Use the following: 1. Hijackthis 2. malwarebytes 3. CCleaner Download them off the net and run them in order. Then, if its a windows 7 machine, do the following: (At your own risk, this is a very powerful program) a. Pull infected machine off the network. b. On another PC, Download combofix from bleepingcomputer.com here: http://www.bleepingcomputer.com/download/combofix/ c. transfer the combofix onto the machine and run it. Please don't connect to download the recovery console if the combofix asks you to. d. Restart the machine if asked by the program. e. In Symantec Endpoint Protection, create a policy for disabling autorun/ execution of programs. f. Run 3. again and clear all registry entries it pulls up. Then checkand revert. ./Sam On Tue, May 7, 2013 at 11:01 AM, Adam Nelson <adam@varud.com> wrote:
Also, nobody mentioned it, but there should be security and Antivirus services running between the LAN and the Internet. Something like this:
http://www.meraki.com/products/appliances#features:firewall
If you have a technically minded office with Mac and Linux machines, you can maybe not do this until you're 30+ people, but a Windows office needs it as soon as possible. In a 20 desk office with Windows computers, there is almost zero chance that one of them is not infected with a virus at any given time.
-Adam
https://twitter.com/varud https://www.linkedin.com/in/adamcnelson
On Tue, May 7, 2013 at 10:54 AM, Jangita Nyagudi < jangita.nyagudi@gmail.com> wrote:
Good one
In addition i switch of the LAN switch during this process. Switch of all USB and floppy (if they are still used) access on all the machines in the bios. Flash disks should come through you (if you have the time).
Oh and install an antivirus and regularly update it.
On 4 May 2013 10:47, Odhiambo Washington <odhiambo@gmail.com> wrote:
Describe your situation in detail. If it's 100 PCs infected, or just a couple.Here is what I'd do, anyway.
1. Identify a clean PC. Install Kaspersky (yes, I don't trust other AVs that much!) AV Trial version. Update it. 2. Open all infected computers. Remove the HDD and label them accordingly. 3. Attach these disks (in rotation) as slave disk on the computer (1) above 4. Do a full scan for viruses. Please take note not to delete your Symantec app folder in case it's detected as a virus.
That's a suggestion and will probably eat into all your weekend, but you have no option.
IMPORTANT: Recall and QUARANTINE ALL flash disks from all the staff. Do this by getting to the office at 6am on Monday and let nobody get in with any flash/external disks - not even the boss!!! :-) Scan all of them on PC (1) before returning them.
On 4 May 2013 10:30, Robert Ndegwa <bobwaire@gmail.com> wrote:
there are countless solutions but no concrete answer.I wanted someone who has encountered the same problem to help me with their practical solution.
On Sat, May 4, 2013 at 9:45 AM, Odhiambo Washington <odhiambo@gmail.com
wrote:
Did you fail to find suggestions using Google?
On 4 May 2013 09:37, Robert Ndegwa <bobwaire@gmail.com> wrote:
Morning skunks,
I have a virus that is creating shortcuts of the folders in our drives.I am using Symantec End-point protection and have updated it and have run a full scan,but the virus is still replicating.Is there anyone with a solution?Kindly assist.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 "I can't hear you -- I'm using the scrambler."
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 "I can't hear you -- I'm using the scrambler."
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke