Solved

How can I completely delete the Trojan IRC from my network?

Posted on 2004-09-22
5
171 Views
Last Modified: 2013-12-04
I have a sever IBM and 30 clients I have been finding since 2 weeks ago in my server the virus Trojan IRC and what I have been doing is erasing manually the archives in Win NT system32 but I have noticed that they alls regenerate automatically...

I am in the process of implementing a new server but I do not want to include it in my network untill I am sure that the virus has been completly eleminated...What I am going to do with my server is re-install the operating system all over again however what I am un sure of is what I am going to do with my clients...

I called symantec and they advised that I do not have to re install the OS in all my clients and that what I need to do is run the antivirus scan in safe mode to detect the trojan.....

I have already downloaded a trojanhunter tool to use from Mischel Internet Security and I am thinking of running it on all my clients and also one called AD-Aware SE because I found information concerning an application that I downloaded free from the internet called date manager and trhough that program I got adware.trojan

Could you help me giving me advices and tips about that what we can do with my clients?

Thanks in advance!
0
Comment
Question by:modeza
  • 3
  • 2
5 Comments
 
LVL 32

Expert Comment

by:Luc Franken
ID: 12127299
Hi modeza,

With only 30 clients, I suggest you just disconnect them all from the network (you might have to do this in the weekend) and clean them up one-by one so they can't infect each other while cleaning.
Then, reconnect them all to the network after you've verified they're clean. See if that works for you.
adware.trojan is pretty easy to fix with Ad-aware SE normally, just make sure you use the latest reference file.

Greetings,

LucF
0
 

Author Comment

by:modeza
ID: 12127519
Thanks a lot but I am still concern about if do I have to reinstall the operating system again to each client or just use the tools that I already downloaded to clean the virus?
0
 
LVL 32

Accepted Solution

by:
Luc Franken earned 500 total points
ID: 12127642
That depends what you think is easier for you, if all clients have the same hardware, it might be easier to reinstall one system and clone the OS to all workstations.
But, removing it might save you from re-installing in the future also as you now know what can go wrong, and in what way.

After cleaning, what you might want to try is downloading hijackthis from:
http://www.aumha.org/freeware/freeware.php#hjt

And then post the log it creates at:
http://www.hijackthis.de/index.php?langselect=english
to get it analized, this way you can find out if no nasties are left on the computer.

LucF
0
 

Author Comment

by:modeza
ID: 12127754
Thanks a lot for all your help......Not all my computers have the same hardware but most of them do, I am going to use images( clones)
I am going to reinstall everything...
Thanks again!
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 12133690
You're welcome :)

Glad to help,

LucF
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question