One of our machines on our LAN (.160) was infected with a Windows 7 AV 2012 rogue malware app today. Took about an hour to remove this thing.
I've seen it before, I guess it somehow manages to pass through the HTTP/S filters and proxies.
My questions are:
1) Is there a way to isolate the machine (.160) and see logs for all HTTP traffic that went to this.
2) How can I identify the origin of the malware (site most likely that the user visited to download this spyware)
Thanks in advance
I've seen it before, I guess it somehow manages to pass through the HTTP/S filters and proxies.
My questions are:
1) Is there a way to isolate the machine (.160) and see logs for all HTTP traffic that went to this.
2) How can I identify the origin of the malware (site most likely that the user visited to download this spyware)
Thanks in advance