Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 2005 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Virus Like Activity

Syntax

Just received this regarding some strange behaviour on a workstation protected by sophos does this ring bells to anyone out there?

On Friday **** reported to me that his computer had replaced the normal google search engine to a picture of 3 old men. I have now seen a similar instance but this time on the *********** website, the school slide show being replaced by 2 pictures not on the website (a picture of 2 cables and a badger). I have run sophos to check for viruses, **** machine came up with no viruses the key stage 1 laptop is still running. If we log onto other machines we do not get the problem, any ideas.

:2877


This thread was automatically locked due to age.
Parents
  • 0

    Hello Syntax

    What options have you enabled in Sophos?

    Are you doing rootkit scanning? What about suspicious scanning?

    If Sophos doesnt report on either of those, i dont think it would be threat related.

    I have come across two scenarios where i though it might be a threat due to behaviour. 

    When creating a folder, instead of the the default 'New Folder' it started giving birds name. Strange i know.

    Turned out to be a recently installed version of alzip. 2hours later laughing at the amount of time it took to figure it out.

    2nd scenario, Sophos wasnt detecting anything 'abnormally' suspicious.

    Turned out the company screen saver (which waslegate during the original deployment of Sophos), was demend susipicious, and was authorized.

    later on, the screen saver was infected and distributed to every machine in the network.

    Pondering why Sophos wasnt detecting anything, becuase it had been previously authorized.

    If you have enabled Sophos to scan fully, with suspicious, rootkit, etc and it doesnt report anything

    Look into recently installed programs, look at what has been authorized.

    On a side note, a few years ago I once saw a program (april fools joke program) That would change the mouse into something else for about 5seconds. This happended every 10 minutes.

    It wasnt a threat but it always stuck by me. If i didnt know the program was capable of doing it, i would think it is a threat.

    The Threats ive seen now days dont really do that. They not out to impress the users, they out to impress the people they drive past in their new car from fraud .

    :2911
Reply
  • 0

    Hello Syntax

    What options have you enabled in Sophos?

    Are you doing rootkit scanning? What about suspicious scanning?

    If Sophos doesnt report on either of those, i dont think it would be threat related.

    I have come across two scenarios where i though it might be a threat due to behaviour. 

    When creating a folder, instead of the the default 'New Folder' it started giving birds name. Strange i know.

    Turned out to be a recently installed version of alzip. 2hours later laughing at the amount of time it took to figure it out.

    2nd scenario, Sophos wasnt detecting anything 'abnormally' suspicious.

    Turned out the company screen saver (which waslegate during the original deployment of Sophos), was demend susipicious, and was authorized.

    later on, the screen saver was infected and distributed to every machine in the network.

    Pondering why Sophos wasnt detecting anything, becuase it had been previously authorized.

    If you have enabled Sophos to scan fully, with suspicious, rootkit, etc and it doesnt report anything

    Look into recently installed programs, look at what has been authorized.

    On a side note, a few years ago I once saw a program (april fools joke program) That would change the mouse into something else for about 5seconds. This happended every 10 minutes.

    It wasnt a threat but it always stuck by me. If i didnt know the program was capable of doing it, i would think it is a threat.

    The Threats ive seen now days dont really do that. They not out to impress the users, they out to impress the people they drive past in their new car from fraud .

    :2911
Children
No Data
Unfiltered HTML