Incidents
virus restarting machines Jan 24 2008 07:44AM
adrian_smith live com (2 replies)
Re: virus restarting machines Jan 24 2008 05:02PM
ViersOnline (viers free fr) (2 replies)
RE: virus restarting machines Jan 24 2008 06:30PM
Dustin Larmeir (dustin larmeir com) (1 replies)
RE: virus restarting machines Jan 24 2008 08:24PM
Miha Pihler (Miha Pihler snt si)
> Your system is most likely compromised and with windows that is always a
really bad thing.

And with all other operating systems, being compromised, would be a good
thing? :-D

Mike

-----Original Message-----
From: Dustin Larmeir [mailto:dustin (at) larmeir (dot) com [email concealed]]
Sent: Thursday, January 24, 2008 7:30 PM
To: 'ViersOnline'; adrian_smith (at) live (dot) com [email concealed]
Cc: incidents (at) securityfocus (dot) com [email concealed]
Subject: RE: virus restarting machines

I have definitely seen this behavior before. I have found that even safe
mode would not stop this though booting into last known good config may work
if it is related to a recent software installation. Your system is most
likely compromised and with windows that is always a really bad thing. I
would use a PE environment and see what you can find.

-----Original Message-----
From: ViersOnline [mailto:viers (at) free (dot) fr [email concealed]]
Sent: Thursday, January 24, 2008 11:03 AM
To: adrian_smith (at) live (dot) com [email concealed]
Cc: incidents (at) securityfocus (dot) com [email concealed]
Subject: Re: virus restarting machines

the one I know, having such a gross behavior is called windows update :)

adrian_smith (at) live (dot) com [email concealed] wrote:
> anyone has ever experienced this kind of problem, probably due to
virus/spyware, causing server and pc to reboot ( wondows2003)... i post the
message i've found in log:"The process GL_<random_number>.exe has initiated
the restart of computer SERVER on behalf of user NT AUTHORITY\SYSTEM for the
following reason: No title for this reason could be foundReason Code:
0x0Shutdown Type: restart" thx
>
>
>

0? *?H?÷
 ?0?1 0 +0? *?H?÷
 ? Ù0?=0?¦ͺVðßä¼Tþ"¬³rªU0
 *?H?÷
0_1 0 UUS10U
VeriSign, Inc.1705U .Class 1 Public Primary Certification Authority0
960129000000Z
280801235959Z0_1 0 UUS10U
VeriSign, Inc.1705U .Class 1 Public Primary Certification Authority0?0
 *?H?÷
0?å¿m£Va-?HqögÞ¹ë·???
?ú8%¯F??ås¨ ?$]
Ìen °ÐV????¡sß´X9knÁöÕ¨¨?ª1¬°4׏4g? ÍâNEVix?ÚÜG?)»6Éc\Åà×-?{¡·2°{0º*/1ªî£gÚÛ0
 *?H?÷
L?¸?ÆhßîC3]é¦Ë?Mz3ÿ?ô6­Ø?"6hl|BÌó?.Ä?°Oÿ?vùâ¼JéÍ ?
÷Å)ñ?"]¸±Ý#£{%F0yøêK?ÂÈã·ô@<Ã_SèHä?´{¡5°{%º¸Ó?«?84?óÑq?0?Ä0?
¬ }Ì<¹Zµ*)\üæku7ë0
 *?H?÷
0Ý1 0 UUS10U
VeriSign, Inc.10U VeriSign Trust Network1;09U 2Terms of use at https://www.verisign.com/rpa (c)0510U Persona Not Validated1705U.VeriSign Class 1 Individual Subscriber CA - G20
080113000000Z
090112235959Z0?10U
VeriSign, Inc.10U VeriSign Trust Network1F0DU =www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)9810U Persona Not Validated1402U +Digital ID Class 1 - Microsoft Full Service10U Miha Pihler1!0 *?H?÷
 miha.pihler (at) snt (dot) si0 [email concealed]?0
 *?H?÷
0??ë±|GÇ9+?J ;DPá{)$M9?Ïn¼Ø#¤%÷«?þõãà?Á­?_« öÉLbç=Ô²?Q/¦Ð",%C?¼îþ¶¾^ ôCG©º¾?ÞôÙÛ ©·3SäAWÌ÷ñU{µüCgî?ZL?Þ:°È6Ôm££Ì0É0 U00DU =0;09 `?H?øE0*0(+https://www.verisign.com/rpa0 U
 0U%0++0JUC0A0? = ;?9http://IndC1Digita
lID-crl.verisign.com/IndC1DigitalID.crl0
 *?H?÷
??(5Q´$6ށé:[QªpØuðcóÜÝå>??tÚ?J·W?4æÈ?µbH}?$!
¨+³rJâ<P? ¨©
ÅÞTÌ^HðûÁ?²×ß)$äI%Ó©O?#²O°UX??õvÆN^¬­,©+ ¼oµ?T:ÉCh7 ùçîºï,hìS%9ú\O?c?Ü}È?l{û1ÌølÂ$?UI5·$]7Oâ&Ï?Ì'?úüº?ù>äÑ _6JâûÏ
|
I4$?3?ÏUÙ½'Õ·?ç¬Áí wûZÈ2Ð`Ð+ñ¾GåÒªÆ0¼<wK0?Ì0?5 ®k
?ôæ/"?£Útal0
 *?H?÷
0_1 0 UUS10U
VeriSign, Inc.1705U .Class 1 Public Primary Certification Authority0
051028000000Z
151027235959Z0Ý1 0 UUS10U
VeriSign, Inc.10U VeriSign Trust Network1;09U 2Terms of use at https://www.verisign.com/rpa (c)0510U Persona Not Validated1705U.VeriSign Class 1 Individual Subscriber CA - G20?"0
 *?H?÷
?0?
?É߬çêøøÄ?ÕÁ~6Â<ï|rËÀ«?=?Îo,?í?&æ¶Çæ­C?¤?GGL>TøløÇü±?½0p¼?±ê
?ñ­@ÅDzK¢ò`ü×:ebïÿ{¢V»ÅNp-Ö¢<í°Bè^W!¬¦?ÙéÒÀtGB üÅ4êýæº$Ñ7¢×sÏ
A/c²:?¾¥nôÉJ[=?¦»5ùÔ/qvY»K¶>ÖüZôÖ?òIþl íéÙ?u?yÎ`'ݹ­uÎ/s?z@:?uI°¸ßh¼«Í??P£à< ®À
SÍ×0o?2FäIÂlâ¯yÿÛ´µ£??0??0Uÿ0ÿ0DU =0;09 `?H?øE0*0(+https://www.verisign.com/rpa0 U
0 `?H?øB0.U'0%¤#0!10UPrivateLabel3-2048-1550U
}^}<ßjlÖ¢??1Ø;?R01U*0(0& $ "? http://crl.verisign.com/pca1.crl0U#z0x¡c¤a0_1 0 UUS10U
VeriSign, Inc.1705U .Class 1 Public Primary Certification Authority?ͺVðßä¼Tþ"¬³rªU0
 *?H?÷
±/Ù?á?¢î`åÈ* ûág,Ö?S£éKøD?F÷ú þÓ£Ò¿ìÖ?JMCøÊ»¾?IÝ!s3WÂBZ¾ú?²æ1?N]<ðs7cë¿?
Y?ýfÞé?2??)<:®TÚ¦Q±ÈÊÓGxæÛ¥?ãÑÀÂ!öº1?Ä0?À0ò0Ý1 0 UUS10U
VeriSign, Inc.10U VeriSign Trust Network1;09U 2Terms of use at https://www.verisign.com/rpa (c)0510U Persona Not Validated1705U.VeriSign Class 1 Individual Subscriber CA - G2}Ì<¹Zµ*)\üæku7ë0 + ?'0 *?H?÷
 1  *?H?÷
0 *?H?÷
 1
080124202404Z0# *?H?÷
 1A?Pã*Wt¦ YÇ´%¢p0· *?H?÷
 1©0¦0  `?He*0  `?He0
*?H?÷
0  `?He0*?H?÷
?0
*?H?÷
@0+0
*?H?÷
(0+0  `?He0  `?He0  `?He0
*?H?÷
0? +?71õ0ò0Ý1 0 UUS10U
VeriSign, Inc.10U VeriSign Trust Network1;09U 2Terms of use at https://www.verisign.com/rpa (c)0510U Persona Not Validated1705U.VeriSign Class 1 Individual Subscriber CA - G2}Ì<¹Zµ*)\üæku7ë0? *?H?÷
  1õ ò0Ý1 0 UUS10U
VeriSign, Inc.10U VeriSign Trust Network1;09U 2Terms of use at https://www.verisign.com/rpa (c)0510U Persona Not Validated1705U.VeriSign Class 1 Individual Subscriber CA - G2}Ì<¹Zµ*)\üæku7ë0
 *?H?÷
?>$6gFð¹}Y?b´õ?º½?X=r?Oû_i#?'o_^ÚªÈTZÿTpB??Sª»?ü¤½:Õú&­WS­
åí­ê?×ã¸ÓÖߦ;°Ô®Fo^^?4´7K ½;o'Â? Ããu¢ý!<Ù÷?3̤-ÇP+]då?Ä#

[ reply ]
RE: virus restarting machines Jan 24 2008 05:49PM
Worrell, Brian (BWorrell isdh IN gov)
RE: virus restarting machines Jan 24 2008 05:00PM
Shenk, Jerry A (jshenk decommunications com)


 

Privacy Statement
Copyright 2010, SecurityFocus