Slaying Zepto cryptolocker on company domain 
Thanks for the help getting started Scott and Mike!!
Anyone want the source files? I'm going to send them to virustotal in a little bit
Just a Trojan, must dl the crypto
Contents of zip
https://www.virustotal.com/en/file/918b994c7f573d458e47ba35811f2eae104e64de8eb4affffe5124ca1f8cbf8b/analysis/
@wirestyle22 yea i love it when i can get into a geeky technical conversation. They are so few and far between
I know it has been a while since I last updated, but we finally came to a resolution a few weeks ago and I haven't had a chance to update yet.
And....... it completely disappeared without a trace. haha well that is typically my luck so I wasn't too surprised.
We were able to walk around with the equipment and a laptop across the entire property, and believe we did identify the cause as our next door neighbors. They are a medical facility with some MRIs, so maybe their equipment was failing and they replaced a part.
One piece of additional information, I was able to have some really good conversations with their tech support and learned that they do have internal filters for 60Hz so that explains the absence of a 60Hz signal. I appreciate all the help from everyone on this forum. It was my beacon of light in a sea of confusing data.
Hope you guys are having a good April 1st. Don't trust everything you read
In Texas and from Memphis, so..... BBQ! Had some Big Beef Ribs for lunch (Thursday Special - $9.99 w/ 2 sides). They are great ribs and are pasture raised, no hormones, etc, etc
@Kelly I had tried the OWA App. Ill give Outlook a shot. Thanks!
@thecreativeone91 Thanks I will try it out
@MattSpeller Thanks. I will give it a try
@thwr said in What did you have for lunch or dinner today?:
@Brains said in What did you have for lunch or dinner today?:
@thwr said in What did you have for lunch or dinner today?:
@Brains said in What did you have for lunch or dinner today?:
In Texas and from Memphis, so..... BBQ! Had some Big Beef Ribs for lunch (Thursday Special - $9.99 w/ 2 sides). They are great ribs and are pasture raised, no hormones, etc, etc
Sounds great, just sad you had to mention that hormone thing
sad as in none of our beef should be pushed full of drugs with side effects?
Yepp. And like "it
iswas forbidden here"
BUT MUH PROFITZ!!!!!
so we have 3 servers this is affecting. Boot time is 25 minutes for server 1, and 45 minutes for server 2 & 3. Server 2 & 3 have taken up to 2 hours to boot at times. The server is hanging on the Windows Loading screen (Circling dots).
I was able to troubleshoot it this weekend, and have narrowed down the problem to hardware configuration. We have RAIDs on all 3 of these servers, and have 1 additional storage drive on the same controller that is not part of any RAID. If I unplug this drive from the board, the boot time reduces to 2-3 minutes. Once you plug the extra drive back in, the boot time spikes back to 45 minutes.
Why would having an additional HDD connected to the onboard SATA controller cause this? Does anyone have any troubleshooting tips?
Server Motherboards
Sata Controller / Chipsets
First IT job is hazy, ive been fixing computers since I was 13. I guess my first major one was working for Solectron Global Services (Bought By Flextronics). Started off as Sony Laptop Warranty Repair, moved to "Recovery" department due to my 1337 DOS skills haha. I did a lot there, learned how to repair lcd panels (clean room), performed BGA tap testing on motherboards, parts testing and inspection, and resoldering some parts. Promoted to TL and built up the Sony Recovery department, organization, and SOPs.
@dafyre Unfortunately there is only 1 SATA Controller on the Tyan boards. The other board has its own onboard controller that could be used, but the LSI is wired to the backplane that the HDDs are slid into, so I would have to do some rewiring. Which is possible, but I will need to figure out how to fix this problem either way.
Thanks for help everyone, Im hoping I can get it figured out. I am seriously considering some kind of issue with Server 2012R2 and this type of configuration. Does anyone else have this configuration or could mock it up to see if you experience the same problems?
@thanksajdotcom That really sucks. Im sorry for your loss
@travisdh1 ahh ok sorry I thought Scott meant its windows and Unix based. I assumed it was Linux, but I guess its BSD. I haven't had any hands on experience with BSD, and while there may be a shot at getting some Linux in our environment for an upgrade to NGINX and Apache, I don't think I could swing BSD in addition to it.
@thanksajdotcom said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@thanksajdotcom said in What Are You Doing Right Now:
Making plans to attend calling hours for a friend this week. He died Saturday. He was possibly as young as 25, but was probably 26. He had a heart attack and died. My girl and I both knew him pretty well and were both friends with him but for totally independent reasons...it's been a rough weekend...
Oh wow, that really sucks
Sorry for your loss.
http://obits.syracuse.com/obituaries/syracuse/obituary.aspx?n=adam-c-irish&pid=181147096&fhid=22220
https://www.gofundme.com/2ksvx9g
Done
We have some remote Analysts and are currently looking for an online collaboration tool for our staff. We have Dev and IT meetings and would like some software that would be conducive for both while still being cheap (or free) for a SMB. Is anyone using anything similar or have used something similar in the past?
What would you guys recommend?
Feature List
Kristian Nairn has some pretty good progressive euro trance style music. You may recall him from Game of Thrones as Hodor. He puts on a great show btw
@travisdh1 yay! Thats what I love to hear in my healthcare field! Microsoft randomly stealing our PHI! I am going to try to disable it all through GPO if possible, so that it stays static. Do you have any good references that I could use to make sure I get them all?
@scottalanmiller said in What Are You Doing Right Now:
I got up at 7:30 am in Dallas, drove all day and arrived in Indianapolis at 3:00 am. Doing some catch up before turning in. I'm visiting @scale tomorrow here in town, trying to be there in about six hours, but seven is more likely.
Dang Jesus. You should stop by and visit next time you are in town. At least grab a good German Beer with me!
So I really like the Lock Screen images M$ comes up with, and I think little things like that make the transition easier for employees. However, I hate not being able to reduce bandwidth usage by pointing all of the computers to a central location and letting the computers choose from there. My Google Fu has not been productive, does anyone know how to practically accomplish this task or what the average bandwidth usage is? Maybe I dont need to worry about this at all.
BBQing fresh beef, 4-wheelers, swimming, mudding, drinking.... going to be a good memorial day with one of my oldest friends
We just upgraded routers and I am having a horrible time with Ubiquiti trying to get basic information regarding which external ports need to be open (outbound) to allow the controller software to check for firmware updates and how to manually initiate a firmware check from the controller to ensure it is working. I think we are now set on port 8080, but I still need to know how to initiate the firmware check in the controller to ensure it can download new firmwares.
Is their support usually this bad? Am I just being dense and missing something here?
.
.
.
.
Sent: Wednesday, June 15, 2016 9:44 AM
To: 'Ubiquiti Networks'
Subject: RE: Unifi Software Firmware Port
Can you please explain to me how any of the steps below would verify that the controller is able to connect to your servers on the internet to ensure the controller is able to download firmware updates
Sandy N (Ubiquiti Networks)
Jun 15, 02:59 PDT
Hi Billy,
To perform a firmware check to verify that the connection is good following commands can be run:
Connect the AP directly to your laptop/computer and check if you're able to ping the AP. To check this, please follow the steps given below:
• Directly connect the AP to the laptop/desktop in which the controller is installed (POE port of the POE adapter goes to the AP and LAN port goes to the computer)
• Assign static IP address 192.168.1.25 to the laptop/desktop.Subnet mask as 255.255.255.0 Default gateway as 192.168.1.20 since its a fallback IP address of AP
• Check whether the controller is reachable to the AP by using the ping command.Go to the command prompt and type 'ping 192.168.1.20'
• Also, run the discovery tool (installed along with the controller) and check whether UAP is discovered in it. If UAP is detected, you can reset it from there.
Billyraines
Jun 14, 14:39 PDT
Sure, thanks.
Can you please tell us if there is a way for us to trigger a firmware check from the Unifi controller so we can verify that the connection is good.
Daryl M (Ubiquiti Networks)
Jun 14, 14:38 PDT
Hi Billy,
Open only port 8080, as for now and if you have any ap running older firmware . Then try to perform update via controller with only port 8080 open.
Billyraines
Jun 14, 14:34 PDT
Hi Daryl. I do not believe all of those ports need to be open on our external firewall to allow firmware updates. As I stated previously, we do not have firewall restrictions internally, only for external connections, so I am confused as to why you are telling me to allow out of network computers to connect to the WebUI on the controller and opening port 8080 when it says it is only used for UAP->Controller communication. Are you not able to provide me with the specific information that I need? Can you please tell us if there is a way for us to trigger a firmware check from the Unifi controller so we can verify that the connection is good.
Daryl M (Ubiquiti Networks)
Jun 14, 14:22 PDT
Hi Billy,
Below are ports which need to be open
• 8080 (port for UAP to inform controller)
• 8443 (port for controller GUI / API, as seen in web browser)
• 8880 (port for HTTP portal redirect)
• 8843 (port for HTTPS portal redirect)
• 27117 (local-bound port for DB server)
• 3478 # UDP port used for STUN
• 8881 for redirector port for wireless clients
• 8882 for redirector port for wired clients
Also open some other basic port like 80,443,23,22,1
Billyraines
Jun 14, 14:20 PDT
Also is there a way for us to trigger a firmware check from the Unifi controller? We would like to verify that this is resolved. We are still new customers, so we have only done it once and we were prompted automatically in the controller software
So to allow the Controller to access your servers on the internet, we only need to open port 8080 for the controller? Sorry for all the extra clarification, all of the references on that page and in this email refer to intercommunication between the controller and AP, not controller and Ubiquiti’s firmware server
Daryl M (Ubiquiti Networks)
Jun 14, 14:14 PDT
Hi Billy,
The port number which are mention in the Article only those need to be kept open.
The controller and AP talk to on port number 8080.
Let us know if you have any other question.
Billyraines
Jun 14, 11:17 PDT
Yes I googled earlier and saw that article, unfortunately it says nothing regarding firmware updates.
Could you please tell me which port the controller software is using when it initializes a connection to check for firmware updates? Are there any other ports that need to be opened externally to allow the Unifi Software to connect (excluding cloud management)?
Sandy N (Ubiquiti Networks)
Jun 14, 08:35 PDT
Hi Billy,
Thanks for getting in touch with us!
During initial setup of UniFi we suggest to disable firewall as it may block the default ports used by UAP to discover in Unifi controller.
Once the UAP is adopted in the Unifi controller you can enable firewall.
Please click on the below link for UniFi controller ports list.
If you have any other questions, please let us know.
Billyraines
Jun 14, 08:22 PDT
Hello. We are replacing our firewall and need to allow outbound access from our server running the unifi software (for managing our WAPs) so that it can check for firmware updates (We do not have cloud access) and anything else it needs to operate normally. Could you please let me know which ports we need to enable to allow the software to function normally? We do not have internal network restrictions, so our only concern is regarding the Unifi Software phoning home.
Big Beef BBQ Ribs, caesar salad, and fried okra! Mmmm love being in the south! Now I just need to add another mile to my run today, small price to pay