Search Results

Search found 1161 results on 47 pages for 'virus'.

Page 17/47 | < Previous Page | 13 14 15 16 17 18 19 20 21 22 23 24  | Next Page >

  • Restoring MBR, partition table, and boot sector of memory card without data loss ("USBC")

    - by Synetech
    Abstract I have a FAT32 memory card that when inserted into a computer causes Windows to prompt to format it. The card is definitely not supposed to be blank and has a bunch of files on it. Symptoms Using a hex-editor/disk-viewer, I examined the card and found that several sectors/clusters have been overwritten with something that has a signature of USBC at the start of the sector. Specifically, the master boot record (and partition table) is gone (hence Windows thinking the card is blank and needing to be formatted), as are the boot sectors (they have the USBC signature and a volume label of NO NAME and partition type of FAT32). Fortunately, it looks like both copies of the FAT are almost entirely intact (a few FAT entries at the start of a cluster here and there seem to be overwritten by USBC). The root directory is also nearly intact—I can see the volume label entry and subdirectory listings, but one sector is overwritten. (There are no more instances of USBC after the last one in the FAT2.) Hypothesis These observations seem to indicate some sort of virus that erases a few key filesystem structures, and then overwrites a few extra sectors here and there. Googling it seems to corroborate the idea of a virus, except that others report a file called USBC which does not apply here, and in fact, could not be possible since there is no filesystem to even see files. I cannot find any information about a virus with these symptoms, nor a removal tool. (I can't help but wonder if it is actually due to an autorun virus prevention tool.) Question I can likely fix the FAT corruption since they are mostly contiguous chains and maybe even the lost sector of the root directory, but does anyone know of a convenient way to restore or (re)create the MBR/partition table and boot sectors (without formatting or overwriting the data)?

    Read the article

  • NetApp erroring with: STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT

    - by Sobrique
    Since a sitewide upgrade to Windows 7 on desktop, I've started having a problem with virus checking. Specifically - when doing a rename operation on a (filer hosted) CIFS share. The virus checker seems to be triggering a set of messages on the filer: [filerB: auth.trace.authenticateUser.loginTraceIP:info]: AUTH: Login attempt by user server-wk8-r2$ of domain MYDOMAIN from client machine 10.1.1.20 (server-wk8-r2). [filerB: auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- attempting authentication with domain controller \\MYDC. [filerB: auth.trace.authenticateUser.loginRejected:info]: AUTH: Login attempt by user rejected by the domain controller with error 0xc0000199: STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT. [filerB: auth.trace.authenticateUser.loginTraceMsg:info]: AUTH: Delaying the response by 5 seconds due to continuous failed login attempts by user server-wk8-r2$ of domain MYDOMAIN from client machine 10.1.1.20. This seems to specifically trigger on a rename so what we think is going on is the virus checker is seeing a 'new' file, and trying to do an on-access scan. The virus checker - previously running as LocalSystem and thus sending null as it's authentication request is now looking rather like a DOS attack, and causing the filer to temporarily black list. This 5s lock out each 'access attempt' is a minor nuisance most of the time, and really quite significant for some operations - e.g. large file transfers, where every file takes 5s Having done some digging, this seems to be related to NLTM authentication: Symptoms Error message: System error 1808 has occurred. The account used is a computer account. Use your global user account or local user account to access this server. A packet trace of the failure will show the error as: STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT (0xC0000199) Cause Microsoft has changed the functionality of how a Local System account identifies itself during NTLM authentication. This only impacts NTLM authentication. It does not impact Kerberos Authentication. Solution On the host, please set the following group policy entry and reboot the host. Network Security: Allow Local System to use computer identity for NTLM: Disabled Defining this group policy makes Windows Server 2008 R2 and Windows 7 function like Windows Server 2008 SP1. So we've now got a couple of workaround which aren't particularly nice - one is to change this security option. One is to disable virus checking, or otherwise exempt part of the infrastructure. And here's where I come to my request for assistance from ServerFault - what is the best way forwards? I lack Windows experience to be sure of what I'm seeing. I'm not entirely sure why NTLM is part of this picture in the first place - I thought we were using Kerberos authentication. I'm not sure how to start diagnosing or troubleshooting this. (We are going cross domain - workstation machine accounts are in a separate AD and DNS domain to my filer. Normal user authentication works fine however.) And failing that, can anyone suggest other lines of enquiry? I'd like to avoid a site wide security option change, or if I do go that way I'll need to be able to supply detailed reasoning. Likewise - disabling virus checking works as a short term workaround, and applying exclusions may help... but I'd rather not, and don't think that solves the underlying problem. EDIT: Filers in AD ldap have SPNs for: nfs/host.fully.qualified.domain nfs/host HOST/host.fully.qualified.domain HOST/host (Sorry, have to obfuscate those). Could it be that without a 'cifs/host.fully.qualified.domain' it's not going to work? (or some other SPN? ) Edit: As part of the searching I've been doing I've found: http://itwanderer.wordpress.com/2011/04/14/tread-lightly-kerberos-encryption-types/ Which suggests that several encryption types were disabled by default in Win7/2008R2. This might be pertinent, as we've definitely had a similar problem with Keberized NFSv4. There is a hidden option which may help some future Keberos users: options nfs.rpcsec.trace on (This hasn't given me anything yet though, so may just be NFS specific). Edit: Further digging has me tracking it back to cross domain authentication. It looks like my Windows 7 workstation (in one domain) is not getting Kerberos tickets for the other domain, in which my NetApp filer is CIFS joined. I've done this separately against a standalone server (Win2003 and Win2008) and didn't get Kerberos tickets for those either. Which means I think Kerberos might be broken, but I've no idea how to troubleshoot further. Edit: A further update: It looks like this may be down Kerberos tickets not being issued cross domain. This then triggers NTLM fallback, which then runs into this problem (since Windows 7). First port of call will be to investigate the Kerberos side of things, but in neither case do we have anything pointing at the Filer being the root cause. As such - as the storage engineer - it's out of my hands. However, if anyone can point me in the direction of troubleshooting Kerberos spanning two Windows AD domains (Kerberos Realms) then that would be appreciated. Options we're going to be considering for resolution: Amend policy option on all workstations via GPO (as above). Talking to AV vendor about the rename triggering scanning. Talking to AV vendor regarding running AV as service account. investigating Kerberos authentication (why it's not working, whether it should be).

    Read the article

  • How important is patch management?

    - by James Hill
    Problem I'm trying to sell the idea of organizational patch/update management and antivirus management to my superiors. Thus far, my proposition has been met with two responses: We haven't had any issues yet (I would add that we know of) We just don't think it's that big of a risk. Question Are there any resources available that can help me sell this idea? I've been told that 55-85% of all security related issues can be resolved by proper anti-virus and patch/update management but the individual that told me couldn't substantiate the claim. Can it be substantiated? Additional Information 1/5 of our computers (the ones on the building) have Windows update turned on by default and anti-virus installed. 4/5 of our computers are outside corporate and the users currently have full control over anti-virus and Windows updates (I know this is an issue, one step at a time).

    Read the article

  • is there any way to lock few Windows Registry enteries

    - by Moorage
    I have seen that most of virus , spyware etc changes few registry files which are linked to boot process or which starts when window loads user settings. Is there any way to lock those files which are linked to start the system like explorer.exe , userinit.exe so that virus at least should not be able to stop the system to start up. Why did'nt microsoft put those registry file separately so that nothing can touches them Now my userinit.exe file is affected and its not letting me logn on to computer. I get blank desktop but system loads during safe mode. I have run anti virus bootable cd but still have not found solution

    Read the article

  • Bash Script help required

    - by Sunil J
    I am trying to get this bash script that i found on a forum to work. Copied it to text editor. Saved it as script.sh chmod 700 and tried to run it. rootdir="/usr/share/malware" day=`date +%Y%m%d` url=`echo "wget -qO - http://lists.clean-mx.com/pipermail/viruswatch/$day/thread.html |\ awk '/\[Virus/'|tail -n 1|sed 's:\": :g' |\ awk '{print \"http://lists.clean-mx.com/pipermail/viruswatch/$day/\"$3}'"|sh` filename=`wget -qO - http://lists.clean-mx.com/pipermail/viruswatch/$day/thread.html |\ awk '/\[Virus/'|tail -n 1|sed 's:": :g' |awk '{print $3}'` links -dump $url$filename | awk '/Up/'|grep "TR\|exe" | awk '{print $2,$8,$10,$11,$12"\n"}' > $rootdir/>$filename dirname=`wget -qO - http://lists.clean-mx.com/pipermail/viruswatch/$day/thread.html |\ awk '/\[Virus/'|tail -n 1|sed 's:": :g' |awk '{print $3}'|sed 's:.html::g'` rm -rf $rootdir/$dirname mkdir $rootdir/$dirname cd $rootdir grep "exe$" $filename |awk '{print "wget \""$5"\""}' | sh ls *.exe | xargs md5 >> checksums mv *.exe $dirname rm -r $rootdir/*exe* mv checksums $rootdir/$dirname mv $filename $rootdir/$dirname I get the following message.. script.sh: line 11: /usr/share/malware/: Is a directory script.sh: line 11: links: command not found

    Read the article

  • Missing X-Spam-Status header

    - by Walt Stoneburner
    I recently upgraded to Ubuntu 14.04.1 LTS (trusty) and have followed the directions in https://help.ubuntu.com/14.04/serverguide/mail-filtering.html and am sending and receiving mail just fine. While I do see X-Virus-Scanned headers in my messages, which suggests mail is indeed being processed, I do not see any X-Spam-Level or X-Spam-Score headers being added to messages. This makes downstream procmailrc and client-side filtering ...more difficult. While having $final_spam_destiny = D_DISCARD in /etc/amavis/conf.d/20-debian_defaults does greatly reduce spam to my inbox, I had concerns of false-positives prior to tuning and didn't know were there going, so have set it to D_PASS for the time being. This exposed the problem. I'm not sure where to look to start diagnosing the problem (otherwise I'd post a suspect configuration file). /etc/amavis/conf.d/15-content_filter_mode has the lines uncommented to enable virus and spam checks, and virus checking appears to be working according to the headers. Spam Assassin certainly seems to be starting just fine, too. SpamAssassin debug facilities: info SA info: zoom: able to use 360/360 'body_0' compiled rules (100%) SpamAssassin loaded plugins: AskDNS, AutoLearnThreshold, Bayes, BodyEval, Check, DKIM, DNSEval, FreeMail, HTMLEval, HTTPSMismatch, Hashcash, HeaderEval, ImageInfo, MIMEEval, MIMEHeader, Pyzor, Razor2, RelayEval, ReplaceTags, Rule2XSBody, SPF, SpamCop, URIDNSBL, URIDetail, URIEval, VBounce, WLBLEval, WhiteListSubject SpamControl: init_pre_fork on SpamAssassin done I've also set $log_level = 2; in /etc/amavis/conf.d/50-user and don't see any obvious errors rolling by in the logs. Q: Any recommendations of what to try next? UPDATE (it appears that I have the right setting already): /etc/amavis/conf.d$ grep sa_tag_level_deflt * 20-debian_defaults:# $sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level 20-debian_defaults:$sa_tag_level_deflt = -999; # add spam info headers if at, or above that level

    Read the article

  • General Policies and Procedures for Maintaining the Value of Data Assets

    Here is a general list for policies and procedures regarding maintaining the value of data assets. Data Backup Policies and Procedures Backups are very important when dealing with data because there is always the chance of losing data due to faulty hardware or a user activity. So the need for a strategic backup system should be mandatory for all companies. This being said, in the real world some companies that I have worked for do not really have a good data backup plan. Typically when companies tend to take this kind of approach in data backups usually the data is not really recoverable.  Unfortunately when companies do not regularly test their backup plans they get a false sense of security because they think that they are covered. However, I can tell you from personal and professional experience that a backup plan/system is never fully implemented until it is regularly tested prior to the time when it actually needs to be used. Disaster Recovery Plan Expanding on Backup Policies and Procedures, a company needs to also have a disaster recovery plan in order to protect its data in case of a catastrophic disaster.  Disaster recovery plans typically encompass how to restore all of a company’s data and infrastructure back to a restored operational status.  Most Disaster recovery plans also include time estimates on how long each step of the disaster recovery plan should take to be executed.  It is important to note that disaster recovery plans are never fully implemented until they have been tested just like backup plans. Disaster recovery plans should be tested regularly so that the business can be confident in not losing any or minimal data due to a catastrophic disaster. Firewall Policies and Content Filters One way companies can protect their data is by using a firewall to separate their internal network from the outside. Firewalls allow for enabling or disabling network access as data passes through it by applying various defined restrictions. Furthermore firewalls can also be used to prevent access from the internal network to the outside by these same factors. Common Firewall Restrictions Destination/Sender IP Address Destination/Sender Host Names Domain Names Network Ports Companies can also desire to restrict what their network user’s view on the internet through things like content filters. Content filters allow a company to track what webpages a person has accessed and can also restrict user’s access based on established rules set up in the content filter. This device and/or software can block access to domains or specific URLs based on a few factors. Common Content Filter Criteria Known malicious sites Specific Page Content Page Content Theme  Anti-Virus/Mal-ware Polices Fortunately, most companies utilize antivirus programs on all computers and servers for good reason, virus have been known to do the following: Corrupt/Invalidate Data, Destroy Data, and Steal Data. Anti-Virus applications are a great way to prevent any malicious application from being able to gain access to a company’s data.  However, anti-virus programs must be constantly updated because new viruses are always being created, and the anti-virus vendors need to distribute updates to their applications so that they can catch and remove them. Data Validation Policies and Procedures Data validation is very important to ensure that only accurate information is stored. The existence of invalid data can cause major problems when businesses attempt to use data for knowledge based decisions and for performance reporting. Data Scrubbing Policies and Procedures Data scrubbing is valuable to companies in one of two ways. The first can be used to clean data prior to being analyzed for report generation. The second is that it allows companies to remove things like personally Identifiable information from its data prior to transmit it between multiple environments or if the information is sent to an external location. An example of this can be seen with medical records in regards to HIPPA laws that prohibit the storage of specific personal and medical information. Additionally, I have professionally run in to a scenario where the Canadian government does not allow any Canadian’s personal information to be stored on a server not located in Canada. Encryption Practices The use of encryption is very valuable when a company needs to any personal information. This allows users with the appropriated access levels to view or confirm the existence or accuracy of data within a system by either decrypting the information or encrypting a piece of data and comparing it to the stored version.  Additionally, if for some unforeseen reason the data got in to the wrong hands then they would have to first decrypt the data before they could even be able to read it. Encryption just adds and additional layer of protection around data itself. Standard Normalization Practices The use of standard data normalization practices is very important when dealing with data because it can prevent allot of potential issues by eliminating the potential for unnecessary data duplication. Issues caused by data duplication include excess use of data storage, increased chance for invalidated data, and over use of data processing. Network and Database Security/Access Policies Every company has some form of network/data access policy even if they have none. These policies help secure data from being seen by inappropriate users along with preventing the data from being updated or deleted by users. In addition, without a good security policy there is a large potential for data to be corrupted by unassuming users or even stolen. Data Storage Policies Data storage polices are very important depending on how they are implemented especially when a company is trying to utilize them in conjunction with other policies like Data Backups. I have worked at companies where all network user folders are constantly backed up, and if a user wanted to ensure the existence of a piece of data in the form of a file then they had to store that file in their network folder. Conversely, I have also worked in places where when a user logs on or off of the network there entire user profile is backed up. Training Policies One of the biggest ways to prevent data loss and ensure that data will remain a company asset is through training. The practice of properly train employees on how to work with in systems that access data is crucial when trying to ensure a company’s data will remain an asset. Users need to be trained on how to manipulate a company’s data in order to perform their tasks to reduce the chances of invalidating data.

    Read the article

  • Postfix/ClamAV not stopping viruses under Virtualmin

    - by Josh
    I am using Virtualmin and have it set up to have Postfix scan incoming emails with ClamAV (using clamdscan) and delete any emails which contain a virus. However when I email myself the EICAR test string, it comes through just fine. I know ClamAV will report this file as a virus. How can I troubleshoot this / what could be wrong?

    Read the article

  • How do I prevent mail from my Exchange server from being blocked?

    - by Mike C
    Recently one of our client machines was infected with a virus and I believe was spamming addresses in the user's contact list. Since then our server has been appearing on blacklists and it has been causing our e-mail to be blocked and returned by many clients. The virus has since been cleared, what can I do to get our server off these blacklists so that we will have more reliable e-mail service? Will I have to change my IP address? Thanks, Mike

    Read the article

  • Debugging taking a lot of time?

    - by Surya sasidhar
    hi, yesterday i install visual studio in my system, when i run my application it is taking a lot of time to run my application, i think it is due to virus. can u please tell me which is the best anti-virus in the market present. so that i can run my visual studio easily.

    Read the article

  • IE Behaviors in my system

    - by Dharani
    When i type some Url say www.google.com in IE (installed and tested with IE 6.0/7.0/8.0) at first attempt it does not recognize that URL when i type it second time.It goes to the page. But when i test it in other browsers like firefox ,Chrome without problem it is working. I scanned my system with Norton and Kasper sky,they do not complaint about any virus.I am using Windows XP Service pack 2. Does my system get affected with something say doubleclick virus?

    Read the article

  • is AV software needed for Windows XP Mode on Windows 7?

    - by Wesley
    Hi all, I just got Windows XP Mode on my Windows 7 Professional 64-bit machine. I notice that the Windows XP Security Center notes that I don't have any virus protection. However, I'm running AVG Free on Windows 7. Do I need to have some sort of anti-virus program installed on Windows XP Mode? Thanks in advance.

    Read the article

  • Install Samba 3.0.24 on Ubuntu Server 10.04 from Source

    - by Nilpo
    Has anyone had any luck compiling and installing Samba 3.0.24 on Ubuntu 10.04? I'm trying to set up realtime virus scanning on Samba shares (ClamAV) using the legacy version of Samba as it is the latest release supported by samba-vscan-0.3.6b. I'm no expert at this but I think I have all of the dependencies covered and I'm following the documentation with the source code but I'm getting errors as if there is a problem with the source code. I downloaded the source directly from http://ftp.samba.org/pub/samba/stable/samba-3.0.24.tar.gz After running ./configure and make, I get the following error. Compiling client/mount.cifs.c client/mount.cifs.c: In function ‘main’: client/mount.cifs.c:1068: error: ‘PATH_MAX’ undeclared (first use in this function) client/mount.cifs.c:1068: error: (Each undeclared identifier is reported only once client/mount.cifs.c:1068: error: for each function it appears in.) make: *** [client/mount.cifs.o] Error 1 You can view the full output log here. Can anyone help me get this installed or suggest another means of implementing realtime virus scanning on Samba shares?

    Read the article

  • Ask the Readers: How Do You Set Up a Novice-Proof Computer?

    - by Jason Fitzpatrick
    You’re into technology, you like tweaking and tinkering with computers, and, most importantly, you know how to keep your computer from turning into a virus-laden and fiery wreck. What about the rest of your family and friends? How do you set up a novice-proof computer to keep them secure, updated, and happy? It’s no small task protecting a computer from an inexperienced user, but for the benefit of both the novice and the innocent computer it’s an important undertaking. This week we want to hear all about your tips, tricks, and techniques for configuring the computers of your friends and relatives to save them from themselves (and keep their computer running smoothly in the process). Sound off in the comments with your tricks and check back in on Friday for the What You Said roundup to add see how your fellow readers get the job done. How Hackers Can Disguise Malicious Programs With Fake File Extensions Can Dust Actually Damage My Computer? What To Do If You Get a Virus on Your Computer

    Read the article

< Previous Page | 13 14 15 16 17 18 19 20 21 22 23 24  | Next Page >