary exe files. One month ago, they infected with some rootkits and viruses which later on I know from antivirus detection this malware called sality, ipz, etc. After installing a new antivirus and revealed the malware, some of my software seems not running as expected. At the moment, I suspect that the malware still there because the AV may not capable to clean them all. I tried using 3 or 4 most popular AV, but all were claimed the servers are clean while my software couldn't run smoothly. In fact, some of exe files has been changed in size while I am not sure whether this changed made by viruses or 'bad' AV I just installed. If I try to proof that my exe files has been changed by this 'bad' AV, does anyone know how to proof this things ? By reversing this exe files, is it possible to get which part of the files has changed ? Thank's Ibha ID ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f 727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Bad Antivirus sec milis (Jan 29)
- RE: Bad Antivirus Dan Lynch (Jan 31)
- <Possible follow-ups>
- Bad Antivirus sec . melis (Jan 29)
- Re: Bad Antivirus iamherevivek (Jan 29)
- Re: Bad Antivirus Melissa Augustine (Jan 30)
- Re: Bad Antivirus Adam Pal (Jan 30)
- Re: Bad Antivirus Andre Silaghi (Jan 30)
- Re: Bad Antivirus Michael Peppard (Jan 31)
- Re: Bad Antivirus iamherevivek (Jan 29)