Re: Possible virus or torjan for network ???

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 11/24/04 

Date: Wed, 24 Nov 2004 02:29:05 GMT

Sounds like something is up. Make sure you are scanning with the latest
virus definitions from Symantec and get a second option with something like
the free Sysclean from Trend Micro. You don't have to install Sysclean, just
download and unzip it and it's pattern file to a common folder to execute
from. Also try a parasite remover such as AdAware SE and/or SpyBot Search
and Destroy.

http://www.trendmicro.com/download/dcs.asp -- Sysclean
http://www.trendmicro.com/download/pattern.asp -- pattern file for Sysclean
http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button
-- AdAware SE. Be sure to update it from within program before scanning.

 Try booting into safe mode with networking to see if there is a difference
before you try to repair. If it works better in safe mode with networking
you definitely have something installed as a startup program that is causing
the problem. There are free tools from SysInternals that allow you to
examine startup processes, running processes, and port to process mapping.
Download Autoruns, Process Explorer, and TCPView. It probably would be most
helpful to compare results to a known clan machine such as a Ghost install
than has not been connected to the network or internet.

http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml -- autoruns and
link to SysInternals

Try to do a fresh install from a known good Ghost image and enable the built
in ICF firewall on it BEFORE you connect it to your network or internet. If
that works well you have some sort of infection on your lan computers almost
for sure. Then make sure the fresh install has all critical updates from
Windows Updates first and disable the built in ICF firewall. If it still
works well your other computers probably were vulnerable by not being
current with critical updates. It is also important to enforce complex
passwords on all of your computers which you can do with Local Security
Policy for non domain computers. Weak or no passwords can allow a malware to
spread fast. Make sure your anti virus scans ALL attachments no matter who
they come from at the client level as that is a major cause of infections.
It is up to you but in my opinion XP SP2 has some major improvements in
protecting your computers. If you are concerned about application
compatibility test it out on one computer first. --- Steve

http://www.microsoft.com/smallbusiness/gtm/securityguidance/hub.mspx --
Microsoft security center for small businesses.
http://www.microsoft.com/technet/security/guidance/avdind_0.mspx --
Microsoft Anti Virus in Depth Guide.

"RZ" <rzmitri@msn.com> wrote in message
news:e8HcU9a0EHA.1260@TK2MSFTNGP12.phx.gbl...
> Hi,
>
> I have a LAN with 12 computer well protected by Norton always updated,
> connected to internet with a router behind a firewall. since yesterday at
> the startup of all computer there is 3 windows of internet explorer that
> pop-up and try to open an IP adress. It takes up de 5 minutes to close
> them
> and after a while it's impossible to work with the computer everything is
> blocked. We have tried to run complete scan of norton, no virus found,
> tried
> to install the original configuration with norton ghost, doesn't work.
> Please help.
> I'm running WinXp pro SP1
>
> Thanks a lot
>
> Richard
>
>

Quantcast