Solved

How can I completely delete the Trojan IRC from my network?

Posted on 2004-09-22
5
176 Views
Last Modified: 2013-12-04
I have a sever IBM and 30 clients I have been finding since 2 weeks ago in my server the virus Trojan IRC and what I have been doing is erasing manually the archives in Win NT system32 but I have noticed that they alls regenerate automatically...

I am in the process of implementing a new server but I do not want to include it in my network untill I am sure that the virus has been completly eleminated...What I am going to do with my server is re-install the operating system all over again however what I am un sure of is what I am going to do with my clients...

I called symantec and they advised that I do not have to re install the OS in all my clients and that what I need to do is run the antivirus scan in safe mode to detect the trojan.....

I have already downloaded a trojanhunter tool to use from Mischel Internet Security and I am thinking of running it on all my clients and also one called AD-Aware SE because I found information concerning an application that I downloaded free from the internet called date manager and trhough that program I got adware.trojan

Could you help me giving me advices and tips about that what we can do with my clients?

Thanks in advance!
0
Comment
Question by:modeza
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 32

Expert Comment

by:LucF
ID: 12127299
Hi modeza,

With only 30 clients, I suggest you just disconnect them all from the network (you might have to do this in the weekend) and clean them up one-by one so they can't infect each other while cleaning.
Then, reconnect them all to the network after you've verified they're clean. See if that works for you.
adware.trojan is pretty easy to fix with Ad-aware SE normally, just make sure you use the latest reference file.

Greetings,

LucF
0
 

Author Comment

by:modeza
ID: 12127519
Thanks a lot but I am still concern about if do I have to reinstall the operating system again to each client or just use the tools that I already downloaded to clean the virus?
0
 
LVL 32

Accepted Solution

by:
LucF earned 500 total points
ID: 12127642
That depends what you think is easier for you, if all clients have the same hardware, it might be easier to reinstall one system and clone the OS to all workstations.
But, removing it might save you from re-installing in the future also as you now know what can go wrong, and in what way.

After cleaning, what you might want to try is downloading hijackthis from:
http://www.aumha.org/freeware/freeware.php#hjt

And then post the log it creates at:
http://www.hijackthis.de/index.php?langselect=english
to get it analized, this way you can find out if no nasties are left on the computer.

LucF
0
 

Author Comment

by:modeza
ID: 12127754
Thanks a lot for all your help......Not all my computers have the same hardware but most of them do, I am going to use images( clones)
I am going to reinstall everything...
Thanks again!
0
 
LVL 32

Expert Comment

by:LucF
ID: 12133690
You're welcome :)

Glad to help,

LucF
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question