| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 95726 | 2008-12-15 12:41:00 | Network blocked by virus? | fox2setubal (14413) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 729327 | 2008-12-15 12:41:00 | Hello to all, I am network administrator in one company with about 40 computers. There are some serious problems with malware. After connecting to network, infected computer is starting instantly or after some time with maximum upload rate, that completely overtake the available internet link, and rest of network in that moment is loosing internet connection. Only solution after that is to unplug critical computer out of network. I scan with numerous AV programs. Fact is that all computers have file named sqlserver.dll and Win32/PSW.Maha.H Trojan or PSW.Maha.A Trojan. It seems also that it is a main cause of problem. But, still I wasn't be able to stop this. I have used firewall to block appropriate ports, several AVs to clean it and still after some time, "blockade" is returning. In this moment I am trying to use Kaspersky for disinfection. Results are still unknown. Do you have some experience with similar or same problems? What are your suggestions? Thank you, Darko |
fox2setubal (14413) | ||
| 729328 | 2008-12-15 17:03:00 | Hello to all, I am network administrator in one company with about 40 computers. There are some serious problems with malware. Darko Start looking for a new job!! |
apsattv (7406) | ||
| 729329 | 2008-12-15 18:04:00 | welcome to pressf1 enjoy your stay heres some info on them www.sophos.com when you run your scans do it in safe mode, most of the time this will stop the virus from being active making removal easier. by the sounds of it the main process has a child process that checks if the main is active and the parent exe is present if not it recreates the main/parent exe and runs it. Running in safe mode often prevents this action because safe mode only loads essential drivers and processes. |
beama (111) | ||
| 729330 | 2008-12-16 07:27:00 | @apsattv Pretty funny. :cool: @beama Thanks for your answer. I found that trojan is spreading itself by USB drives. For now it seems that Kaspersky is doing something, so I will monitoring situation. |
fox2setubal (14413) | ||
| 729331 | 2008-12-16 08:23:00 | Get trojan remover in my sig.. Dont know how youre going to install it on 40 pcs. Update it then scan then select all options under utilities What are they running? What version of windows? |
Speedy Gonzales (78) | ||
| 729332 | 2008-12-16 08:44:00 | May I reccomend you look at the following products Microsoft steadystate (free) HDguard Deep Freeze just google each one the product description will explain their purpose which may or maynot suit your situation. Speedy; will that utility run from a usb stick ie portable. If yes install on a network share and purhapes force run it on login. |
beama (111) | ||
| 729333 | 2008-12-16 08:47:00 | Trojan Remover doesn't come in a portable version | Blam (54) | ||
| 729334 | 2008-12-16 08:50:00 | thanks for that blam wasnt sure | beama (111) | ||
| 729335 | 2008-12-16 08:57:00 | Its available on *cough* "sharing" sites but it wouldn't be a good for fox2setubal to use unofficial software....would prob get him fired | Blam (54) | ||
| 729336 | 2008-12-16 08:59:00 | Is it possible to disconnect all computers from the internet before removing the viruses? | Blam (54) | ||
| 1 2 | |||||