Re: Virus? - Disable .EXE, .COM, .LNK and group policy.

From: Malke (invalid_at_not-real.com)
Date: 05/25/05 

Date: Wed, 25 May 2005 11:12:01 -0700

Brian Hoyt wrote:

See my comments inline:
>
> We are a private school with all students 7-12 having laptops/tablets
> about
> 450. The students own the machines so I can't lock them down as much
> as one
> would like. The AV/AS are kept up to date automatically. We also do
> lock
> the machines down quite a bit via group policy. I understand
> prevention from a global perspective, trying to nail down this oen
> issue though.

So we have fewer students at lower grades than you, but it's a similar
situation as far as private vs. public.
>
> There is no need to punish the students as they aren't in most cases
> purposely causing the problems.

See, we disagree here. Maybe your students are more responsible, being
older. Our students *are* at fault because they will download all kinds
of cr*p if allowed. There is the normal malware stuff from places like
Smiley Central, links they click on or apps they run from their friends
via instant messaging, and we've been having quite an issue with the
Xanga messageboard - it also installs spyware.

> I am more in th business of
> preventing the problems from
> ocurring rather than applying punishment afterward.

What we tell the parents and students is that these laptops are for
school. Some of the laptops are owned by the parents and others are
owned by the school and are rented to the parents. We explain the whole
issue of infestation to the users very clearly, and let them know what
the consequences of misusing the laptops will be. I'm not taking a
"we're right and you're wrong" position - I'm just telling you how we
set it up. The end result for us has been very good - a few kids have
come up with viruses but they have not infected the rest of the laptops
and for the most part, everything has been clean and works well. My
friend and I can compare our results with what happens in the local
public schools because we both have clients with kids there.

> Imaging takes 20
> min and is more trouble for the students since they are without their
> laptop in class
> than it is to the tech staff. Isolating the laptops from the rest of
> the network really doesn't help anyone either, what is the point of
> having the resources if the students can't get to them.

I'm in complete agreement with you about the imaging. We do it, too.
What I meant by isolating is that we have three networks, all of which
are kept isolated from each other - one for the school office, one for
the computer lab, and one for the classrooms/laptop program. Since
we're small, this is very manageable and allows us to tailor each
network's setup as we wish.
>
> I was trying to figure exactly what this one was, since it is far more
> damaging than any other we have had. It is affecting a very small
> group of students some repeatedly though. I was hoping if I could
>narrow the cause I could help the students to know what not to do.

Without seeing the machines and what is running, there just isn't any
way to tell what is going on. There was a big outbreak of an AIM virus
recently, but it really was a nasty one and you'd certainly have
noticed it. What might work to help you track down the cause is to get
one of the infected machines and run HijackThis on it. Then post your
HJT log at one of the forums below (not here, please). I particularly
like the AumHa forum, but all of the fora linked below are populated by
great experts who will be able to pinpoint things for you right away.
So here are the HJT links:

http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
Eshelman
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 -
another tutorial
http://aumha.net - forums
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/
http://www.spywareinfo.com/forums/

>
> Thanks for the help and the pointers. I will see if I can find
> similar symptoms on those sites.

You are most welcome. Good luck, and enjoy your summer (if applicable to
your part of the world).

Malke 

-- 
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

Relevant Pages

  • Initial Rant
    ... This school year was a bit different than the last few years. ... With in this deal we got a new file server, ... Several windoze machines that are littered around the district ... changes was authentication of the students through the new server. ...
    (alt.sysadmin.recovery)
  • Re: Pupils changed my admin password
    ... >> some laptops with xp on it for students. ... > have it, if you have 2000, NT Workstation, or XP machines around the ... > How on earth did they get the admin password in the first place, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Sarah Palin- creationist VP candidate?
    ... have diluted the training of students, to the point where learning at ... the higher levels ... machines that run on actual tape recordings and films... ... In the case of an actor, the script remains the same, ...
    (talk.origins)
  • Pupils changed my admin password
    ... some laptops with xp on it for students. ... On few machines ... some of the students changed my admin password and put ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Video Editing/networking/BootCamp Question
    ... I work in a college where we currently use a range of PC video editing ... some problems for students. ... Our machines are networked but have seperate hard ... and when they want to video edit they boot into Mac. ...
    (comp.sys.mac.system)