Solved

Virus Mitigation

Posted on 2004-04-30
2
449 Views
Last Modified: 2006-11-17
I have a client that called and I think she has the netsky virus on her network.....
I have been removing viruses for well over 3 years but I have never removed one from a large network......
I am going to run the norton netsky fix tool.....this is great but I am thinking that she may have other viruses on her network.....
I am looking for suggestions on how to handle this...
she has 3 servers running win2k server......
17 nodes running win 98......
I ahve removed a bunch of spy ware from the 98 boxes....they all have AV software that is updated.
is it safe to run ad-aware on a server??? never done this before...
thye have norton antivirus corperate......seems to be updated.....so how did the virus get on there in the first place.....
The description she has given me is that she is recieving a lot of e-mail from various local e-mail addresses.....from people that don't work there any more.....I guess these could be spoofed addresses from another location but it seems to be coming from her mail server....can't tell til I get out there.....
Any Ideas on what to look for??
and suggestions on handling a virus in a network like this....
Thanks

0
Comment
Question by:hawgpig
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 5

Accepted Solution

by:
barcelona_blom earned 500 total points
ID: 10959752
You should disconnect all the machines from the network to start with,

Then use this tool to scan every machine for the most common recent viruses.

http://vil.nai.com/vil/stinger/

0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 10960259
Stinger (above)will do the job pretty well. Ad-Aware will run fine on 2k server. I've had mixed results with Norton... and great experience with McAfee. While the stinger tool will find some of the most recent, it is not as updated as the regular AV, and sometimes won't find the VERY recent viri. I've seen stinger about 2 weeks behind before the next update.

The way viri get in, even with AV running is usually due to the AV being misconfigured. McAfee has what it call's ON-ACCESS scanning which is like it's name, when I click on Photoshop.exe McAfee first scan's the program, then allows me to open it. When I click a download, mcafee scan's the transmission, and when it finds code that matches a virus, it stop the DL mid-stream. I've found norton to allow the DL, and then MAYBE it will catch it when I click on it to open. McAfee has a broader list of "undesirables" than norton also. McAfee has a feature that finds keyloggers, password cracking tools, spy-ware etc... you have to enable "find potentially unwanted, and joke programs" for that feature to work. Norton's heuristics is alright at catching variants of viri, but not at catching these additional program types. For instance, you shouldn't be allowed to DL "John The Ripper"(a popular password cracker) and run it. McAfee will catch it very quickly, Norton will allow you to DL it, even though it's not a virus, it is potentially unwanted software.

Everyone will have their own experience's to share, and I'm sure someone has had the exact opposite experience than I... but try the stinger product to locate and eradicate the viri.
Then you need to patch the PC's against further infections. Start with Windows Update, then make sure Norton is  schedulling  DAILY scan's and DAILY updates. As well as set to scan the email's.

Lot's of spammers like the viri going around, as they recieve plenty of email address and send to all sort's of accounts, spammers keep the email they recieve vrom the viri as they can and do come from valid email address's- some think that spammers write them as well, they probably do.  Even if the employee is terminated, that doesn't mean a client didn't keep their address in their address book, there are ton's of ways to obtain address's.
GL!
-rich
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question