Our clients Network/Computer seemed to be attacked by a virus and malware???

Hi guys,

Recently - one of our clients networks seemed to be attacked with a virus..leaving one computer to be acting funny. Hmmmmmm!!!

The virus seemed to be a trojan/malicious one that I am suspecting to somehow might have causing one computer to shut down.

I have disconnected the internet from this computer. And I am about to run a scan on the computer and Network to check for any virus/malicious spyware/malware that could probably be the culprit.

I use malwarebyte and Eset NOD32 Antvirus to run on the PC and do its scan.

After that (once scan all complete) - i check to make sure that they have an antivirus.

Before I do this, can someone recommend a tools to use to scan the Network and Computer for malware/virus other than the one i have mentioned above? Also, steps on how they would proceed?

Please would appreciate some guidelines and attentions on how to address this matter?

Await for further advice.

Thanks.
BakakaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
Once you have the virus, you can try scanning with your own Anti Virus, followed by a scan with Malwarebytes. However, there is no guarantee this will work and no sure fire way to clean up a computer after this.

Back up format and reinstall the operating system.

Then:

Have offsite rotating backups for sure (no NAS).
Implement top notch spam control to stop these emails from coming in.
User Education: train users not to open emails from strangers and not to go to dodgy websites.
Andrew LeniartIT Consultant & Freelance JournalistCommented:
Hi Bakaka,

In regards to the specific questions you asked;

The virus seemed to be a trojan/malicious one that I am suspecting to somehow might have causing one computer to shut down.
I use malwarebyte and Eset NOD32 Antvirus to run on the PC and do its scan.

In order to help you with suggesting the best course of action, you'll need to identify and then provide a list of what infections were found by the Malwarebytes and NOD32 antivirus application. Once we know what you're dealing with, then we can recommend an appropriate course of action.

Sometimes, it is indeed possible to clean up an infection - other times, as already mentioned by John, backing up your data, formatting your drive and reinstalling Windows may be the appropriate response and course of action. It all depends on which Virus, Malware, Trojan infection has taken place.

Before I do this, can someone recommend a tools to use to scan the Network and Computer for malware/virus other than the one i have mentioned above? Also, steps on how they would proceed?

NOD32 is an excellent antivirus, and Malwarebytes is an excellent Malware detection tool as well. You can try any number of Antivirus applications available if those two don't find the infection for you, but those two tools should have done the job. Whether or not the infection was Network aware and infected other machines on the network, again, depends on the infection. That's what is missing in your question so please provide more info.

I hope that's helpful.

Regards, Andrew
PerarduaadastraCommented:
Saying a computer is "acting funny" is rather like saying you don't feel well - you might have a cold, or you might have meningitis! What, specifically, is the machine doing (or not doing) that is abnormal?
IP Address Management Meets Device Tracking

SolarWinds IP Control Bundle (IPCB) gives you an easy-to-install, single download package. The IP Control Bundle’s powerful combination of IPAM and UDT means no more wondering how your IP addresses and switch ports are assigned, how many you have available, or who’s using them!

nobusCommented:
you can run these :  
http://www.malwarebytes.org/mbam.php                         MBAM
http://majorgeeks.com/RogueKiller_d6983.html                  Roguekiller
http://www.lavasoft.com/                              ADAWARE
http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/        JRT
masnrockCommented:
Replace the system. If you REALLY want to know what happened, then I recommend cloning the infected system and using forensics tools on it. I wouldn't be shocked if a malicious link was involved.

Assuming that to be the case, you would need to look more into the following:
1) A better spam filtering solution
2) Creating user awareness training

I use malwarebyte and Eset NOD32 Antvirus to run on the PC and do its scan.
Were both of these up to date before the issue started? Also, did you use rescue discs to scan the systems, or at least try from Safe Mode?
dfkeCommented:
Hi,

alternatively you can create a linux-based bootable Avira antivirus USB using Rufus. Boot it and scan the workstation in question. That way you prevent booting from a potentially infected boot record. It's virus definitions gets updated twice a day.

Cheers
masnrockCommented:
Do users have admin rights on their machines?
If the answer is yes, this is a textbook case of the serious risks in allowing such. And also a perfect demonstration of why organizations are doing what they can to restrict it.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.