Clone Mailer/craigslistmailer invasion from Mars.

Solved
By glhglh
Mar 9, 2013
  1. glhglh

    glhglh TechSpot Maniac Topic Starter Posts: 387

    Don't give up on me Mr. Broni, three 12 hour days, too hard on an old man, I'll work on my wife's servers on Saturday. same with the other ticket. I have tried to defrag, but one only went from 22% to 15 %, I'll try again tonight.

    is there an app that might work better on the server?
  2. Broni

    Broni Malware Annihilator Posts: 46,132   +251

  3. glhglh

    glhglh TechSpot Maniac Topic Starter Posts: 387

    I did a defrag, and it helped a bit, but

    Yes, I tried to download and install several browsers on the GA server (1st problem). I was able to download and load anything onto the Data server, but I could not use the mapped Data Server drive on the GA server to load a program. From the Data data server, I tried to download several programs from Tech Spot. I keep getting messages saying that the "security settings computer will not allow TechSpot to load, Also get an option to add Tech Spot to the exception list of Symanted Endpoint. A popup also shows up offering to add Tech Spot to the exceptions list, but even though the list includes all sites that start http: it says it will only allow https:, that does not good.of allow a download.

    I checked all of the security settings on IE (even put them on "low" settings and tried again), blocked.

    Any ideas?
  4. glhglh

    glhglh TechSpot Maniac Topic Starter Posts: 387

    The DAta server has been frozen for about an hour, so I just started a hard close down and reboot. the boot takes about 10 minutes.
  5. glhglh

    glhglh TechSpot Maniac Topic Starter Posts: 387

    Just performed this update: (It started with the reboot), and it is rebooting again.

    this is what it loaded:

    Downloading Security Update for Windows Server 2003 (KB2807986) (update 1 of 1)... done!
    Initializing installation... done!
    Installing Security Update for Windows Server 2003 (KB2807986) (update 1 of 1)...
  6. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    What are the current issues if any?
  7. glhglh

    glhglh TechSpot Maniac Topic Starter Posts: 387

    These are the messages I've been fighting:

    "You are attempting t5o download a file from asige that is not part of your trusted sites and that might be different from the website you are vewing:
    http://www.techspot.com
    Then, If you trust this website, you can lower security settings for the sige by adding it to the Trusted sites zone. If you know the website is on your local intranet, review help for instructions on adding the site to the local intranet zone insteas.
    Important: adding this website to the Trusted sites zone will oower the settings for all content from this website for all applications, including Internet Explorer.
    then after setting all the Internet Explorer settings to the lowest possible level, adding Techspot.com to the "trusted sties", and rebooting. when I tryed to download the firefox browser from the downloads section, I get a message at the
    To haep protect your security, Interent Ixplorer blocke this site from downloadint files to your computer, click here for options.
    the the only optio is to download, and it is a circle.



    SYMANTEC TAMPER PROTECTION ALERT
    Target: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Help\ClientHelp.chm
    Event Info: Set Attributes File
    ActionTaken: Logged
    Actor Process: C:\WINDOWS\SYSTEM32\CIDAEMON.EXE (PID 7932)
    Time: Sunday, March 17, 2013 12:32:09 AM

    But, by working on it in the morning (as opposed to late after a long day), I was able to download to the Data Server, use the Mapped drive to save the Firefox installation program to the GA Server Drive E, then Install it onto drive E:, and load it into the E: program files. Then start it, and get to Eset, then play the same game and load eset onto the GA server update, and finally it is running on the GA server.

    I'll report when it is completed
  8. glhglh

    glhglh TechSpot Maniac Topic Starter Posts: 387

    Eset is still running. It shows one found. something like win32/opencandy application.

    It probably won't be done running till tomorrow. It is a very big and old and slow hard disk.
  9. glhglh

    glhglh TechSpot Maniac Topic Starter Posts: 387

    On the Data server, eset found one:
    E:\Company\1 from bgm to glh\siw-setup.exe Win32/OpenCandy application cleaned by deleting - quarantined.

    and deleted it.
  10. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    You should be good to go.
    glhglh likes this.
  11. glhglh

    glhglh TechSpot Maniac Topic Starter Posts: 387

    Thank You Very Much for your Help & patience!
     
  12. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    You're very welcome [​IMG]


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.