Sign in
 
HomeProductsLibraryLearnDownloadsSupportForums
Microsoft Forefront TechCenter >
'Trojan.Agent.TKH' got through

Answered 'Trojan.Agent.TKH' got through

  • Monday, February 18, 2013 4:25 AM
     
     
    Sign In to Vote
    0

    Hi,

    I currently run Microsoft Forefront and have recently got Trojan.Agent.TKH or 'C:\Documents and Settings\<user>\Application Data\Lesewy\dikut.exe'. Does anyone know why this was not stopped by Forefront or if I should be doing anything else to prevent this occuring in future?

    Thanks,

     

All Replies

  • Monday, February 18, 2013 10:36 PM
     
     
    Sign In to Vote
    0
    anyone??
     
  • Tuesday, February 19, 2013 4:40 PM
     
     Answered
    Sign In to Vote
    0

    You should also look at Microsoft's Software Restriction Policies.

    You can create Group Policies that prohibit programs from getting executed from user profile locations for non-administrator users.

    The only tricky part is if you have users the frequently use WebEx and other web based tools that launch from temporary web folders used in the profile.

    http://technet.microsoft.com/en-us/library/cc779607(v=ws.10).aspx

    It may take awhile, or maybe even a couple of different versions of the GPO to get all your users and OU's configured for those special programs that don't use the standard "Program Files" or "Program Files (x86)" locations.

    If you work it in great detail all the way through, you will be amazed at how little malware can now be installed or run on your non-administrator user systems.

    Randall

     
  • Friday, February 22, 2013 3:24 AM
    Moderator
     
     Answered
    Sign In to Vote
    0

    Hi,

    Thank you for the post.

    If FCS does not detect this kind of virus, you may submit a sample to MMPC for further analysis: https://www.microsoft.com/security/portal/Submission/Submit.aspx

    Regards,

    Nick Gu - MSFT