Educause Security Discussion mailing list archives
Re: sys32.pif & msdos-1.pif & msdos.pif
From: "Barbara Chung (DURTSCHI)" <bchung () MICROSOFT COM>
Date: Mon, 19 Sep 2005 12:29:34 -0700
The attacker had full control of the computer, and probably put a backdoor in there. That's not entirely relevant though, because there's no way for you to know what they have done-you can't trust the machine. The best course is to flatten the machine, and reset the passwords of any account that was used to logon to it. If this machine is a member of a domain, and a domain admin logged onto the machine, there will be a lot more to do. If you need help with this issue please let me know. Barbara Chung, CISSP, CISM Security Advisor, Education Cell: 917-592-0185 ________________________________ From: Laurie Coles [mailto:lcoles () CBU EDU] Sent: Monday, September 19, 2005 2:55 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] sys32.pif & msdos-1.pif & msdos.pif We have been having continual problems with a worm. We started out with msdos.pif running in the processes and it was also in the registry. I was able to find a tool to remove this worm. I then patched the computer with the most updated patches from Microsoft. Then I started seeing msdos-1.pif, now I'm seeing sys32.pif. These PCs have previously had this worm removed and have been patched. Has anybody else been seeing this type of problem. I cannot find anything on the internet about the sys32.pif. Thanks, Laurie Coles Laurie L. Coles Director of Network Services 901-321-3480
Current thread:
- sys32.pif & msdos-1.pif & msdos.pif Laurie Coles (Sep 19)
- <Possible follow-ups>
- Re: sys32.pif & msdos-1.pif & msdos.pif Barbara Chung (DURTSCHI) (Sep 19)
- Re: sys32.pif & msdos-1.pif & msdos.pif Griffith, Randall S. (Sep 19)