Service Request Ticket - # 40621

Service Request Information

CONTACT Name Dover, Ed   View open tasks   View tasks from last 30 days   Schedule Change Contact Date Dec 07, 2010 12:18 PM
Department Social Science Phone 88264
Location Email dovere@wou.edu Request for more information Send 'Keeping in touch' email Send 'I'm thinking of you' email
SR INFO Type WOU #
Priority Equipment Type
Status Flagged
Description
Computer Edit WOU # 20090928[Edit Inv] (opens in a new window) Bldg/Room OFF PDR
Service Tag Description Dell OptiPlex 960 SFF E8400(3.0GHz, 6M, 1333 FSB)
Serial No. hvjkql1 Location PDR

CPU Intel Core 2 Duo E8400(3.0GHz, 6M, VT,1333MHz FSB)


OS Windows 7 Pro Software WIN 7 Pro (ITC 311 image),Roxio Creator Dell Edition 10.3 and Cyberlink Power DVD 8.3 bundled with PC, MS Office Pro 2010 license

Wired NIC 00:26:B9:8E:57:D7

TECHS Submitted by Kurt San Agustin Contact ksanagustin06@wou.edu 88925
Primary Technician Contact nhigginbotham09@wou.edu 88925

Tracking

Entered by Date Memo
Nathan Higginbotham
Email

Public
Entered by Date Memo
Nathan Higginbotham Dec 14, 2010 09:42 AM 
Status changed from (1) Pending to (5) Completed
 Add Attachment
Nathan Higginbotham Dec 14, 2010 09:42 AM 
removed this fake av.
 Add Attachment
Nathan Higginbotham Dec 10, 2010 09:29 AM 
Left a vm.
 Add Attachment
Nathan Higginbotham Dec 08, 2010 11:21 AM 
Task reassigned to Nathan Higginbotham.
 Add Attachment
Nathan Higginbotham Dec 08, 2010 11:21 AM 
waiting for contact. I left a note on his desk
because his pc was running locked and did not want
to ruin any documents.
 Add Attachment
Gabriel Thrash Dec 08, 2010 09:21 AM 
called and left vmail.
 Add Attachment
Brian Berkley Dec 08, 2010 08:40 AM 
User: NT AUTHORITY\SYSTEM
Scan: 9PM Scan
Machine: SS90928DOVERE

File "C:\Documents and Settings\dovere\Application
Data\virus.exe" belongs to virus/spyware
'Troj/FakeAV-CEK'.

File "C:\Documents and Settings\dovere\Local
Settings\Temp\0.9147505168989415.exe" belongs to
virus/spyware 'Troj/FakeAV-CEK'.

Virus/spyware 'Troj/FakeAV-CEK' was not removed
because of errors.
Add Attachment
Brian Berkley Dec 07, 2010 03:23 PM 
Hello,

Thank you for contacting Sophos Technical Support.

**Please note that this is an automated response.
If you have any questions, require assistance or
clarification on this analysis, please feel free
to reply to this email quoting this case number in
the subject line.**

The file(s) submitted were malicious in nature and
detection will be available on the Sophos Databank
shortly.

    * completescan -- clean
    * install -- clean
    * completescan.zip -- archive file
    * hotfix.exe -- identity created/updated (New
detection Troj/FakeAV-CEK)
    * hotfix.exe -- identity created/updated (New
detection Troj/FakeAV-CEK)
    * jkgbkhjkv.bat -- non-malicious
 Add Attachment
Brian Berkley Dec 07, 2010 03:11 PM 
****This is an email****
Edwin,

I connected to the administrative share of your
system, and did some preliminary investigation and
found some suspicious files I uploaded to our
anti-virus vendor for analysis.
Add Attachment
Brian Berkley Dec 07, 2010 03:10 PM 
Sophos case number: #2580024
 Add Attachment
Brian Berkley Dec 07, 2010 03:03 PM 
I connected to admin share of his c drive, looked
in his application data folder on his profile,
found some suspicious files and uploaded them to
sophos
 Add Attachment
Todor Todorov Dec 07, 2010 01:35 PM 
called and left a VM to see when he is available
 Add Attachment
Kurt San Agustin Dec 07, 2010 12:18 PM 
There was a pop up and he followed it and he
thinks there is a virus on his computer.

computer# 20090928[Edit Inv]
 Add Attachment