Solved

How can I completely delete the Trojan IRC from my network?

Posted on 2004-09-22
5
174 Views
Last Modified: 2013-12-04
I have a sever IBM and 30 clients I have been finding since 2 weeks ago in my server the virus Trojan IRC and what I have been doing is erasing manually the archives in Win NT system32 but I have noticed that they alls regenerate automatically...

I am in the process of implementing a new server but I do not want to include it in my network untill I am sure that the virus has been completly eleminated...What I am going to do with my server is re-install the operating system all over again however what I am un sure of is what I am going to do with my clients...

I called symantec and they advised that I do not have to re install the OS in all my clients and that what I need to do is run the antivirus scan in safe mode to detect the trojan.....

I have already downloaded a trojanhunter tool to use from Mischel Internet Security and I am thinking of running it on all my clients and also one called AD-Aware SE because I found information concerning an application that I downloaded free from the internet called date manager and trhough that program I got adware.trojan

Could you help me giving me advices and tips about that what we can do with my clients?

Thanks in advance!
0
Comment
Question by:modeza
  • 3
  • 2
5 Comments
 
LVL 32

Expert Comment

by:LucF
ID: 12127299
Hi modeza,

With only 30 clients, I suggest you just disconnect them all from the network (you might have to do this in the weekend) and clean them up one-by one so they can't infect each other while cleaning.
Then, reconnect them all to the network after you've verified they're clean. See if that works for you.
adware.trojan is pretty easy to fix with Ad-aware SE normally, just make sure you use the latest reference file.

Greetings,

LucF
0
 

Author Comment

by:modeza
ID: 12127519
Thanks a lot but I am still concern about if do I have to reinstall the operating system again to each client or just use the tools that I already downloaded to clean the virus?
0
 
LVL 32

Accepted Solution

by:
LucF earned 500 total points
ID: 12127642
That depends what you think is easier for you, if all clients have the same hardware, it might be easier to reinstall one system and clone the OS to all workstations.
But, removing it might save you from re-installing in the future also as you now know what can go wrong, and in what way.

After cleaning, what you might want to try is downloading hijackthis from:
http://www.aumha.org/freeware/freeware.php#hjt

And then post the log it creates at:
http://www.hijackthis.de/index.php?langselect=english
to get it analized, this way you can find out if no nasties are left on the computer.

LucF
0
 

Author Comment

by:modeza
ID: 12127754
Thanks a lot for all your help......Not all my computers have the same hardware but most of them do, I am going to use images( clones)
I am going to reinstall everything...
Thanks again!
0
 
LVL 32

Expert Comment

by:LucF
ID: 12133690
You're welcome :)

Glad to help,

LucF
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Modify local Group Policy through powershell 5 136
antivirus on mac 8 82
Server 2008-R2 lost password 19 108
Windows mapped drive communications - Secure? 5 67
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question