Solved

Virus Mitigation

Posted on 2004-04-30
2
447 Views
Last Modified: 2006-11-17
I have a client that called and I think she has the netsky virus on her network.....
I have been removing viruses for well over 3 years but I have never removed one from a large network......
I am going to run the norton netsky fix tool.....this is great but I am thinking that she may have other viruses on her network.....
I am looking for suggestions on how to handle this...
she has 3 servers running win2k server......
17 nodes running win 98......
I ahve removed a bunch of spy ware from the 98 boxes....they all have AV software that is updated.
is it safe to run ad-aware on a server??? never done this before...
thye have norton antivirus corperate......seems to be updated.....so how did the virus get on there in the first place.....
The description she has given me is that she is recieving a lot of e-mail from various local e-mail addresses.....from people that don't work there any more.....I guess these could be spoofed addresses from another location but it seems to be coming from her mail server....can't tell til I get out there.....
Any Ideas on what to look for??
and suggestions on handling a virus in a network like this....
Thanks

0
Comment
Question by:hawgpig
2 Comments
 
LVL 5

Accepted Solution

by:
barcelona_blom earned 500 total points
ID: 10959752
You should disconnect all the machines from the network to start with,

Then use this tool to scan every machine for the most common recent viruses.

http://vil.nai.com/vil/stinger/

0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 10960259
Stinger (above)will do the job pretty well. Ad-Aware will run fine on 2k server. I've had mixed results with Norton... and great experience with McAfee. While the stinger tool will find some of the most recent, it is not as updated as the regular AV, and sometimes won't find the VERY recent viri. I've seen stinger about 2 weeks behind before the next update.

The way viri get in, even with AV running is usually due to the AV being misconfigured. McAfee has what it call's ON-ACCESS scanning which is like it's name, when I click on Photoshop.exe McAfee first scan's the program, then allows me to open it. When I click a download, mcafee scan's the transmission, and when it finds code that matches a virus, it stop the DL mid-stream. I've found norton to allow the DL, and then MAYBE it will catch it when I click on it to open. McAfee has a broader list of "undesirables" than norton also. McAfee has a feature that finds keyloggers, password cracking tools, spy-ware etc... you have to enable "find potentially unwanted, and joke programs" for that feature to work. Norton's heuristics is alright at catching variants of viri, but not at catching these additional program types. For instance, you shouldn't be allowed to DL "John The Ripper"(a popular password cracker) and run it. McAfee will catch it very quickly, Norton will allow you to DL it, even though it's not a virus, it is potentially unwanted software.

Everyone will have their own experience's to share, and I'm sure someone has had the exact opposite experience than I... but try the stinger product to locate and eradicate the viri.
Then you need to patch the PC's against further infections. Start with Windows Update, then make sure Norton is  schedulling  DAILY scan's and DAILY updates. As well as set to scan the email's.

Lot's of spammers like the viri going around, as they recieve plenty of email address and send to all sort's of accounts, spammers keep the email they recieve vrom the viri as they can and do come from valid email address's- some think that spammers write them as well, they probably do.  Even if the employee is terminated, that doesn't mean a client didn't keep their address in their address book, there are ton's of ways to obtain address's.
GL!
-rich
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SHA2 certs for IIS AND Java? 2 113
Access 2016 5 63
Impact of disabling SMB v1 on Mac and Linux clients 4 538
Wordpress Security 29 48
The next five years are sure to bring developments that are just astonishing, and we will continue to try to find the balance between connectivity and security. Here are five major technological developments from the last five years and some predict…
OnPage: Incident management and secure messaging on your smartphone
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question