Service Request Ticket - # 38809

Service Request Information

CONTACT Name Jacobs, Mary   View open tasks   View tasks from last 30 days   Schedule Change Contact Date Aug 13, 2010 02:02 PM
Department Business Services Phone 88383
Location Email jacobsm@wou.edu Request for more information Send 'Keeping in touch' email Send 'I'm thinking of you' email
SR INFO Type WOU #
Priority Equipment Type
Status Flagged
Description
Computer Edit WOU # 20091120[Edit Inv] (opens in a new window) Bldg/Room OFF PDR
Service Tag HW4ZRL1 Description Dell OptiPlex 960 SFF E8400(3.0GHz, 6M, 1333 FSB)
Serial No. HW4ZRl1 Location PDR

CPU Intel Core 2 Duo E8400(3.0GHz, 6M, VT,1333MHz FSB)


OS Windows 7 Pro Software WIN 7 Pro, Roxio Creator Dell Edition 10.3 and Cyberlink Power DVD 8.3 bundled with PC, MS Office Pro Plus 2010 license downgraded to 2007 from P0074957

Wired NIC B8:AC:6F:7D:03:A8

TECHS Submitted by Joshua Johnson Contact jjohnson09@wou.edu 88925
Primary Technician Contact nhigginbotham09@wou.edu 88925

Tracking

Entered by Date Memo
Nathan Higginbotham
Email

Public
Entered by Date Memo
Nathan Higginbotham Aug 13, 2010 03:28 PM 
Status changed from (1) Pending to (5) Completed
 Add Attachment
Nathan Higginbotham Aug 13, 2010 03:28 PM 
Task reassigned to Nathan Higginbotham.
 Add Attachment
Nathan Higginbotham Aug 13, 2010 03:28 PM 
Could not find any issue with this machine. Told
her to call back if there was an issue.
 Add Attachment
Brian Berkley Aug 13, 2010 02:06 PM 
Computer name: BO91120jacobsm

MAC Address: b8:ac:6f:7d:03:a8

IP Address: 140.211.117.132


b8:ac:6f:7d:03:a8 (BO91120jacobsm)

Dave-





=======================
Start of report: "BOTS"

A 'bot' is a hostile program, running in the
background,
that allows an attacker to control the infected host.
There are a number of different types of bots,
including,
but not limited to, Korgo, Spybot, and Optix.  The
information in this report is based on the logs of
proxy detectors within several IRC networks.  When
available, the TCP source port used by the malware
to connect to the IRC server is provided.

------------------------------------------------------------------------------------------------
       IP Address |        Time last seen |      
     Type | Add. info
------------------------------------------------------------------------------------------------
  140.211.117.132 |  2010-Aug-12 21:54:08 |      
     BOTS | srcport 33540 mwtype Mebroot destaddr
91.20.192.212
  140.211.117.132 |  2010-Aug-12 21:54:26 |      
     BOTS | srcport 33542 mwtype Mebroot destaddr
91.20.192.212
  140.211.117.132 |  2010-Aug-12 21:54:39 |      
     BOTS | srcport 33543 mwtype Torpig destaddr
91.20.192.212
  140.211.117.132 |  2010-Aug-12 21:55:13 |      
     BOTS | srcport 33544 mwtype Torpig destaddr
91.20.192.212
  140.211.117.132 |  2010-Aug-12 22:04:30 |      
     BOTS | srcport 33551 mwtype Mebroot destaddr
91.20.192.212
  140.211.117.132 |  2010-Aug-12 22:14:39 |      
     BOTS | srcport 33552 mwtype Mebroot destaddr
91.20.192.212
  140.211.117.132 |  2010-Aug-12 22:24:48 |      
     BOTS | srcport 33555 mwtype Mebroot destaddr
91.20.192.212
  140.211.117.132 |  2010-Aug-12 22:34:57 |      
     BOTS | srcport 33558 mwtype Mebroot destaddr
91.20.192.212
------------------------------------------------------------------------------------------------
Add Attachment
Joshua Johnson Aug 13, 2010 02:02 PM 
the computer is frozen and is making a weird
noise. she has shut down the computer and this has
not fixed the issue. She had to hold the power
button to get it to shut down. She is not able to
do her work.

She is in the mail room at the physical plant 

88383
 Add Attachment