Risk name: Adware.Lop
Event time: 2009-07-10 19:21:14 GMT
Database insert time: 2009-07-10 19:24:20 GMT
User: Denise.xxxxxxx
Computer: VR093240VT6H570
IP Address: 10.252.xx.xx
Domain: IVRS-SEP1
Server: VRDSMSEP2
Client Group: My Company\Client Computers\Desktop Action taken on risk: Access denied
----------------------------------------------------------
Action: Block
Test mode: No
Windows domain: VRNTDOM1
User Denise.xxxxxxx
Server name: VRDSMSEP2
Group name: My Company\Client Computers\Desktop
Computer Name
Current: VR093240VT6H570
When event occurred: VR093240VT6H570
Event type: Tamper Protection
Event time: 07/10/2009 14:20:42
Severity: Minor
Begin time: 07/10/2009 14:20:42
End time: 07/10/2009 14:20:42
Rule name:
Alert: Yes
Send SNMP trap:
Caller Process ID: 1444
Caller Process Name: C:/Documents and Settings/Denise.xxxxxxx/Local Settings/Temp/awxremocns.tmp
Target: C:/Program Files/Common Files/Symantec Shared/ccApp.exe
User name: Denise.xxxxxxx
Description: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
It really hammered hard on that PC, and was hammering hard on SEP.
Yes, it got in, and totally whomped SEP, the computer won't stay running, keeps shutting down, and while it's up I can barely tell that in their profile, there's dozens of EXE files from the above date and time. SEP ws trying, but lost the war. The screen was filled with TMP and EXE files from 14:20 to 14:33 hours.
Kind of unreal for reading in the Symantec technical details that this is from 2003! Not even new technology for a bug.
Wow. a 6 year old whomped it.