Hi everybody.
I think so i have very good experience about Downadup. But today i have a problem. Friday nigth one friend (who work in IT) said he couldn't see symantec endpoint protection in rigth side. (near clock) Now today he start up his comptuer and we taken downadup attacks like this.
Than i taken his Flash Disk Drive and plug in another computer and we found donwnadup and delete.
My OS is Wİndows 7 and all updates installed. Sep is currently update too. i did these steps.
1- disconnect to infected computers to network area
2- take back users domain admins membership and change password (all IT workers too)
3- start full scan in all computers (IT and all company)
Now i have notification there is a 2 files with infected.
My questions is: In the notification window Computer name is my computer name but user name not. This user working IT and he is member of Domain admins.
It means I have a attach from this user in this computer?
Because my another friend taken same window but User name is mine!!!
Whats happend?
Thanks
Fatih