?
Solved

Virus Mitigation

Posted on 2004-04-30
2
Medium Priority
?
455 Views
Last Modified: 2006-11-17
I have a client that called and I think she has the netsky virus on her network.....
I have been removing viruses for well over 3 years but I have never removed one from a large network......
I am going to run the norton netsky fix tool.....this is great but I am thinking that she may have other viruses on her network.....
I am looking for suggestions on how to handle this...
she has 3 servers running win2k server......
17 nodes running win 98......
I ahve removed a bunch of spy ware from the 98 boxes....they all have AV software that is updated.
is it safe to run ad-aware on a server??? never done this before...
thye have norton antivirus corperate......seems to be updated.....so how did the virus get on there in the first place.....
The description she has given me is that she is recieving a lot of e-mail from various local e-mail addresses.....from people that don't work there any more.....I guess these could be spoofed addresses from another location but it seems to be coming from her mail server....can't tell til I get out there.....
Any Ideas on what to look for??
and suggestions on handling a virus in a network like this....
Thanks

0
Comment
Question by:hawgpig
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 5

Accepted Solution

by:
barcelona_blom earned 2000 total points
ID: 10959752
You should disconnect all the machines from the network to start with,

Then use this tool to scan every machine for the most common recent viruses.

http://vil.nai.com/vil/stinger/

0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 10960259
Stinger (above)will do the job pretty well. Ad-Aware will run fine on 2k server. I've had mixed results with Norton... and great experience with McAfee. While the stinger tool will find some of the most recent, it is not as updated as the regular AV, and sometimes won't find the VERY recent viri. I've seen stinger about 2 weeks behind before the next update.

The way viri get in, even with AV running is usually due to the AV being misconfigured. McAfee has what it call's ON-ACCESS scanning which is like it's name, when I click on Photoshop.exe McAfee first scan's the program, then allows me to open it. When I click a download, mcafee scan's the transmission, and when it finds code that matches a virus, it stop the DL mid-stream. I've found norton to allow the DL, and then MAYBE it will catch it when I click on it to open. McAfee has a broader list of "undesirables" than norton also. McAfee has a feature that finds keyloggers, password cracking tools, spy-ware etc... you have to enable "find potentially unwanted, and joke programs" for that feature to work. Norton's heuristics is alright at catching variants of viri, but not at catching these additional program types. For instance, you shouldn't be allowed to DL "John The Ripper"(a popular password cracker) and run it. McAfee will catch it very quickly, Norton will allow you to DL it, even though it's not a virus, it is potentially unwanted software.

Everyone will have their own experience's to share, and I'm sure someone has had the exact opposite experience than I... but try the stinger product to locate and eradicate the viri.
Then you need to patch the PC's against further infections. Start with Windows Update, then make sure Norton is  schedulling  DAILY scan's and DAILY updates. As well as set to scan the email's.

Lot's of spammers like the viri going around, as they recieve plenty of email address and send to all sort's of accounts, spammers keep the email they recieve vrom the viri as they can and do come from valid email address's- some think that spammers write them as well, they probably do.  Even if the employee is terminated, that doesn't mean a client didn't keep their address in their address book, there are ton's of ways to obtain address's.
GL!
-rich
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question