Endpoint Encryption

 View Only

  • 1.  Trend Micro OfficeScan Event

    Posted Apr 04, 2012 08:00 AM

    Now on two separate computers, the first yesterday afternoon, and the second this morning, I am intermittently getting blocked urls.

    The symbols "" (UTF-8 stuff) show up on the page.

    Parts of it are as follows: (I replaced the actual url with x's).

     

     

    Trend Micro OfficeScan Event
     
     
     
     
     
      URL Blocked
     
     
     
    The URL that you are attempting to access is a potential security risk. Trend Micro OfficeScan has blocked this URL in keeping with network security policy.
     
    URL: http://www.xxxxx.cfm
     
    Risk Level: High
     
    Details: For more information about this URL or to report it to Trend Micro for reclassification,visit http://reclassify.wrs.trendmicro.com.
     
    		 
     
    		 
     
     
    Trend Micro OfficeScan 10

    Thing is, I have not installed any Trend Micro products on either of these two systems, Following TrendMicro's steps to uninstall, I cannot find TrendMicro in my Startup area, in Program Files (x86), or in HKLM\Software. DLLs that are supposed to exist in System32 are not there. It is also not listed in Programs and Features.

    My virus definitions are up to date. I have run scans using Microsoft Essentials, Microsft Security Scan, malwarebytes freeware, and Symantec and all are clean.

    I am suspicious because:

    1. I have never installed Trend Micro on my machines (that I know of).
    2. Trend Micro does not appear to be in the appropriate places if it was properly installed.
    3. The site blocking is intermittent.

    I have surfed for some info on this and at least as of the moment, I do not see any reports of this product being made available by my ISP and it does not appear to be installed on my system.

    If this is a real TrendMicro product, I do not appreciate them installing it on my machines
    a) without my permission, and
    b) in a way that cannot be un-installed.

    Giving TrendMicro the benefit of the doubt, this has got to be an infection - but why has no one else complained about this yet?

    I would appreciate any clarification available.

    Thanks,
    Bob.



  • 2.  RE: Trend Micro OfficeScan Event

    Posted Apr 04, 2012 09:29 AM

    I have just spoken with a Trend Micro support person who has confirmed that Trend Micro does not surreptitiously install their products, and that indeed, if it was installed on systems, it would require an explicit install, and would show up under HKLM\Software and in Program Files (x86), etc.

    He also confirmed that it is not supplied by ISPs and is not installed on websites to protect against bad pages. He suspects this may be an infection.

    I have given him this link and they will apparently investigate.

    Bob.



  • 3.  RE: Trend Micro OfficeScan Event

    Posted Apr 04, 2012 11:22 AM

    I suggest running some additional scans. Start with the Power Eraser and lets see if anything gets picked up.

    If you have Symantec Endpoint installed, you are entitiled to the SERT utility . This tool is a bootable CD that can scan and remove malware.

     

     



  • 4.  RE: Trend Micro OfficeScan Event

    Posted Apr 04, 2012 12:34 PM

    Thomas,

    Trend Micro had me run their Case Diagnostic Tool which confirmed I do not have any Trend Micro product installed.

    They also did a webex to confirm that there were no entries in HKLM, Program Files (x86), etc. and saw the blocking screens. Although they are apparently quite similar to their product, they are not identical. The UTF-8 characters are apparently not characteristic of the real OfficeScan product.

    In addition, when I tried to look at an email he sent in Outlook 2007, the email titles started to disappear and some text displayed in the email bodies about blocked by trend micro but it was too quick and I closed Outlook immediately.

    I am running Power Eraser now.

    Thanks,
    Bob.