DNS Changer Malware

Posted on May 5, 2012 by Jason

From Chris Drever (networking):

I have blocked outbound traffic to all of the DNS redirector sites listed in the PDF (below) from the FBI. There are users hitting these rules so we have at least a few infected machines on campus. The infected machines will most likely appear to be running slowly because they have to wait for timeouts to the blocked DNS servers before they use a working server. Please check all SLOW machines for DNS servers on the following list:

Rogue DNS Servers
85.255.112.0 through 85.255.127.255
67.210.0.0 through 67.210.15.255
93.188.160.0 through 93.188.167.255
77.67.83.0 through 77.67.83.255
213.109.64.0 through 213.109.79.255
64.28.176.0 through 64.28.191.255

For additional information and removal of this malware, see https://www.plymouth.edu/webapp/calllog/files/180906/01_dns-changer-malware.pdf

If you have any questions, please ask a senior consultant or shift supervisor.

Filed under: ITS HelpDesk News | Leave a Comment »

Accessing Choices

Posted on March 24, 2012 by Jason
  open source video, online video platform, video streaming, video solutions
  1. Choices will only work on Windows computers.  If you are off campus, first log into the VPN
  2. Click on the Start menu, and click on Computer
  3. Click on Map Network Drive (if you don't see this, press the Alt key)
  4. In the Folder field, type in: 
    \\polaris.plymouth.edu\afserv
  5. Check the checkbox for Connect using different credentials, then click Finish
  6. In the window that pops up, type in 
    plymouth\username

    (where username is your myPlymouth username)

  7. Type your myPlymouth password into the Password field, and click OK.
  8. You should see a new drive mapped, called afserv.  Double click on this drive.
  9. You will see a list of folders.  Double click on the CHCT folder
  10. In the new list of folders, double click on the APPS folder
  11. Scroll down the list of files, until you see WCHOICES, and double click on this file
  12. This will open Choices.  It may take several minutes for it to completely open.  Please be patient.
  13. Once Choices is open, select which option you'd like to open.
  14. When you are finished with Choices, click the Exit button.

Filed under: ITS HelpDesk News | Leave a Comment »

Bradford Agent 2.2.5.4

Posted on February 28, 2012 by mcosma

There is a new version of the Bradford agent for PCs: 2.2.5.4. If a computer does not have this version installed, the computer may fail the Bradford computer health check or may get caught in a continuous loop of returning to the Bradford registration page.

If someone calls or visits us about connecting to ResNet or the PSU STUDENT wireless network, find out what version of the Bradford agent the computer is running. A supervisor can push out the latest Bradford agent to the computer if it is connected to either of these networks. The Bradford registration page should now download 2.2.5.4 to the computer even if it has an older version already installed, and the new version should get the computer out the continuous Bradford registration  loop.

Filed under: ITS HelpDesk News | Leave a Comment »

McAfee Security Center & Bradford

Posted on August 31, 2011 by Jason

We have found that the McAfee Security Center's firewall blocks Bradford from communicating successfully on our network.

Symptoms include:

  • Not getting the prompt to sign in to Bradford.
  • Prompting for the Bradford registration page, even though Bradford is successfully installed.
  • Restarting Bradford service does not prompt to sign into Bradford.

Operating Systems Affect Include:

  • Windows Vista
  • Windows 7

Resolutions include:

  • Disabling McAfee Firewall:
  1. Open McAfee Security Center (see image at left).
  2. Click on Firewall.
  3. Click on Turn Off
  4. Select Never from the dropdown menu (when do you want to resume firewall)
  5. Click on Done
  6. Click on Dismiss
  7. Bradford login window should pop up momentarily
    • Uninstalling McAfee Security Center:
    1. Completely uninstalling McAfee Security Center is only recommended if the subscription to McAfee is expired or is close to expiring.  ALWAYS CHECK WITH THE CUSTOMER BEFORE UNINSTALLING A PAID-FOR SUBSCRIPTION-BASED ANTIVIRUS PROGRAM!
    2. Run the MCPR.exe file from the flash drives or CDs (located in the AV Removal folder).  Be patient while it runs.  If prompted to restart, please do so.
    3. Install a free antivirus program (located in Free AV folder).

    If you have any questions or need clarification, please ask a senior consultant or shift supervisor.  They will be happy to answer any questions you may have.

    Filed under: ITS HelpDesk News | Leave a Comment »

    McAfee Antivirus: False positive detection of w32/wecorl.a in 5958 DAT

    Posted on April 22, 2010 by mcosma

    The Help Desk now has a tool from McAfee to fix Windows XP computers damaged by one of McAfee’s own definition updates. Please read the excerpt below from McAfee’s website, knowledge base article KB68780. The McAfee fixing tool is available on CDs at the Help Desk and from the link in the article excerpt below.

    You may have to bring up a command prompt window and then type in a command top stop windows from shutting down.
    As soon as Windows gets to the desktop, and while the "countdown to shutdown window" is up, do this:

    1) Go to the Start menu
    2) Select Run
    3) Type in cmd
    4) On the command line, type shutdown /a

    The shutdown window should then disappear. Now follow the steps below.

    From: https://kc.mcafee.com/corporate/index?page=content&id=KB68780

    “Solution 1
    McAfee has developed a SuperDAT remediation Tool to restore the svchost.exe file on affected systems.

    What does the SuperDAT Remediation Tool Do?

    The tool suppresses the driver causing the false positive by applying an Extra.dat file in c:\program files\commonfiles\mcafee\engine folder. It then restores the svchost.exe by looking first in %SYSTEM_DIR%\dllcache\svchost.exe. If not present, it attempts a restore from the following:

    • %WINDOWS%\servicepackfiles\i386\svchost.exe
    • Quarantine.

    After the tool has been run, restart your computer.

    Recommended recovery SuperDAT procedure:

    1. From a computer that has Internet access, locate and download the Recovery SuperDAT at http://download.nai.com/products/mcafee-avert/tools/SDAT5958_EM.exe and save it to portable media.
    2. Take the portable media to each affected computer and run the tool.

    NOTE: If you are not able to run the tool on the affected computer, (re)start your computer in Safe Mode.
    For instructions on starting in Safe Mode, see http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx?mfr=true

    3. Run the Recovery SuperDAT tool.
    4. Restart in normal mode.
    5. Use the product update to update to DAT 5959.”

    Filed under: ITS HelpDesk News | Leave a Comment »

    Phishing license REVOKED!

    Posted on March 16, 2010 by jguilmet

    Woot! James and Ted have come up with a very cool Zimlet (Zimbra tool) which presents the pop up box if someone attempts to reply to a message which contains the following character sequence

    Username:
    Password:

    Zimlet

    It only works if the user is sending / receiving mail in Zimbra mail, but it is a start! Kudos to James and Ted!

    Filed under: ITS HelpDesk News | Tagged: , | Leave a Comment »

    How to add the PDF Printer

    Posted on August 4, 2009 by mcosma

    (This was sent as a PDF to all library staff today)

    How to add the PDF Printer to your computer

    A document sent to the PDF Printer on the network will arrive in your email as an Adobe Acrobat Portable Document. To add it to your list of printers:

    1) Select the Start button at the lower left of the screen in Windows Vista and XP.

    2) In the “Start Search” box, type this: \\printers\pdfmakerclr. On some computers, you may also have to select “Run” which is on the lower right side of the menu to get a box to type into.

    pdfmakerclr typedin

    3) Select the Enter key. A small window should appear saying that your computer is looking for pdfmakerclr. Then a window for pdfmakerclr’s print queue will appear. You can close this window.

    4) When you choose to print a document, you should now see “pdfmakerclr” on printers as one of the available printers.

    pdfmakerclr on printers02

    5) After you select Ok in the print window, pdf-system@mail.plymouth.edu will send an email with the subject line “The PDF you created.” to your inbox with the PDF attached.

    If you do not see this email, Outlook may have sent it to your email’s Junk folder. If it is in the Junk folder, right click on the message and select “Mark not as Junk.” It will then go into your inbox.

    Outlook may ask you if you want to add pdf-system@mail.plymouth.edu to your email’s list of safe senders; if it does, choose OK.

    If you have any questions about adding the PDF Printer, please call the Help Desk at 52929.

    Filed under: ITS HelpDesk News | Leave a Comment »

    MyPlymouth Login Error Codes

    Posted on July 29, 2009 by Justin

    The error codes that a user sees when they fail to login at connect.plymouth.edu are built up as various tests are performed against the users' login credentials. What this means is that a certain digit in the error code always means the same thing. For example, the 6 in code 16 has the same meaning as the 6 in code 67.

    1. Supplied username was not a known email address (primary or alternate email)
    2. Supplied username was not a known email address, or PSU username (replaces #1 in the error code)
    3. Username looks like it might be a PSU username.
    4. Username looked like a PSU username, but username/password did not authenticate against AD (replaces #3).
    5. Username could not be matched to any user.
    6. "wp_authenticate_user" filters passed successfully
    7. User will be treated as an applicant

    Common Examples:

    • 16 = incorrect password for this known username
    • 6 = incorrect password for this known email address
    • 25 = supplied email is not a known address (not attached to any user)
    • 245 = username doesn't match an existing WP account, and the password did not match in AD
    • 67 = applicant password was incorrect

    Filed under: ITS HelpDesk News | Leave a Comment »

    Student Anti-virus change

    Posted on June 12, 2009 by jguilmet

    PSU has decided not to renew its MacAfee license for new students and will be switching all PSU owned faculty and staff computers over to Avira in the up-coming weeks.

    In order to support the students out there who already have a copy of the PSU version of MacAfee, we will maintain about 2000 licenses for the next 2 years.  However effective immediately, we ask that you no longer “hand out” or  help install MacAfee antivirus on students or faculty/staff personal machines.    There is a list of Bradford supported AVs on the Infotech webpage, and students are free to use any of these AVs on their computer in order to connect to the network.  Some are free — some are not.  Keep in mind however, they will still be be required to keep the definitions up-to-date – and we still want to help students make sure the AV settings are doing automatic scans every couple of days.

    The supervisors have done some initial testing and research on most the AVs on the Bradford approved list.  This work is continuing, however in the call center, you will find a copy of the information you may hand out if someone asks questions about which free AV you might suggest.

    If you have any questions, please consult with a supervisor.

    Filed under: ITS HelpDesk News | Leave a Comment »

    Next Page »