Endpoint Protection

I have a user who works out of Charleston South Carolina. SEP found malicious entries on her PC, I went in and cleaned up as much as I could, but here is the twist, SEP is ALSO finding suspicious activity from her account on PC's she's never been on, and sites she's never been to. It has found malicious attached to a machine in New York and it has found suspicious entries attached to her name in a PC in Toronto. When I checked these PC's NEITHER of them had her listed under the user profile her machine was infected and cleaned, but her profile sporadically appears on differnt PC's that she's never been on.

Any idea on this?

It finds Trojan. ZBot and Trojan.Fake AV

Is SEP cleaning them up?

Yes, it shows in "Cleaned/Blocked"

I would change her password immediately, does she have any type of admin rights at all?

She had admin rights which I took away. I also have asked her to change her password.

Thank you.

This was key...see how it plays out now..

Going to do this on a larger scale now.

THX again!!!

enjoy!

Now she gets something about prenb.dll.

Hmmmmm, I think that is the garbage file...

You can submit it or scan it at https://www.virustotal.com

I deleted the entry from the registry and there was another suspicuous entry, mapv.dll or something like it. Can't remember exactly

looks like it left some easter eggs behind for you to clean.

of course it would. Had to keep me busy :-)

because you have nothing else to do right