Service Request Ticket - # 42524

Service Request Information

CONTACT Name Schaumburg, Ashley   View open tasks   View tasks from last 30 days   Schedule Change Contact Date Apr 27, 2011 01:14 PM
Department Business Services Phone 88361
Location Email schaumburga@wou.edu Request for more information Send 'Keeping in touch' email Send 'I'm thinking of you' email
SR INFO Type WOU #
Priority Equipment Type
Status Flagged
Description
Computer Edit WOU # 20080859[Edit Inv] (opens in a new window) Bldg/Room OFF PDR
Service Tag Description Dell OptiPlex 755, 3.0GHz, 6M, VT, 1333MHz FSB
Serial No. FZ2RLJ1 Location PDR

CPU Intel Core 2 Duo E8400(3.0GHz, 6M, VT,1333MHz FSB)


OS Unknown Software Windows Vista downgraded to WIN XP PRo SP2, MS Office Pro Plus 2007 from P0069666 installed as Office Pro 2003, Adobe Dreamweaver CS4 for WIN from P0072267

Wired NIC 00:21:70:58:81:87

TECHS Submitted by Nicole Crane Contact ncrane10@wou.edu 88010
Primary Technician Contact tbell09@wou.edu 88925

Tracking

Entered by Date Memo
Tyler Bell
Email

Public
Entered by Date Memo
Tyler Bell Apr 27, 2011 04:18 PM 
Status changed from (1) Pending to (5) Completed
 Add Attachment
Tyler Bell Apr 27, 2011 04:18 PM 
Task reassigned to Tyler Bell.
 Add Attachment
Brian Berkley Apr 27, 2011 01:41 PM 
The file(s) submitted were malicious in nature and
detection will be available on the Sophos Databank
shortly.

    * kxs.exe -- identity created/updated (New
detection Troj/FakeAV-DLF)
    * wby.exe -- identity created/updated (New
detection Troj/FakeAV-DLF)
 Add Attachment
Brian Berkley Apr 27, 2011 01:26 PM 
Uploaded files from her system to sophos.

Case #2777687
 Add Attachment
Brian Berkley Apr 27, 2011 01:16 PM 
Priority changed from (2) High Priority to (1) Highest Priority.
 Add Attachment
Brian Berkley Apr 27, 2011 01:16 PM 
ser: MASH\jacksona
Machine: CP80859JACKSONA

Process
"\\homej.wou.edu\jacksona\jacksona\downloads\bestantivirus2011(2).exe"
exhibiting suspicious behavior pattern
'HIPS/RegMod-008'. 
	Access denied. 
	If you are unsure whether the application can be
authorized, please send a sample to Sophos.

Process
"\\homej.wou.edu\jacksona\jacksona\downloads\bestantivirus2011(2).exe"
exhibiting suspicious behavior pattern
'HIPS/RegMod-008'. 
	Access denied. 
	If you are unsure whether the application can be
authorized, please send a sample to Sophos.

Process
"\\homej.wou.edu\jacksona\jacksona\downloads\bestantivirus2011(2).exe"
exhibiting suspicious behavior pattern
'HIPS/RegMod-008'. 
	Access denied. 
	If you are unsure whether the application can be
authorized, please send a sample to Sophos.

Process
"\\homej.wou.edu\jacksona\jacksona\downloads\bestantivirus2011(2).exe"
exhibiting suspicious behavior pattern
'HIPS/RegMod-008'. 
	Access denied. 
	If you are unsure whether the application can be
authorized, please send a sample to Sophos.
Add Attachment
Nicole Crane Apr 27, 2011 01:14 PM 
She had a pop up saying that she had viruses on 
her computer and that you need to buy this anti 
virus to continue. And now it is blocking her 
from getting online. 
She has tried to use firefox and I.e. but both do 
the same thing.
Add Attachment