MBS / Platte Media Victims' Forum
May 21, 2012, 11:05:35 pm *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: ***** NORWAY TAKES ACTION AGAINST PLATTE ***** *** See latest post on the Forum
 
   Home   Help Search Calendar Login Register  
MBS / Platte Media Victims' Forum > MBS / Platte Media Help and Info > Help! My PC's infected (Moderator: ForumFriend) > Puzzling
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Puzzling  (Read 1894 times)
Dune
Bronze Member
**

Karma: 0
Offline Offline

Posts: 3
« on: July 10, 2008, 07:42:14 am »
Ok. Heres the thing. Boss had it on his laptop, which is great (I suppose) apart from that no-one in the company had been to the site (dont ya just love server history records). At least the security we have should prevent all users from going to films sites / adult content etc. As it does work, how was the managing director complaining about the "irritating popup screen thats pointing to some cr*p site called https://secure.**************.com {removed domain name so they dont complain about saying bad things about them.}. Quite interesting that our anti-virus picked up the fact that the files that installed themselves (you know, like a trojan does). Amazing how it can install itself in system32 and the StartUp folder in Documents and settings so it keeps coming back every time you switch on.

Wonder if anyone else has found the same issue in the same folders. Question is, how did it get put there when Installation is restricted to 1 user and local services. Quite odd don't you think.


Anyone else come across the aforementioned directories.  Wink
Logged
jonlewi5
Administrator
Gold Member
*****

Karma: 9
Offline Offline

Posts: 176
« Reply #1 on: July 10, 2008, 10:02:19 am »
iv not noticed anything in the start-up folder, but yes it is known that the platte files install themselves into window/system32.

Is the laptop set up with an admin account and a "restricted user" account?
Logged

Dune
Bronze Member
**

Karma: 0
Offline Offline

Posts: 3
« Reply #2 on: July 10, 2008, 10:20:53 am »
1 local admin account.

guest disabled

rest of the logins are taken from active directory on the domain. so very restricted.
Logged
jonlewi5
Administrator
Gold Member
*****

Karma: 9
Offline Offline

Posts: 176
« Reply #3 on: July 10, 2008, 10:55:23 am »
Hi Dune

hmmmm this is an interesting one, do you know what permissions are given to users,

may have to look into this one, would it be possible to give some info on the permissions given by the domain controller so i can try and set up a server similar.

thanks
jon
Logged

ijawkuk
Bronze Member
**

Karma: 3
Offline Offline

Posts: 4
« Reply #4 on: July 10, 2008, 03:37:46 pm »
Hmm - sounds like an interesting one for a forensic exam! 
Roll Eyes
Logged
Dune
Bronze Member
**

Karma: 0
Offline Offline

Posts: 3
« Reply #5 on: July 11, 2008, 07:02:48 am »
I will, but this forum isn't the place, as its too public. Have to think about network security dont I. we could continue at the other place jonlewi5.
Logged
jonlewi5
Administrator
Gold Member
*****

Karma: 9
Offline Offline

Posts: 176
« Reply #6 on: July 11, 2008, 10:40:37 am »
Quote from: Dune on July 11, 2008, 07:02:48 am
I will, but this forum isn't the place, as its too public. Have to think about network security dont I. we could continue at the other place jonlewi5.

yep thats fair enough.
Logged

Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.8 | SMF © 2006-2008, Simple Machines LLC Sponsored by PMK admission-psychoanalysts Valid XHTML 1.0! Valid CSS!