Over 1 million tech questions and answers.

American airlines email virus/ticket.exe

Q: American airlines email virus/ticket.exe

A family member of mine was just recently infected with a virus that they got from a fake American Airlines email.  Since they already deleted the email, I cannot paste here what the content was exactly but it seemed like a regular ticket confirmation email.  The only thing that was off was that it included a line saying "in order to use your ticket now, please download the attachment".  As you may have guessed, they actually downloaded the attachment and executed the file inside which was named something like ticket.exe.  
I'm not sure what the virus does exactly, but after a few minutes, Mcafee caught it, but it notified us that the computer had to restart in order to fix the problem.  I booted into safe mode with networking, but things seemed to be in working order.  When I googled the virus, I heard it was supposed to black out your desktop and erase your program icons from the start menu, but this doesn't seem to be the case here.  After a few more minutes, Mcafee's real-time scan disabled itself and I'm unable to turn it back on.
The computer is running Windows 7, 64-bit ultimate.  Let me know if you need more information, otherwise I'll update with any new problems as they come up.
Thanks for all your help! 

Preferred Solution: American airlines email virus/ticket.exe

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: American airlines email virus/ticket.exe

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select Perform quick scan, then click Scan.* When the scan is complete, click OK, then Show Results to view the results.* Be sure that everything is checked, and click Remove Selected.* When completed, a log will open in Notepad.* Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txtDownload Malwarebytes Anti-Rootkit from HEREUnzip downloaded file.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.DO NOT click on the Cleanup button. Simply exit the program.When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt NOTE. Make sure all logs are pasted not attached.

Read other 5 answers

to whom it may concern
My brother accidentialy opened a american airlines email and caused his computer to hide all personal files, including music, photos, work, I have tried malwarebuytes to repair. needs more than that. he has webroot antivirus, it always saying it needs updating
thank you for your help

Kevin Petty

A:opened American Airlines fake ticket

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers

Hello to you all. I am working to figure out what my girlfriend did to her HP mini 100 notebook.

Today, she called me in a panic telling me that she opened a email stating that she has received a speeding ticket in the state of new york. She unfortunately proceeds to open that email AND then the attatchment . She said approximately 20-25 new windows opened up and the computer lost all response to try and close these windows. She reboots and after the screen that allows you to enter the bios and/or select boot device you are immediately greeted with a black screen saying "Missing operating system.

When entering the screen to select boot device there are only two choices. One is "SATAM-SanDisk pSSD 16GB" and the other is "USB: JetFlash Trancend". Choosing either of the above yeilds the same result = Missing operating system".

Can anyone here express any resolve for something like this? Has anyone heard of this before?

Thank-you very much for any replies regarding this as I appreciate it greatly.

Read other answers

Hello, I'm sure this is old news, but I ran this AA Airline crap and before I knew it was a virus the damage was already done. I killed the computer as soon as I realized trouble and now all I get when I try to start it is "error reading OS". I can't get it to even show a safe mode option with F8. I can get to bios (F2) and boot (F12) but that is it. Any help would be appreciated as I am at a loss. Thanks. Robert.

A:AA Airlines virus

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/442543 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 6 answers

My father opened an email titled "Uniform Traffic Ticket" and open the included attachment. When this was opened all desktop icons were gone and all options in the start menu were gone, except for some basic programs such as Norton and Open Office.

He is currently running Windows 7 Home 64bit

Looking at the start menu properties all of the options such as documents and pictures were set to not show. I can bring some of them back but all of the folders appear empty. I believe the programs are still there since I can see some of them in the Add/Remove programs tool.

After searching through MSConfig I found an unknown application running: beUBhsyFTRXwF.exe

After searching online about this email I found that is something that has been going around in the last few months and when opening the attachment the following may be put on your machine:
Mal/Chep Vil-A

I also installed Malwarebyes and did a quick scan to see if it can give me any insight into what I'm dealing with and it found the following items:
PUM.Hijack.Start Menu (HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer)
PUM.Hijack.Start Menu (HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch)
I haven't taken any action with these yet.

Any advice you can give would be appreciated. Here is the DDS log file, i saw that GMER is for 32bit, will using it on a 64 be a problem?

D... Read more

A:Uniform Traffic Ticket Email

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.


It appears you didn't attach the second dds log, attach.txt, to your initial post.

Press the Windows "logo" key and "R" key then copy/paste the following into the Run box and click OK:


A text file should open. Save it to your desktop then attach that file to your next reply.


Read other 15 answers

I came across an unusual pass-the-ticket ATA alert. Please take a look below:
Time (UTC)    Source Ip Address    Source Computer   Source Computer Resolution Method                Destination Ip Address
06.10.2017   20:01:58,538           10.***.**.**1        LT******1           Netbios, RpcNtlm, Hint, Cached    10.***.***.*3
06.10.2017   20:05:29,289           10.***.**.**1        LT******1           Netbios, RpcNtlm, Hint, Cached    10.***.***.*3
06.10.2017   20:45:52,151           10.***.**.**2        LT******2           Dns, Cached                                
06.10.2017   20:45:52,615           10.***.**.**2        LT******2           Dns, Cached                  &... Read more

Read other answers


I am using Microsoft Advanced Threat Analytics v1.7.2 evolution. I am following ATA Attack simulation playbook. It can detect enumeration and Pass-the-Hash successfully but it is unable to detect Pass-the-Ticket and Golden Ticket attack. I have set up lab
environment in ESXi environment and has set up Lightweight Gateway on the DC.
Couple of weeks before i set up lab on HyperV environment and it was working fine. Don't know what is the issue here. Please help me resolve this. 

Read other answers

I am trying to use the automatic ticket generation feature of RT. I was able to do it at the command, specifying the queue, etc, and it generated a queue. I would like to use a form that a user can fill out and have it send to rt and generate the ticket.

Any ideas of how to do this?


A:RT Ticket form to auto generate ticket

Closing duplicate, please reply here:



Read other 1 answers

I have Microsoft ATA set up in a lab environment and it is not detecting pass the ticket and golden ticket attacks when following the playbook. It does detect enumeration and pass the hash and other anomolies.
The computers i have in the lab environment running in Proxmox VE are:
Victim-PC (Windows 7)
Admin-PC (Windows 7)
ATACenter (Server 2012)
Domain Controller (Server 2012) (lightweight gateway setup)

I also had a strange problem using Netsess tool to obtain the ip address of the NuckC user logged into the admin-pc machine. I have gone over every inch of the setup i could and did follow the directions for the playbook directly. Not sure if this had some
effect on why those things were not detected. Any insight on this would be helpful.

Read other answers

So I was stupid enough to open the traffic ticket e-mail, my antivirus blocked it but I still have the following issues:

Both my Start menu columns are blank.

My desktop shortcuts are gone exept for some word files.

There is a locket icon next to my user (Owner) file menu.
How can I fix the above? I did a virus and a spyware scan immediately after the infection but I am not sure if the bug is totally removed...

Thanks in advance

A:Ticket virus victim...

Read other 16 answers

I did a serious blunder of opening an email that had a zip attachment yesterday, it was her confirmation for an airline tickets and confirmation. Now every application and or short cut I click on I get an Application Error "0x00409e73" referenced memory at "0x0009f000" The memory could not be “read” (the numbers are sometimes different) the option to press ok to terminate or cancel to debug (the debug feature does not work) as I mentioned I get this error with anything I try and open. I have looked in C\windows\system32 for braviax.exe and did not find this. I know I am not the first person to report this virus but I cannot find the solution on the site here sorry about the repeat question
I am running xp pro log attached please help thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:12:37, on 8/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Progr... Read more

A:Virus in Airline ticket please help

Welcome to TSG

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Download SDFix and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet.

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Finally copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log.
... Read more

Read other 1 answers

I have a Gateway system running XP Pro SP3. I received an email purportedly from americangreetings.com. It said to open the attachment to see the greeting card. The attachment was a zip file name e-card.zip. I looked inside the zip file and stupidly managed to accidentally run the exe (named e-card.exe) which it contained.

I immediately started getting a bunch of error messages. I don't recall them precisely, it happened to fast. There were a number of "cancel, retry, continue messages" all of which I canceled. There also messages saying something about "no disk" or "no drive". Then I noticed that the "Norton Internet Security" icon had vanished from the tray. I tried to restart the computer at this point but it was taking forever so I eventually turned off the power. When I turned it back on it rebooted and everything seemed fine except that Norton had not started. I tried to start it manually and it wouldn't start.

I used the Norton removal tool, then downloaded and installed the latest version of "Norton Internet Security". It now starts at boot and everything seems fine, but I suspect that I'm still infected. Something certainly happened that shouldn't have and I don't want to just proceed as if everthing is okay. I'm posting a copy of my hijack this log. I also have a Mcafee Root Detective report which I can post if you think it would be useful. Thank you for your help.
-------------------... Read more

A:American Greetings virus?

Norton has detected and claims to have resolved the [email protected] virus. It's described here: http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2009-022520-1425-99&tabid=2

It describes more or less exactly what I've seen. That page lists a bunch of files which get deposited in various shared directories. I found those files in those directories on my machine, when I right click on one it vanishes, presumably it's deleted by Norton.

So it appears that things are under control, but I'm still concerned there may be other things that haven't been resolved.

Read other 1 answers

I am contacting you from my Xp as my Vaio Vista is crashed. I am flying to NYC on American so I clicked on the e-mail. I saw the ".exe" too late and had already clicked the zip file. My Sony Vaio w Vista os began faultering and shutdown. I cannot get F8 to work so no safe mode. the only success i have is F10 + Vaio recovery center. I really don't want to lose all my files, my husband has passed away and I have photos + files I haven't backed up that I dearly want to keep. How likely is the rescue Data button to actually work in this case? Do I have any other options for accessing the info on my HD?
Thank you

A:Airline Ticket Virus shutdown on Vista Help!


Read other 1 answers

A couple of hours ago my computer was at its desktop. I walked away and when I came back, there was a message window that said something along the lines of "there's a problem with your hardware, please restart your machine...". I restarted and then got the following window while rebooting:

Pressing F12 or F1 did nothing. I CTRL+ALT+DEL and repeatedly tapped the F12 key and that did nothing but took me back to the above window. I CTRL+ALT+DEL again and repeatedly tapped the F2 key which took me into the BIOS. I poked around and found nothing out of the ordinary and ESC without saving. This allowed me to go and login to windows. I went to the Dell website (I have a Dell PC) and ran a quick diagnostic through their website since I couldn't do it at reboot. The diagnostic came back fine except for FAIL for the SMART THRESHOLDS and then suggested that I replace my 250gb hard drive. The problem here is that I don't have a 250gb HD, I have a 1.5tb HD of a different model.

I called Dell and the tech told me that they've been receiving a number of calls regarding the same thing and that it's a virus. According to him, it's one of those viruses that even Norton can't find (I have the full Norton suite.) He wanted to tap into my computer to remove it. Since my PC is no longer under warranty, he said Dell would charge about $130 to remove it or I would have to reformat the hard drive to get rid of it. Little does he know that I'm a ma... Read more

A:American Megatrend Virus/Malware?

I doubt it's a virus I suspect the Dell tech didn't know what he was talking about or you mistakenly called one of those fake/spoof services that just wants your money. And no, reformatting the hard drive will do nothing to clear to clear a SMART error. SMART is performed internally by the hard drive and once it's tripped it can't be reset.

You don't need to replace the hard drive with another 250GB drive, any size drive under 2TB should work.

Read other 1 answers

cannot access their website

southwest.com or iflyswa.com

others have no problem.
this started on wednesday for me.

A:southwest airlines

Read other 11 answers

For some reason I cannot access southwest.com - on any of the three computers I own. At home these three computers access the internet via a wireless modem that connects with the comcast host. When I travel with either laptop the same problem happens. It also happens using Firefox. When I attempt to open southwest.com I get a connecting message and it will grind away for a half-hour or so before finally timing out. Sometimes the southwest site will partially open. I have tried deleting cookies, but that doesn't help. Any suggestions.



A:Cannot access Southwest Airlines

You might have SW on your banned URL list. Check to see if that connects.

Read other 17 answers

I cannot access Delta Airlines url (www.Delta.com) from any of the 3 computers on my Home network anymore. I can take my Laptop to another network and access perfectly. All PC's use XP.

I have access to all other url's (websites) from any of the 3 computers except the Delta Website.

Any help is appreciated.

A:Can't access Delta Airlines url

Click Start => run type in CMD press OK. When command prompt opens up type in Ping www.Delta.com and press Enter. Please copy and paste the results back into this thread

Read other 1 answers

I stumbled on new baggage rules for lithium batteries on airlines. (haven't seen this announced before.)
Spare lithium batteries can not be carried in checked luggage. Only lithium batteries installed in equipment can be in checked baggage.
Spare lithium batteries are allowed in carry-on baggage.

These strange rules will cause your spare lithium camera batteries to be discarded after you check luggage without you being notified. Those are expensive and hard to replace when touring.

A:Lithium batteries on airlines

Here's the DOT's notice.


Read other 1 answers

+1 833_228-2161 Spirit Airlines Flight Baggage Fee

Spirit baggage fees

Baggage category


Max Weight

Gate check baggage fee


First checked bag



Second checked bag



Third - fifth checked bag



Do you have to pay for carry on with spirit?

When you fly Spirit Airlines, you can bring on a personal
item up to 18 x 14 x 8 inches on board for free while a full-sized carry-on will cost you $37 to $65, depending on when and where you purchase the right to bring the bag on board.
(Prices slightly less for $9 Fare Club members.)

Read other answers

+1 833_228-2161 How do I talk to a live person at Spirit Airlines?

How do I talk to a live person at Spirit Airlines?

How to Call a Live Person in Spirit Airlines Customer Service

Dial 1-801-401-2222.Press 5 in the main menu.Press 1 in the sub-menu and press 6 in the next menu.After that, the automated phone system will connect you to a live customer service agent from Spirit Airlines.

Read other answers

+1 833_228-2161 Delta Airlines Flight Booking & Managing Phone Number

Air travel has become one of the most convenient and cheap means of transportation nowadays. Most of us prefer to book flights for journeys that would take up almost twice our time if we traveled by other means for the same distance. Booking flights has also
become an easier task nowadays than it was before.

There are various ways to book a flight ticket. We can do it ourselves or let others do it for us. We can make the booking online, through a travel agency, etc.

Read other answers

I purchased a Y70-70 in with 2 year additional warranty.  I had never used the ports on the left side as all my periphials were USB 2 and I used WIFI (no need for Ethernet).   But a several months ago, I purchased a USB3 device and found it or any other device would work on the left side ports, to include the ethernet port.  Called support, got a ticket and sent it in.  Received email saying it was received and was being looked at.  Later, checking ticket status, it stated problem found, BUT NO SPARE - this was bad enough, but stated one was being searched for ASAP.   Okay until I checked again today and NO ticket!!  I cannot find any phone numbers or emails.  In the original email it was stated "click here" to email.  Doesn't work!!  How can I get this resolved?  TIA for any assistance.  btw, I had forgetton my email password and it is ON the laptop that is in for repair.  Obviously I'll have to change to a new one, but many messages stored on that computer (as well as a LOT of vauble information)  Yes, I backed it up, but backup is set for THAT computer!

Read other answers

Win 10, IE 11; No matter what I do I cannot get rid of the ?Script Error? message: An error has occurred on the script on this page. I have adjusted IE OPTIONS, ADVANCED disable script debugging (IE) and (OTHER)
I delete all browsing, cookies, Internet files and history once a day.
This only happens on, or in, Internet Explorer 11, Not in Microsoft Edge 38.14393.0.0
Need your help or a ticket to the loony bin. Thanks eddie460

Read other answers

I try to play microsoft solitaire on windows and all I get is a white screen 

Read other answers

Why does tech support simply ship out a box for depot repair without consulting the customer first? Twice I have opened a ticket for issues which DO NOT require depot repair and TWICE they have shipped out a box for me to return my computer to them.  Why are they in such a need to get their hands on my computer? It would be nice to have a little contact before just blindly sending out a box. My issues DO NOT require depot repair. I do not understand nor appreciate this policy. They don't stop to consider that users may not be able to be without their computers for weeks, for issues which probably could be resolved with a tweak or something.   

Read other answers

I installed RT 3.0.10 on a RedGat 9 server with Apache. I did the rpm install of Rt. I have the site up but on the index.html page, the RT logo is just an X. Docs and questions I read said /html/Elements/ folder should be in share/Elements. I do not think it sees the Elements folder.

I have all the perl modules installed.

Is there something I am missing?


A:RT Ticket System

Please do not double post.

Read other 2 answers

Hello All,

I recently clicked on a Google Images picture and AVG warned it had a virus. I clicked out, ran AVG, and it said everything was clean. Recently, however, my G Mail account was compromised. Someone from a Chinese IP address logged onto the account, and then sent emails to a Chinese website to my contact list. I changed my password, but I wasn't sure if it was a virus or if my email was compromised in some other way. Yesterday, I emailed a PowerPoint presentation to a professor, which he said came up as a virus. Now when I try to open my own attachment, a browser page filled with odd text shows up. If it matters, the presentation was sent through my university's .edu account, not the G Mail. I use Windows 7.

AVG is still showing the computer is clean, but given the set of circumstances, it seems I may be infected. Thank you for your self.

Read other answers


Can anyone help me design airlines website like calendar in access.

Like, when it shows, the date and the availability and the price of ticket.


A:Access Query: Display Airlines like Calendar in Access

Read other 12 answers

Hi everybody,
I've been trying the pass-the-ticket attack for a week now with mimikatz.
This is my lab :

1 Center1 Gateway1DC1Workstation
From the worstation, I use the admin ticket. I have access for example to this folder \\dc\admin$. But ATA doesn't detect this scenario. Could someone help me please. 

Read other answers

I somehow got the site-ticket browser search hijacker. I've tried just about every browser hijack repair tool on the net for download. Whenever I do a search and click on a link it redirects me to some other site. When it does that down in the status bar I see the following IP I've tried BHO. I've tried HOSTS file. I've tried Addons. I've tried plugins. I've tried everything I can think of. I've even gone into IE options in the registry. I seriously need help with getting rid of this. I've even tried removing IE and installing IE 7 to see if that cleans things up.Moderator Edit: Moved topic to more appropriate forum. ~ Animal

A:Site Ticket Removal

http://www.bleepingcomputer.com/uninstall/...SiteTicket.htmlInstall Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds. http://www.superantispyware.com/Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.http://www.bitdefender.com/scan8/ie.htmlIf you need more help removing the malware:Post a Hijack This log in the appropriate forum by following the directions in the link below.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Read other 6 answers

I just recently signed up for Verizon DSL. It is very important that I can be on the phone & computer at the same time at home because that is where I do most of my work. I have two phone lines through Verizon, however, the second phone line goes completly out at least once every two days.....basicaly whenever it rains or snows. By the time I can get someone from Verizon to my house, the phone is working again and the repairman can't do anything about it.

So what do I do? I sign up for Verizon DSL....obviously a bad idea. I thought it would be more reliable than the phone line that they can't fix. So I order the DSL on my good line and the thing doesn't even work. It looks connected and packets are coming but none are going. And that darn ready light will not quit blinking.

Sorry for the rambling...I just need to vent. Anyways, I have already spoken with three CSRs over at VOL. I have been issued a trouble ticket. She said it was probably the modem????

So if anyone has had this problem and has had a trouble ticket issued...when do they usually fix the problem? I have read on other forums that it takes a long time. Should I be concerned here? I simply have no patience with these people.....I am PAYING them so I should at least get decent service.

What is a trouble ticket? Will someone come out to my house? Should I just cancel the whole thing...I am already being charged for it after all. Has anyone else had this problem? I would call them back but I h... Read more

A:Verizon DSL trouble ticket

Sad to say, this is clearly an issue you'll have to resolve with Verizon. OTOH, if you have no service, you can usually get them to give you a credit for the service...

Read other 3 answers

Could you explain how the pass the ticket attack is determined or how to verify that this is an actual problem and not a falso positive?
I am piloting ATA in my environment and have already received three warnings regarding pass the ticket.
It is only for computer accounts and not users.

Read other answers

I just opened a ticket at microsoft and forked over the $35 because I can't figure out how to stop getting the error when using Outlook 2002 notes. I think, somehow, I paid 2x and opened 2 tickets because of the stupid activex crap needed to be installed (can you tell I am frustrated?) What is the best way to get one of my payments back rather than fighting it through the credit card company? I am really getting torqued off at Microsoft.

A:Microsoft Ticket Screw UP

Read other 10 answers

Hi all,
This is a question for my own information and knowledge as I'm new to ATA.

In ATA, I understand the need for DNS Reconnaissance IP exclusions.  There may be machines where legitimate DNS administrative tasks need to be performed, and you don't want these machines triggering alerts in ATA when someone runs the NSLookup command

What I'm trying to get my head around is why you would want Pass-The-Ticket IP Address exclusions.  What is the scenario where you would add an IP or IP Range to be excluded from PtT alerting?


Read other answers

I'm looking for a completely free ticket making program. Nothing fancy. Just to make basic raffle tickets.

I can only find demos that won't print the things because they want you to buy the software.

Any ideas?

A:Solved: Ticket Generator

Read other 6 answers

Hey guys,

Does anyone know of a good PHP based support ticket system that I could install on my web server?


A:Looking for a PHP based support ticket system

If you're looking for more of a "help desk" solution, Trellis Desk is an excellent program. It requires a MySQL backend, though. If you're looking for more of a CRM solution, that I don't know.

Read other 2 answers

Hello all,
I'm testing ATA for a couple of weeks now. I have successfuly raised a lot of alerts based on the list of functionnalities of ATA but I'm not able to rise alert for golden tickets.
I'm using mimikatz for retrieving the password hash of the krbtgt account (the alert "malicious replication" is raised). I created a a ticket with the command "kerberos::golden" and I loaded successfuly a ticket from a domain admin account.

I accessed to the admin shares of a domain controller, I have removed/added members from domain admins group. I have no alert from ATA.
I'm using lightweight agent on all domain controllers and the kerberos audit is enabled (4776).
Thank you for the help!


Read other answers

I've got a fairly new 2003 Active Directory and recently I have had two independent reports of users not being able to get into a file server that they were able to one week before. After a log off and log on they have been ok.

I believe this is due to the fact the users haven't logged off in a week and their Kerberos credentials expired. So I've checked domain policy and it seems that the policies are as follows:

Maximum lifetime for service ticket 600 minutes
Maximum lifetime for user ticket 10 hours
Maximum lifetime for user ticket renewal 7 days
The last one was of interest here so I just changed it to 60 days.

Maximum lifetime for user ticket renewal 60 days
I would like to ask what people's opinion's are on this, especially if there are any other veteran mcses out there, regarding the security implications of this change.

Read other answers

We received a Golden Ticket alert based on ticket lifetime.
This happened to 3 computers' accounts and one user account. The owners were not  working during this period. 
When reviewing the logs on the domain controllers we do see that renewal request from all these accounts during this time, which made us suspect that this is a false positive. 
More information:
The gateways are lightweight gateways on virtual machines, and they are not with optimal performance. 
Thanks in advance. 

Read other answers

Hi, ever since I downloaded the latest version of Java, U51, it constantly crashes. I play Ticket to Ride Online at the Days of Wonder website (www.daysofwonder.com). I manage to log in okay, but when I click on "play game" it starts to load then I get a white screen or it says that Java has crashed. I've used both Firefox and Google Chrome. When I use Firefox, it crashes Firefox as well. I've also tried using the Steam version, but it won't load when I click online.

I removed Java and redownloaded using the off line version and also made sure that it was enabled in both browsers. It still crashes. Then I went to the Java Test page and it crashed. I can't even check the version of Java on their site either because it crashes. I'm at a loss as to what to do. I'm using Windows 7 starter. Any help would be greatly, greatly appreciated.


Read other answers

We've gotten these alerts before so I know they fire sometimes.   Today we ran a red team exercise and did NOT get an alert.
I see both the original KerberosTgs request for the user (from computer A) and the KerberosAp request  (using the stolen TGT from computer B) in the ATA logs so I think the necessary inputs are there.    However, it has been four hours now
since the usage and no detection.
Can anyone give me some tips for drilling deeper?

Read other answers

I'm trying to find out what triggers a pass the ticket alert.   We have a case where a user logged in with another user's credentials on a different
computer over vpn at the same time that user was on campus and a pass the ticket alert was triggered.  Is the alert triggered when an exact TGT with the exact hashes and exact sessions are seen on a different computer?  Or is it some
other trigger?
In other words: is this an indication that the other user installed malware to steal the ticket from a user's computer and then use the
Kerberos ticket to log into vpn and ATA saw an exact duplicate ticket with the same hashes and sessions?  
This seems very unlikely because the other user would have had to use the Kerberos ticket to log into VPN, which first communicates with a radius
server (no Kerberos ticket used at this point) before it communicates with the DCs.  So the other user probably had a username and password already, and if that were true, why use a stolen Kerberos ticket that will trigger alerts when one could just get
a new one when logging in.  it doesn?t seem to make sense for this to be the case.
Or does ATA see the same username in a different subnet at the same time and assume that the ticket was stolen without verifying that the tickets
are exactly the same?  
Or is there some mechanism built into Kerberos that forwards copies of Kerberos tickets to the same user whe... Read more

Read other answers

I have installed and have been testing the ATA in a test AD Forest. I have successfully tested against the honey token account and DNS Reconnaissance.

I am now testing for Pass-the-ticket detection that is touted on the Microsoft ATA announcement pages. I used MimiKatz on one server to obtain a ticket of the Domain Admin account performing a CIFS session to a DC $ADMIN share and transferred it
to another machine logged in as a non Domain Admin account. I then was able to use Mimikatz to replay that token and then access the DC's directory and copy a sensitive file from the NTDS folder. ATA did not report any such behavior. if I understand
the ATA correctly, it should have discovered PTT and reported it. Based upon the documentation, it just magically works when you set up the ATA.

What am I missing here? the only thing I did not do was grant the ATA GW access to the client computers in the Domain. Since we are a large Enterprise, it would be difficult to get that kind of by-in from all depts.

I have yet to test the plain text simple binds.
Assistance please.
Brian B.  

Read other answers