Going to be in full investigation mode today. One of the PC’s here at work, when visiting some website, got 3 different Symantec warnings about Trojan.Trunlow:
The virus warnings said “Access Denied”
But at the same time stamp, Symantec was shutdown, and some of the password stealer .exe’s listed on that page showed up in C:/WINNT/. On the other hand, none of the registry settings were made, and there’s no evidence that it tried to actually send out any information, that I’ve found yet. The IE patch was installed, so in theory, between that being patched and Symantec catching the VBS trojan, none of it should have been allowed to run, but it was.
I suppose it’s time to go ask some questions of the user. I’m sure that won’t provide any real answers. 🙂
Follow these topics: Uncategorized