General discussion



By daverides67 ·

Has anyone heard anthing more about this identity theft ring and its relationship to CWS? It would not surprise me at all if this was true. I used to spend a good part of my day 'trying' to remove it from various machines.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

I wouldn't be surprised at all.

by dnvrtechgrrl In reply to CoolWebSearch

I spent the better part of two days trying to clean off a machine from the family of one of my users here at the office. First thing I did was put a packet sniffer on the machine to find out where things were going - and they were WAY off network. She was playing zombie for 147 different spies. That's not including the trojans and viral infections we located.

She had, among othres, CWS, Adia, Gain, PurityScan, etc...

McAfee finally got everything off; I've secured it as best as possible behind a firewall and every imaginable blocker out there.

The damage has already been done though...


Collapse -

After this happens, I don't trust a "clean"

by jdclyde In reply to I wouldn't be surprised a ...

It is a format and reload for me.

There are things that can be missed, and how many times have you removed a virus just to have the windows crash at every turn?

McAfee huh? I had that crash more systems than it would clean so I had to get rid of it. Systems would fail to boot two out of three times.

Collapse -

Now I've had LOTS of crashes

by dnvrtechgrrl In reply to After this happens, I don ...

But I don't think any of them were ever due to McAfee being involved. The framework service gives me fits now and again - but the newest enterprise release seems to be bug free on that end.

Now, Veritas...
Wanna talk about crashes?
Backup Exec takes my fileserver down at least once a week. 4 of us have done complete rebuilds on that stupid thing and we keep coming back to the same spot - BackupExec.

My confidence is only heightened by the fact that Symantec has taken over the reigns. Lord help us all.


Collapse -

It is a funny thing

by jdclyde In reply to Now I've had LOTS of cras ...

because I will talk to 10 people and half will say one crashes their systems, the other half will swear that it is the other system that does it to them!

I litterally had users uninstall the AV (and it LET them). The only thing that would happen is they couldn't get through the firewall without it installed so they would install it, do their limited surfing, and then uninstall it again. And after every install/uninstall things only got worse (as you can imagine).

The symantec at least demands a password to uninstall it. Maybe the McAfee does now? Been three years so they are due to have made changes.

My only beotch about Symantec is their decision to no longer support anything older than Win2k. You can still get the definitions for enterprise ver 9 until 2007, but you can't install ver 10 on the older systems. While I understand this move, I don't have to like it!

Collapse -

My beotch is ...

by dnvrtechgrrl In reply to It is a funny thing

mostly that a lot of older software is still out there - working fine the way it is - and isn't updated or supported anymore.

I thought it was McAfee that kept crashing the server but when I did some poking around I saw some updates that came though for Backup Exec. Had a nice little chat with Veritas on that one - they no longer support NT. (Which is what we still run our BDC's on. 90 of them nationwide.)After three hours of tweaking some scripting we got them running again - and now when a patch comes through I have to call the same guy to work through it. I can only imagine what version 11 will hold in store.

McAfee I've not experienced any uninstall issues with. Every once in a blue moon ePO will throw me for a loop - but no more than SUS/WSUS does so... I guess no matter who made the software it's still an imperfect world. McAfee, as I understand it, will require a password if you have originally set password protection on console; but my experiences is mostly limited to the enterprise edition(s). Also, sometimes the framework service will glitch out on the 2k machines. Nothing that can't be easily solved though. It doesn't seem to be happening on the XP machines.

I hear though that a lot of companies are moving over to TrendMicro? That might be in store for us later. I know they secure our exchange servers.

We had our machines patched and secured as best as possible in '03 and Blaster still got in and wreaked havoc on a nationwide, multi-continental network.

Corporate is still pretty miffed about that.

Collapse -

Blaster never got in

by jdclyde In reply to My beotch is ...

but that is because I only allow required services AND run linux servers.

If I wouldn't have read the news, I wouldn't have even noticed. :)

Collapse -

re veritas...

by Jaqui In reply to Now I've had LOTS of cras ...

HIGH: Symantec Veritas Backup Exec File Download
Veritas Backup Exec for Windows Servers all versions

Description: A 0-day vulnerability was reported in the Veritas Backup
Exec software for Windows servers. This vulnerability can be exploited
by an attacker to download arbitrary files from any Windows server
running the backup agent. This can lead to stealing of sensitive data
especially for the servers in financial or e-commerce sectors. Exploit
code is available in the Metasploit testing tool and has been seen in
the wild.

Status: Veritas has not released any patches yet. A workaround is to
block the port 10000/tcp at the network perimeter.

Symantec Advisory

Collapse -

Well that's just great...

by dnvrtechgrrl In reply to re veritas...

Every time Veritas releases a patch I get to spend three days getting the software to recognize my drive.

If only I had the budget to switch to an LTO drive...

Collapse -

i can relate

by daverides67 In reply to I wouldn't be surprised a ...

Sounds like the usual suspects. Isn;t it amazing at how long it takes to clean these infections? Cws is especially tricky as each new variant has a different removal method. But like you said, at that point the damage is already done.


Collapse -

Supposed to be one of the worst

by Dr Dij In reply to i can relate

to remove. I'm surprised at how many sites try to load spyware on my PC.

disable activex, use firefox when possible.
when adaware and spybot run thru, reasonably sure is clean. I have outbound firewall too.

Related Discussions

Related Forums