[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Virus Mitigation

Posted on 2004-04-30
2
Medium Priority
?
462 Views
Last Modified: 2006-11-17
I have a client that called and I think she has the netsky virus on her network.....
I have been removing viruses for well over 3 years but I have never removed one from a large network......
I am going to run the norton netsky fix tool.....this is great but I am thinking that she may have other viruses on her network.....
I am looking for suggestions on how to handle this...
she has 3 servers running win2k server......
17 nodes running win 98......
I ahve removed a bunch of spy ware from the 98 boxes....they all have AV software that is updated.
is it safe to run ad-aware on a server??? never done this before...
thye have norton antivirus corperate......seems to be updated.....so how did the virus get on there in the first place.....
The description she has given me is that she is recieving a lot of e-mail from various local e-mail addresses.....from people that don't work there any more.....I guess these could be spoofed addresses from another location but it seems to be coming from her mail server....can't tell til I get out there.....
Any Ideas on what to look for??
and suggestions on handling a virus in a network like this....
Thanks

0
Comment
Question by:hawgpig
2 Comments
 
LVL 5

Accepted Solution

by:
barcelona_blom earned 2000 total points
ID: 10959752
You should disconnect all the machines from the network to start with,

Then use this tool to scan every machine for the most common recent viruses.

http://vil.nai.com/vil/stinger/

0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 10960259
Stinger (above)will do the job pretty well. Ad-Aware will run fine on 2k server. I've had mixed results with Norton... and great experience with McAfee. While the stinger tool will find some of the most recent, it is not as updated as the regular AV, and sometimes won't find the VERY recent viri. I've seen stinger about 2 weeks behind before the next update.

The way viri get in, even with AV running is usually due to the AV being misconfigured. McAfee has what it call's ON-ACCESS scanning which is like it's name, when I click on Photoshop.exe McAfee first scan's the program, then allows me to open it. When I click a download, mcafee scan's the transmission, and when it finds code that matches a virus, it stop the DL mid-stream. I've found norton to allow the DL, and then MAYBE it will catch it when I click on it to open. McAfee has a broader list of "undesirables" than norton also. McAfee has a feature that finds keyloggers, password cracking tools, spy-ware etc... you have to enable "find potentially unwanted, and joke programs" for that feature to work. Norton's heuristics is alright at catching variants of viri, but not at catching these additional program types. For instance, you shouldn't be allowed to DL "John The Ripper"(a popular password cracker) and run it. McAfee will catch it very quickly, Norton will allow you to DL it, even though it's not a virus, it is potentially unwanted software.

Everyone will have their own experience's to share, and I'm sure someone has had the exact opposite experience than I... but try the stinger product to locate and eradicate the viri.
Then you need to patch the PC's against further infections. Start with Windows Update, then make sure Norton is  schedulling  DAILY scan's and DAILY updates. As well as set to scan the email's.

Lot's of spammers like the viri going around, as they recieve plenty of email address and send to all sort's of accounts, spammers keep the email they recieve vrom the viri as they can and do come from valid email address's- some think that spammers write them as well, they probably do.  Even if the employee is terminated, that doesn't mean a client didn't keep their address in their address book, there are ton's of ways to obtain address's.
GL!
-rich
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question