Service Request Ticket - # 72641

Service Request Information

CONTACT Name Visuano, Denise   View open tasks   View tasks from last 30 days   Schedule Change Contact Date Jun 25, 2019 08:31 AM
Department Strategic Communications & Marketing Phone 88349
Location Email visuanod@wou.edu Request for more information Send 'Keeping in touch' email Send 'I'm thinking of you' email
SR INFO Type WOU #
Priority Equipment Type
Status Flagged
Description
Laptop Edit WOU # 20121212[Edit Inv] (opens in a new window) Bldg/Room SSC 217
Service Tag Description Apple MacBook Pro 15inch w/ Retina, 2.4GHz Quad i7
Serial No. C02KV09MFFT0 Location Going to PDR

CPU Intel Core i7(2.4GHz quad, 6MB L3 cache)


OS MAC OS X 10.8 (Mountain Lion) Software MS Office for MAC 2011 from P0090635, Adobe CS6 Design&Web Prem from P0090635

Wireless NIC 28:CF:E9:1A:5F:A9


Bluetooth NIC 28:CF:E9:1A:5F:AA

TECHS Submitted by Brittany Franklin Contact franklinb@wou.edu 89267
Primary Technician Contact rjohnson17@wou.edu 88925

Tracking

Entered by Date Memo
Reggie Johnson
Email

Public
Entered by Date Memo
Reggie Johnson Jul 02, 2019 03:49 PM 
Status changed from (1) Pending to (5) Completed
 Add Attachment
Reggie Johnson Jul 02, 2019 02:01 PM 
Returned laptop to Denise, logged her in, set up her 
printers and added her to admin group. Task completed.
 Add Attachment
Reggie Johnson Jul 02, 2019 10:38 AM 
****This is an outgoing email****
Hi Denise,

I need some additional information regarding service 
request #72641

Description: *6/26 11am*Sophos Persistent PUA/Malware 
Found on W20121212

We have just finished re-imaging your cpu and was 
wondering when a good date and time for a UCS Tech to 
visit your office and deliver this back to you. We will 
need to add you as an admin and add your printers. 

Thanks,

Reggie
UCS Tech
 Add Attachment
Public
Reggie Johnson Jun 28, 2019 03:39 PM 
re-imaging at my desk
Add Attachment
Reggie Johnson Jun 26, 2019 02:46 PM 
****This is an outgoing email****
Hi Denise,

I need some additional information regarding 
service request #72641

Description: *6/26 11am*Sophos Persistent 
PUA/Malware Found on W20121212

When is a good date and time for a UCS Tech to 
visit your office and troubleshoot this issue? The 
machine will need to be re-imaged, so your files 
need to be backed up before the task.

Thanks,

Reggie
 Add Attachment
Public
Reggie Johnson Jun 26, 2019 02:45 PM 
****This is an outgoing email****
Hi Denise,

I need some additional information regarding 
service request #72641

Description: *6/26 11am*Sophos Persistent 
PUA/Malware Found on W20121212

When is a good date and time for a UCS Tech to 
visit your office and troubleshoot this issue? The 
machine will need to be re-imaged, so your files 
need to be backed up before the task.

Thanks,

Reggie
 Add Attachment
Public
Megan Thibeault Jun 25, 2019 08:54 AM 
Task reassigned to Reggie Johnson.
 Add Attachment
Megan Thibeault Jun 25, 2019 08:53 AM 
We are moving Denise this week, please make sure
to communicate having to re image this station.
 Add Attachment
Brittany Franklin Jun 25, 2019 08:31 AM 
Sophos keeps finding and cleaning up this PUA every week, sometimes every few days:
PUA detected: 'Generic PUA OE' at '/private/var/tmp/xSf/xSf' 

I'm concerned because every time this PUA is found, this is also found:
Access has been blocked to 'http://www.qaeqxa.pw/static/s3/exec6625/exec.tgz' as 'Mal∕HTMLGen-A' (malware) has been found at this website.

I think her machine will need to be reimaged, because even Sophos isn't completely getting rid of the PUA that's taking her to a website with malware.
 Add Attachment