Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Virus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Microsoft mydoom removal tool via SUS

from [Dan Denton] Network Security [Permanent Link]
Subject: RE: Microsoft mydoom removal tool via SUS
Date: Wed, 11 Aug 2004 15:03:22 -0500 
Thanks to all who replied. I think this answered my question pretty
well. It would be nice if MS changed the verbage in the description when
they distribute these updates to remove the "you are likely infected"
portion, but who knows when or if that will happen. Thanks again...

-----Original Message-----
From: Zack Schiel [mailto:ZSchiel@blueandco.com] 
Sent: Wednesday, August 11, 2004 2:58 PM
To: Dan Denton; Eric McCarty; focus-virus@securityfocus.com
Subject: RE: Microsoft mydoom removal tool via SUS


*All* updates that MS sends out for distribution via SUS will show up
for approval in *all* SUS servers; it shouldn't trouble you that it
shows up in the list.  
 
-Z-

        -----Original Message----- 
        From: Dan Denton [mailto:ddenton@PAYLESSOFFICE.com] 
        Sent: Wed 8/11/2004 10:01 AM 
        To: Eric McCarty; focus-virus@securityfocus.com 
        Cc: 
        Subject: RE: Microsoft mydoom removal tool via SUS
        
        

        I never approved the update. The fact that it even shows up in
the list 
        of updates to approve it what troubles me. 

        -----Original Message----- 
        From: Eric McCarty [mailto:eric@lawmpd.com] 
        Sent: Wednesday, August 11, 2004 9:57 AM 
        To: Dan Denton; focus-virus@securityfocus.com 
        Subject: RE: Microsoft mydoom removal tool via SUS 


        If you approve it for update in SUS Admin it will deploy it
whether 
        workstations are infected or not. Uncheck it in the Approved
updates 
        section and it will no longer be an issue. 

        Eric 

        -----Original Message----- 
        From: Dan Denton [mailto:ddenton@PAYLESSOFFICE.com] 
        Sent: Wednesday, August 11, 2004 7:42 AM 
        To: focus-virus@securityfocus.com 
        Subject: Microsoft mydoom removal tool via SUS 

        We use SUS to distribute updates to our workstations and one of
the 
        updates that frequently shows up is the Mydoom removal tool. The

        description says that the appearance of this update is a sign of

        infection, but none of my systems show infection in Symantec's
SSC, and 
        Eeye's mydoom scanner shows nothing as well. Has anyone else had
this 
        issue? I assume at this point that it's a false positive, but
I'm 
        checking all my bases. 

        I apologize if this post is better suited to focus-ms. 

        Dan Denton 
        Information Technology Manager, CCNA 
        Pay-LESS Office Products
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Scanning webpages for viruses and other malicious content, Brian Erdelyi
Next by Date:  Re: Scanning webpages for viruses and other malicious content, SMiller
Previous by Thread:  RE: Microsoft mydoom removal tool via SUS, Dan Denton
Next by Thread:  RE: [Virus-alerts] Playing with Viruses on windows, Jat Pannu
Indexes:  [Date] [Thread] [Top] [All Lists]