Error - template LAYOUT-DATA-WRAPPER not found

A configuration error was detected in the CGI script; the LAYOUT-DATA-WRAPPER template could not be found.

Error - template STYLE-SHEET not found

A configuration error was detected in the CGI script; the STYLE-SHEET template could not be found.

Error - template SUB-TOP-BANNER not found

A configuration error was detected in the CGI script; the SUB-TOP-BANNER template could not be found.
Subject:
Re: Virus could intrude Deep Freeze?
From:
Peter Ekkerman <[log in to unmask]>
Reply To:
PCSOFT - Personal Computer software discussion list <[log in to unmask]>
Date:
Sat, 29 Nov 2008 00:00:04 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (60 lines) 
Hi Frederick,

I know I'm a bit late for the "party";), but I'm not sure if you have contacted 
Faronics - the company that publishes DeepFreeze. 
http://www.faronics.com/html/deepfreeze.asp

According to the website,the operating system is 100% recoverable.
http://www.faronics.com/html/DFFeatures.asp

So,maybe you could contact support http://www.faronics.com/html/support.asp
Surely the school must have some kind of agreement with Faronics
It might also be important for the company to know that DeepFreeze might be 
susceptible to corruption.
Mind you, the corruption might come from the inside - meaning a clever -albeit 
malicious student?

For what it's worth, there is an extensive analysis on the malware you're describing:

http://www.malwareanalysis.org/10556404df39b6a51cf42f46b071c655-mh-exe-t98.html
It gives a lot of info regarding locations of the malware.

Hope this helps.

Peter E.



-------- Original Message  --------
Subject: [PCSOFT] Virus could intrude Deep Freeze?
From: Frederick Navarro <[log in to unmask]>
To: [log in to unmask]
Date: 22-Nov-2008 8:31:27 AM

I don't know what happened.  But several PCs in our school are infected by
hbkernel virus, and the thing here is all of the computers were running with
deep freeze for more than 2 years without any problems, and never had
they've been THAWED.  It is really a nuisance because the virus eats up the
CPU usage causing others to hang up (ms-office applications, etc) and even
changing an ip address takes up to 5 minutes (which means the system is
really very busy).  Has anybody experienced this?

I could say that it's hbkernel.sys, because I saw it under the Run entry for
HKLM->Software->Microsoft->Windows->CurrentVersion->Run and doing some
research about the virus some websites say that it is some malware or
spyware type.

We even tried setting the computers in THAWED mode with out network
connectivity (to ensure no external connection) and removed the entry from
the registry and used ComboFix and SuperAnti Spyware to scan the whole
drive.  But sad to say, after rebooting and setting it back again to FREEZE
mode, the entry came back in the registry.

                          PCSOFT's List Owner's:
                       Bob Wright<[log in to unmask]>
                         Mark Rode<[log in to unmask]>

                         PCSOFT's List Owner's:
                      Bob Wright<[log in to unmask]>
                        Mark Rode<[log in to unmask]>

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG Secured by F-Secure Anti-Virus CataList Email List Search Powered by LISTSERV