Jump to content


  • Posts

  • Joined

  • Last visited

SpencerK's Achievements


Newbie (1/6)



  1. Wazoo, I am sorry - I honestly didn't realize you was addressing me in your previous post. It is not a case on figuring out how to use the forum, as this issue of quoting (rightly or wrongly) has never been raised in any forum I have used. But, I do apologize. If there was a way to edit my post and remove the offending quote, I would.
  2. Thank you very much for the information there. And you sure are right about me not having "the power". I'm working at a printing factory that basically has no IT infrastructure - we are running Windows Server 2000, our router is 6 years old and we cannot access the interface to enable port restrictions, we have cables stuck in place by tape. Our switch is so unstable that if you remove a single RJ-45 plug from one floor outlet, place into another, it could short out any particular connection/phone connection. Our firewall, exchange server is handled by an IT company - which means to get anything done I have to call them and deal with their less than cheerful support personnel. Why is it like this? Well, because my employer simply does not want to spend any money. He has got me in here simply on the "cheap" option because he is launching an online print procurement bit of software that he needs someone to run, me. I have been studying for 6 years, and have little to no relevant work experience.. Well, I have a lot more now then when I started 5 months ago. I do indeed run Malware Bytes, Windows security tool, various apps every 2 weeks to keep on top of things - the most we have ever had was 3/4 trojans.. Now this situation was totally different - firstly only my machine was infected - went round and installed AVG (ignored our enterprise AV) and found nothing. Now, like I said, my machine is locked down for the most part - no RPC, Spybot running, NETBIOS turned off. Firefox + no scri_pt - then general light security preventions. In all the many years I've been working with comps I have only had one virus/trojan - that was b/c I clicked something I should not have. My only, idiotic, mistake was leaving my PC unlocked. That certainly wont happen again... What I need to understand, so this does not happen again, is how could a trojan be downloaded onto my machine, then run, apparently this would mean I would have to have had a trojan on my pc to enable someone to take control - it must have been someone downloading, working, on my PC when I was not in my office. How could a hacker gain control of my PC, that would mean he penetrated our firewall + NAT and specifically targeted the one of the 4/5 PC's that is left on each night. He targeted my PC, then proceeded to upload multiple trojans and viruses. It is possible sure. Or was it a case of the factory staff having a walk about late at night, found my PC - turned on the monitor and started visiting certain sites. Which they have been found to do before on the Data Capture units in the factory floor. Why not go to another PC where they will not get found out.. Anyway, we can send and receive mail now. All I have to do is try and salvage my main PC with all my work on it. The virus I had infected every .exe - and when I run AVG it healed all of them - which is said it would not heal critical files - so I only have a blank desktop and access to Task Manager - no windows services are running, there are no valid paths to anything. I can see my files through the CMD, so hopefully I can remove the HD and set it as slave, then extract all the data. This was a good learning experience I must say.. Just hope next time it's a bit easier.. If I had hair, I would have pulled it out! Thanks for listing and your help, and have a wonderful day!\ EDIT: Not sure if you are interested, but found this page which basically describes how one could get infected with my particular virus.. Boy, this bugger is nasty - unless you power cycle it could stay around after you have deleted/created a new partition. http://community.ca.com/blogs/securityadvi...-the-loose.aspx That pretty much describes the process of getting my particular trojan - accessed by visiting a hijacked HTML page. Funny thing is, IE was open on my PC when I first entered my office - I never use IE unless to test HTML code for websites.. I use Firefox with no scri_pt! So my pc was not hijacked, I got in this mess by someone visiting a hijacked page..
  3. Hello Andrew - well, did a scan on all other machines and found nothing. Did a backup while I was there. So I basically think it was my PC alone that caused the issues. Which brings me to the point why, why suddenly did my PC get about 50+ Malware and numerable viruses - which I did nothing different then any other night. Well, I think that some of the factory "lads" have come up to my office and had their way with my machine. I noticed the door closed, when I leave my office open.. Other little things I noticed as well. No way would having a SSH open + logmein active cause all these trojans to become active - hell, I would have to actually click on something.. I will investigate this further. Shame my main PC is totally buggered now, could have looked at the logs. Anyway, I hit the confirmation button, and received the email - then confirmed the email. Fingers crossed it works. All machines in my workplace where shutdown. So if we are producing spam its only coming from the main server. I just hope this works, then I can try to save all my work on my main PC. I only have access to the task manager.. There was a barracuda site also that our "rep" was bad on - but I sent them a mail. What a whole knew world this spam prevention is.. Anyhoo - thank you very much for your help, will note here if all is alright. Don't think I could stand another "My emails come back to me".
  4. Hi Andrew - indeed I am staying late tonight. And I really do understand the necessity of security and feel somewhat ..erm, whats the word.. pissed? That it was my fault (to some extent) that this happened. I know leaving my PC with said apps open was not in best practice. But logmein is 232bit Encryption, and SSH is meant to be secure. This still does not make it acceptable. But I have been doing this for months, and suddenly this happens. What does grind me a bit though, I have said to my boss many times we need to update our ancient virus scanner Mac ver 7 Enterprise - it does not pickup viruses or trojans well. I have to go round and scan with MS-Tool, Malware bytes every 2 weeks. I have spoken to our IT people, the first bloke did not really understand what I was saying, but I sent them a mail confirming that I wanted all traffic on port 25 restricted apart from our mail server. I will wait until everyone has gone, then scan all PC's using AVG - as AVG found the win32/virut virus on my machine.. Still, this particular nasty virus does not send out spam emails.. Anyway, thanks for your support.
  5. Hello Steve - thank you very much for taking the time to respond. Unfortunately our firewall is run by a monthly paid IT company - I do not have access to this. And at present they are moving, so cannot provide any help. I have read that stopping all SMTP traffic, apart from the mail server, will help - and will get this ammended as soon as possible. I only have 10 users (Printing Factory) here. I have run AV scans on most of the PC's and nothing. So I do think that my PC (god, thats hurting - I left my pc on last night, had loads of windows open - I had logmein open, and a SSH window/connection - but both these are encypted.. Surely this did not give the trojan a open door?) Anyhoo. I'm serioulsy thinking I should hit the send confirmation button and get an email sent. But I do not want to be without out-going mail for days.. People here are blaming me.. everyone's got the hump with me.. lol.. I'm hearing ya Derek - but, lol - I cannot touch our Router (BT's propriotory software) and I cannot access our Firewall.. My hands are cut off - I cannot install AVG on the work PC's because that is bothering everyone. I'm fairly new to IT, and having the worst day of my life I'd rather have piles.
  6. Hi I have added a postmaster email address. But yes, as you expressed Senderbase does show that we are still spamming.. This is turning out to be a nightmare. The trojan that was loaded into my system was the win32/virut which has basically infected every single .exe rendering my main PC useless. Now I had to download another AV scanner for it to be noticed on my PC - therefore, this virus could have infected the whole company. Today just gets worse and worse. I will run a AV scan on all other PC's and see if I catch anything. If not, then I'll hit the confirmation button and hope. thanks for the info spencer EDIT: Right, I have run scans on the rest of the PC's in our domain and have found no viruses/trojans. However, SenderBase still shows activity, and SpamCop has still blacklisted. Is there anything else I can do? I'm fairly knew to all this, therefore do not know what to do. I do not want to send the confirmation and get Mul'ad!
  7. Hello Derek - thank you very much for you response. Yes, I do work for Prometheus Press - I'm the only IT guy in the establishment. Firstly, I'm all very new to this - so forgive my lack of knowledge. I know there are many forms of communications, and have asked users to send mail via a browser based client if the email is deemed to be very important. I was just under the impression that once we got delisted from SpamCop users would be able to send email again. Just like they did yesterday, before we got attacked. But, you have given me some useful information in that I can get users to contact the various compaines and ask them to add us to their whitelist. I can send emails to hotmail, but to all other addresses they are not getting through, with no indication that they are not getting through. Before I was delisted, from most other places, this morning I was receiving notifications that emails were not getting through. Now emails are not getting through, but with no indication - which is causing no-end of trouble. Gah.. I don't know what to do. How can I get delisted from spamcop quicker? - it is not possible for me to get the email addresses listed in the drop-down box registered. Thank you Derek for you help in this stressful time..
  8. Hello there. My workstation was flooded with viruses and trojans. It got hacked last night (how they got through our firewall - past our scanner is another topic) Might be b/c I left my station on all night, or really don't. Anyway.. we was blacklisted by a fair few places, but I have now removed the offending machine from our network until we can be sure that all viruses/trojans/malware has been removed. The only place, is seems, we are still blacklisted with is spamcop. mail.prometheuspress.co.uk We cannot send out any emails, we can receive of course. This is costing us money, and I'm getting calls and frowns every other minute. So you can understand why I do not want to wait 9 hours for Spamcop to remove us. There is a quick option "Send delist confirmation email to:" but, lol, none of the emails listed in the drop-down box are registerd with our company - why can we not add in our own? Anyway, is there a way to get delisted ASAP? Thank you very much indeed. Forgive me if I proposed my question in the wrong format. This is like the 7th email I've had to make practically begging for some company to remove us, so we can stop losing money.
  • Create New...