Our clients Network/Computer seemed to be attacked by a virus and malware???

Bakaka
Bakaka used Ask the Experts™
on
Hi guys,

Recently - one of our clients networks seemed to be attacked with a virus..leaving one computer to be acting funny. Hmmmmmm!!!

The virus seemed to be a trojan/malicious one that I am suspecting to somehow might have causing one computer to shut down.

I have disconnected the internet from this computer. And I am about to run a scan on the computer and Network to check for any virus/malicious spyware/malware that could probably be the culprit.

I use malwarebyte and Eset NOD32 Antvirus to run on the PC and do its scan.

After that (once scan all complete) - i check to make sure that they have an antivirus.

Before I do this, can someone recommend a tools to use to scan the Network and Computer for malware/virus other than the one i have mentioned above? Also, steps on how they would proceed?

Please would appreciate some guidelines and attentions on how to address this matter?

Await for further advice.

Thanks.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Once you have the virus, you can try scanning with your own Anti Virus, followed by a scan with Malwarebytes. However, there is no guarantee this will work and no sure fire way to clean up a computer after this.

Back up format and reinstall the operating system.

Then:

Have offsite rotating backups for sure (no NAS).
Implement top notch spam control to stop these emails from coming in.
User Education: train users not to open emails from strangers and not to go to dodgy websites.
Andrew LeniartIT Professional | Freelance Journalist | Looking for Opportunities
Distinguished Expert 2018

Commented:
Hi Bakaka,

In regards to the specific questions you asked;

The virus seemed to be a trojan/malicious one that I am suspecting to somehow might have causing one computer to shut down.
I use malwarebyte and Eset NOD32 Antvirus to run on the PC and do its scan.

In order to help you with suggesting the best course of action, you'll need to identify and then provide a list of what infections were found by the Malwarebytes and NOD32 antivirus application. Once we know what you're dealing with, then we can recommend an appropriate course of action.

Sometimes, it is indeed possible to clean up an infection - other times, as already mentioned by John, backing up your data, formatting your drive and reinstalling Windows may be the appropriate response and course of action. It all depends on which Virus, Malware, Trojan infection has taken place.

Before I do this, can someone recommend a tools to use to scan the Network and Computer for malware/virus other than the one i have mentioned above? Also, steps on how they would proceed?

NOD32 is an excellent antivirus, and Malwarebytes is an excellent Malware detection tool as well. You can try any number of Antivirus applications available if those two don't find the infection for you, but those two tools should have done the job. Whether or not the infection was Network aware and infected other machines on the network, again, depends on the infection. That's what is missing in your question so please provide more info.

I hope that's helpful.

Regards, Andrew
Saying a computer is "acting funny" is rather like saying you don't feel well - you might have a cold, or you might have meningitis! What, specifically, is the machine doing (or not doing) that is abnormal?
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Top Expert 2013

Commented:
you can run these :  
http://www.malwarebytes.org/mbam.php                         MBAM
http://majorgeeks.com/RogueKiller_d6983.html                  Roguekiller
http://www.lavasoft.com/                              ADAWARE
http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/        JRT
Distinguished Expert 2018

Commented:
Replace the system. If you REALLY want to know what happened, then I recommend cloning the infected system and using forensics tools on it. I wouldn't be shocked if a malicious link was involved.

Assuming that to be the case, you would need to look more into the following:
1) A better spam filtering solution
2) Creating user awareness training

I use malwarebyte and Eset NOD32 Antvirus to run on the PC and do its scan.
Were both of these up to date before the issue started? Also, did you use rescue discs to scan the systems, or at least try from Safe Mode?
Hi,

alternatively you can create a linux-based bootable Avira antivirus USB using Rufus. Boot it and scan the workstation in question. That way you prevent booting from a potentially infected boot record. It's virus definitions gets updated twice a day.

Cheers
Distinguished Expert 2018

Commented:
Do users have admin rights on their machines?
If the answer is yes, this is a textbook case of the serious risks in allowing such. And also a perfect demonstration of why organizations are doing what they can to restrict it.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial