Endpoint Protection

 View Only

  • 1.  Virus or BOT infection

    Posted Jul 23, 2007 11:12 AM
    Anyone seen a log file in c:\windows\temp called whipfilt.date.log?
     
    The log is accessing dll's. And then every hour it tries to execute files on c:\windows\temp\some random folder.
    Most register a failure; though some do register completed.
     
    Antivirus has never picked it up before, and the logs date back to March 2007.
     
    Antivirus just started picking up Spyware.Winspy and it keeps finding, and quarantining more. So far in Temp Internet files.
     
    Trying to get a handle on this before it becomes a show stopper.
     
    Thank you,
     
    GregD


  • 2.  RE: Virus or BOT infection

    Posted Jul 23, 2007 12:14 PM
    Consider also changing a setting in Internet Explorer:
    Tools / Advanced / (scroll to bottom) /

    Check the "Empty Temporary Internet Files folder when browser is closed".

    Definitely NOT a complete answer; should help reduce vulnerable footprint.


  • 3.  RE: Virus or BOT infection

    Posted Jul 26, 2007 11:04 AM
    Hmmm...
     
    Seems to be related to the Antivirus scan. During a full scan all sorts of temp files are written. Maybe a familiar naming scheme for the logs would be appropriate so folks don't mistake the nonsense names for malicious activity. Or is that related to how IE uses random names for the temp internet folders, so hackers don't have a known folder to hook into?