Our entire network is infected from a stupid fucking customers USB drive. Can someone with experience with this please help me remove it?
Our entire network is infected from a stupid fucking customers USB drive. Can someone with experience with this please help me remove it?
Do you have enterprise virus support?
Only virus software we have is Avast on some of the computers. We do not have a tech department and a lot of these computers do not get updates like they should. Unfortunately the only person who can run a program or executable file is the owner as all others do not have priviledges and all websites not pertaining to the daily operation of the businesses are blocked on our domain via Internet Explorer. This is the only PC with firefox on it, which I managed to install before it was hooked to the network.
Last edited by ictponder; 10-18-2010 at 12:26 PM.
how many workstations?
are they on a domain?
how is your network infrastructure setup?
Provide us with more information and we can help.
July 2014 COTMWe follow the earth. The earth follows the stars. The stars know their way and though the body dies. The stars will remain, like the waves of the sea and restless slate.
It's on a domain, about 8 computers are infected (haven't checked the server yet). Each host is assigned address dynamically and each host has 2 mapped drives to the server, not sure if that helps. This all started after troubleshooting a customers computer using their USB drive which was apparently infected. I've managed to run Malicious Software Removal Tool from a USB drive on one computer and install Microsoft updates, fixing the problem. The other computers get infected after running removal tool before I can get the updates to download.
For those who will ask why we were troubleshooting a computer when we are getting infected ourselves..
We sell Verizon and sometimes customers can't figure out how to install the VZ Access Manager software on their PC or get drivers to work with certain phones. So we use their USB drives to copy drivers and such.
Last edited by ictponder; 10-18-2010 at 04:40 PM.
http://support.microsoft.com/kb/962007
About half way down it has all the step by step instructions for manual removal.
It is a worm, so make sure these infected computers are disconnected from your network.
Let us know how it goes.
Seperation from non-infected machines is a great start, make sure to clean all temp. files per user/system. Also, never hurts to have a flash drive of your own around for tasks like that, having one you know is clean can help prevent these situations.
Have fun bro, my job practically is virus removal. haha
I recommend an SD card with a usb card reader. This way you can copy tools/software to it then lock it to block any write access. Load up combofix and run on every pc. Only use the combo fix from the below link. There are fake ones out there.
http://www.bleepingcomputer.com/down...virus/combofix
1990 JDM GTO TT with Vi-PEC plug-in V44 EMS, TD04-13T's, 3SX Downpipe, MP Hi-flow cat, ARC SMIC's, Aeromotive Stealth 340LPH pump, Fuelab 515 FPR, Ninja Performance 75amp hotwire kit, oohnoo fuel loop & rail adapters, Nylon braided ethanol fuel line, NGK AFX Wideband, K&N FIPK, Iridium plugs, HKS Twin Power DLI, Turbo XS racing BOV, 3SX poly mounts, Custom 280km/h speedo.
Waiting install
Injector Dynamics 725cc Injectors.
Build Thread
3000gt.com 3000GT / Stealth International WWWboard Archive Jim's (RED3KGT) Reststop |
Team 3S 3000GT / Stealth / GTO Information daveblack.net |
Michigan 3S MInnesota 3S Wisconsin 3S Iowa, Nebraska, Kansas 3S |
North California 3000GT/Stealth United Society of 3S Owners 3000GT/Stealth/GTO Forums 3000GT/Stealth International |
3S National Gathering East Coast Gathering Upper Mid-West Gathering Blue Ridge Gathering |
Bookmarks