Service Request Ticket - # 42689

Service Request Information

CONTACT Name Silver, Mike   View open tasks   View tasks from last 30 days   Schedule Change Contact Date May 10, 2011 10:06 AM
Department Campus Public Safety Phone 88481
Location Email silverm@wou.edu Request for more information Send 'Keeping in touch' email Send 'I'm thinking of you' email
SR INFO Type WOU #
Priority Equipment Type
Status Flagged
Description
Computer Edit WOU # 20091017[Edit Inv] (opens in a new window) Bldg/Room ITC 007
Service Tag 4VD9RL1 Description Dell OptiPlex 960 SFF E8400(3.0GHz, 6M, 1333 FSB)
Serial No. 4VD9RL1 Location was Public Safety Officer Station - west wall

CPU Intel Core 2 Duo E8400(3.0GHz, 6M, VT,1333MHz FSB)


OS Windows XP Pro Software WIN 7 Pro downgraded to WIN XP Pro,Roxio Creator Dell Edition 10.3 and Cyberlink Power DVD 8.3 bundled with PC, MS Office Pro Plus 2007 license from P0074819

Wired NIC B8:AC:6F:7D:2F:C7

TECHS Submitted by Karisa Mueller Contact kmueller08@wou.edu 88925
Primary Technician Contact nhigginbotham09@wou.edu 88925

Tracking

Entered by Date Memo
Nathan Higginbotham
Email

Public
Entered by Date Memo
Nathan Higginbotham May 11, 2011 01:35 PM 
Task reassigned to Nathan Higginbotham.
 Add Attachment
Nathan Higginbotham May 11, 2011 01:35 PM 
Status changed from (1) Pending to (5) Completed
 Add Attachment
Nathan Higginbotham May 11, 2011 01:35 PM 
Ran Malwarebytes and removed the threats. He was
able to use the computer now.
 Add Attachment
Tyler Bell May 11, 2011 12:50 PM 
What's the status on this one? were the viruses
removed?
 Add Attachment
Robert Balsley May 11, 2011 11:04 AM 
Task reassigned to UCS Tech.
 Add Attachment
Robert Balsley May 11, 2011 09:02 AM 
Task reassigned to Robert Balsley.
 Add Attachment
Brian Berkley May 10, 2011 03:58 PM 
Whatever I pulled off the system today was
previously undetected by the major antivirus
vendors, now Sophos has created a new identity for it.

I would strongly suggest familiarizing yourself
with this video, and be extraordinarily cautious
when doing google searches.
http://www.youtube.com/watch?v=1v8Lsd6t4Ww&feature=related

If a popup happens that looks like "My Computer"
and says you have malware, do you want to scan it,
just close it.  Clicking the remove button infects
your computer with malware.
Add Attachment
Brian Berkley May 10, 2011 03:52 PM 
    * hhs.exe -- identity created/updated (New
detection Troj/FakeAV-DPH)
    * gth.exe -- identity created/updated (New
detection Troj/FakeAV-DPH)
    * d64v714506ea2214yse2qo8c5an6nh~ -- non-malicious
    * _DF5B23.tmp -- non-malicious
    * _DFAB5A.tmp -- non-malicious
    * d64v714506ea2214yse2qo8c5an6nhhl6 --
non-malicious
    * jar_cache9053231799968013269.tmp -- identity
created/updated (New detection Troj/FakeAV-DPH)
 Add Attachment
Brian Berkley May 10, 2011 10:37 AM 
Sophos case number: 2790794
 Add Attachment
Brian Berkley May 10, 2011 10:36 AM 
uploaded some suspicious files to sophos from this
system, they were under trevor jackson's profile
 Add Attachment
Karisa Mueller May 10, 2011 10:14 AM 
Priority changed from (2) High Priority to (1) Highest Priority.
 Add Attachment
Karisa Mueller May 10, 2011 10:14 AM 
This computer is W#20091017[Edit Inv].  Nancy just called
back and said that officer Jackson just got a
Trojan virus on this computer.  These other issues
that Officer Silver is having still need to be
addressed, but I'm changing the task to reflect
the virus.
 Add Attachment
Karisa Mueller May 10, 2011 10:06 AM 
He receives an error message when trying to access
Word, and also attempting to play Flash videos. 
They would like admin rights on both computer in
the Squad Room.  This is for the computer on the
West wall.
Add Attachment