PaulDotCom mailing list archives
Re: LAN Virus outbreak Procedures
From: Tyler Robinson <pcimpressions () gmail com>
Date: Thu, 2 Sep 2010 14:14:34 -0600
- I am working with several the most prominent being win32/afcore.nba Trojan - They seem to replicate to multiple machines at once from unknown origin - about 60% conservativly so over a 100 - I have been back pedalling so hard I have not had time to packet capture or even analyze - Eset Nod32 v 4 Is our AV and it is catching and cleaning but it is cleaning 10 or so every min which is hitting network performance a great deal when there are hundreds of them - We have malware bytes, eset and well at this time thats about it Thank you so much again for your help it is a huge help to have more than one mind to bounce a frustrating month onto. TR On Thu, Sep 2, 2010 at 1:17 PM, Bill Swearingen <hevnsnt () i-hacked com>wrote:
Sounds like you need to take a quick step back and assess your position: - What malware are you working with? (any details online?) - What are its specific characteristics? - How many potential machines? - Does it phone home in any way? - What tools/systems do you have in place that can *detect* an infected system? - What tools do you have that can clean an infected system? Then design your incident response from there. On Thu, Sep 2, 2010 at 10:27 AM, Tyler Robinson <pcimpressions () gmail comwrote:Hey everyone just wondering what kinds of procedures you are using to prevent and stop virus outbreaks on your local network after some genius end user investigates child porn on local network PCs. Do most of you use microsofts firewall with GP and just open exceptions for the applicatoins that need it or run another piece of software. I have a massive infection that i cannot track down our Eset is catching them but my network is nothing but trojan packets we were not running an internal firewall (previous Admin setup) without hardend systems, So do i start hardening systems first and then do a GP with Firewall or does anyone have any better suggestions first to get my network back and clean the infection second to setup the correct way so there is no next time..As always thanks so much to the PDC community you guys are the best. TR -- Tyler Robinson Owner of Computer Impressions _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- Tyler Robinson Owner of Computer Impressions
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Re: LAN Virus outbreak Procedures, (continued)
- Re: LAN Virus outbreak Procedures Tyler Robinson (Sep 02)
- Re: LAN Virus outbreak Procedures Chris Keladis (Sep 02)
- Re: LAN Virus outbreak Procedures Tyler Robinson (Sep 02)
- Re: LAN Virus outbreak Procedures Chris Keladis (Sep 02)
- Re: LAN Virus outbreak Procedures Chris Keladis (Sep 02)
- Re: LAN Virus outbreak Procedures Craig Freyman (Sep 03)
- Re: LAN Virus outbreak Procedures Tyler Robinson (Sep 02)
- Re: LAN Virus outbreak Procedures d4ncingd4n (Sep 02)
- Re: LAN Virus outbreak Procedures Tyler Robinson (Sep 02)
- Re: LAN Virus outbreak Procedures Bill Swearingen (Sep 02)
- Re: LAN Virus outbreak Procedures Tyler Robinson (Sep 02)