Re: LAN Virus outbreak Procedures

[Xander Solis <xrsolis () gmail com>]

Tyler,

You can try to look for the executable/s that's being detected and
removed by NOD32 on other machines either via tasklist, pslist or dir
/s /b /ASH <filename>

You may also want to try other tools, such as clamwin (clamav for
windows) to try and check for other drop files. It's likely there's a
an undetected "dropper" that propagates the malware that's being
detected.

Hope this helps.

Xander

On Thu, Sep 2, 2010 at 11:27 PM, Tyler Robinson <pcimpressions () gmail com> wrote:
> Hey everyone just wondering what kinds of procedures you are using to
> prevent and stop virus outbreaks on your local network after some genius end
> user investigates child porn on local network PCs. Do most of you use
> microsofts firewall with GP and just open exceptions for the applicatoins
> that need it or run another piece of software. I have a massive infection
> that i cannot track down our Eset is catching them but my network is nothing
> but trojan packets we were not running an internal firewall (previous Admin
> setup) without hardend systems, So do i start hardening systems first and
> then do a GP with Firewall or does anyone have any better suggestions first
> to get my network back and clean the infection second to setup the correct
> way so there is no next time..As always thanks so much to the PDC community
> you guys are the best.
> TR
>
> --
> Tyler Robinson
> Owner of Computer Impressions
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com