Service Request Ticket - # 42167

Service Request Information

CONTACT Name Beaver, Scott   View open tasks   View tasks from last 30 days   Schedule Change Contact Date Apr 04, 2011 09:02 AM
Department Natural Science Division Phone 88205
Location Email beavers@wou.edu Request for more information Send 'Keeping in touch' email Send 'I'm thinking of you' email
SR INFO Type WOU #
Priority Equipment Type
Status Flagged
Description
Computer Edit WOU # 20091341[Edit Inv] (opens in a new window) Bldg/Room UNK unknown
Service Tag 5361KM1 Description Dell OptiPlex 960 SFF E8400(3.0GHz, 6M, 1333 FSB)
Serial No. 5361KM1 Location pdr tech pile

CPU Intel Core 2 Duo E8400(3.0GHz, 6M, VT,1333MHz FSB)


OS Windows 7 Pro Software MS Office Pro Plus 2007 license from P0074819,

Wired NIC B8:AC:6F:83:F6:3B

TECHS Submitted by Brian Berkley Contact bberkley@wou.edu 88955
Primary Technician Contact nhigginbotham09@wou.edu 88925

Tracking

Entered by Date Memo
Nathan Higginbotham
Email

Public
Entered by Date Memo
Brian Berkley Apr 04, 2011 03:07 PM 
Task reassigned to Nathan Higginbotham.
 Add Attachment
Brian Berkley Apr 04, 2011 03:07 PM 
Status changed from (1) Pending to (5) Completed
 Add Attachment
Nathan Higginbotham Apr 04, 2011 12:58 PM 
This is ready to go.
 Add Attachment
Robert Balsley Apr 04, 2011 10:55 AM 
Task reassigned to UCS Tech.
 Add Attachment
Robert Balsley Apr 04, 2011 10:55 AM 
Work Performed
-	Analyzed Scott¿s machine and verified that there
was a virus.
-	Took Scott¿s machine to the UCS lab for remediation.
-	Scanned the computer for viruses and malware.
-	Found some viruses on the system and attempted
to clean them.
-	System is still unstable.
-	Virus scanning is continuing.

Current Status:
-	The computer is continuing to be scanned for
viruses.

Next Steps:
Continue remediating the system issues.
Add Attachment
Brian Berkley Apr 04, 2011 09:33 AM 
Task reassigned to Robert Balsley.
 Add Attachment
Brian Berkley Apr 04, 2011 09:02 AM 
Process
"c:\WINDOWS\system32\null0.46019015159144616.exe"
exhibiting suspicious behavior pattern
'HIPS/RegMod-009'. 
	Access denied. 
	If you are unsure whether the application can be
authorized, please send a sample to Sophos.

Process
"c:\WINDOWS\system32\null0.46019015159144616.exe"
exhibiting suspicious behavior pattern
'HIPS/RegMod-009'. 
	Access denied. 
	If you are unsure whether the application can be
authorized, please send a sample to Sophos.


Virus/spyware 'Troj/TdlMbr-A' has been detected in
"\\.\PHYSICAL:0080:0000:0000:0001".

File "C:\Documents and Settings\beavers\Local
Settings\Temp\newcmosrax.tmp" belongs to
virus/spyware 'Mal/FakeAV-IV'.

Virus/spyware 'Troj/TDL3Mem-B' has been detected
in "C:\WINDOWS\system32\ntdll.dll:pid:000004c8".

Virus/spyware 'Troj/TDL3Mem-B' has been detected
in "C:\WINDOWS\system32\ntdll.dll:pid:000008a0".

Virus/spyware 'Troj/TDL3Mem-B' has been detected
in "C:\WINDOWS\system32\ntdll.dll:pid:00000f40".

Virus/spyware 'Troj/TdlMbr-A' has been detected in
"\\.\PHYSICAL:0080:0000:0000:0001".

File "C:\WINDOWS\Temp\a17e3aAA.sys" belongs to
virus/spyware 'Troj/TDL3-E'.

File "C:\WINDOWS\Temp\a17e3aAA.sys" belongs to
virus/spyware 'Troj/TDL3-E'.
Add Attachment