Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

I think we have a virus

Posted on 2016-10-07
5
Medium Priority
?
111 Views
Last Modified: 2016-10-07
Hi Experts,

many files on shares are changed to .odin
can you help me out ?
What is the best way to restore or clean all machines ?
0
Comment
Question by:Eprs_Admin
5 Comments
 
LVL 19

Accepted Solution

by:
helpfinder earned 1004 total points
ID: 41833167
could be ransomware
the best was would be to unplug all affected machines  from network as soon as possible, reinstall all affected machines and restore all necessary documents from offline backup.
But this works only if you have backups :)

if you want to remove ransomware manually (not 100% sure you will get a rid of it) check this guide
0
 
LVL 71

Assisted Solution

by:Qlemo
Qlemo earned 332 total points
ID: 41833168
First of all, stop the Server service on file servers. If you cannot detect at a glance which department or area of PCs could be responsilble, shut them off all. Then you need to detect which PCs are infected, but that can get difficult. I'm certain other Experts can give you good advice on that.
1
 
LVL 19

Assisted Solution

by:*** Hopeleonie ***
*** Hopeleonie *** earned 332 total points
ID: 41833170
Hi

You are infected with the Locky Ransomware. Disconnect all infected Clients that are locally encrypted and reinstall or reimage them as already recommended. Do you have a valid backup to restore?
1
 
LVL 12

Assisted Solution

by:andreas
andreas earned 332 total points
ID: 41833235
Its a version of the locky ransomware.
Shut down all systems with access to the affected server shares, as any of them could be the source which is running the exncryption malware.

then offline scan all PCs with an anti virus rescue cd/dvd or USB-Pen for the ransomware. Do not scan online on the systems, the malware will continue to encrypt files on network if still accessible and locally on your harddrive.

Also scan the server offline itself too to ensure the malware is not running on the server itself.

To narrow down which client has the malware you can check owner information on encrypted files on the server shares. So you can see under which user account the malware was/is running. Check different files in different directories, maybe several users are involved.

Then track down from which clients the users are working recently.
0
 

Author Comment

by:Eprs_Admin
ID: 41833460
ok thanks so far.
We found the infected machine.
many shares are encrypted but I could use my storage snapshot to recreate all files.
0

Featured Post

Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question