Re: Korgo Virus

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: fygar (cpudoc10_at_hotmail.com)
Date: 06/24/04 

Date: Thu, 24 Jun 2004 09:43:41 -0400

On Thu, 24 Jun 2004 08:50:34 +1000, "Slarty Bartfast"
<Slarty@Bartfast.com> wrote:

>We had two days of the LAN being down this week with the Win32.Korgo.I
>virus.
>It has similar behaviour to the Sasser that we spent a whole day on
>'fixing'. We had Microsoft Auto-updates turned of for some reason - MS04-011
>patch would have stopped it, but it wasn't on all our machines.
>It most likely got in via a laptop that was on the net while outside our
>firewall and then brought it in.
>We are updating all our laptops to XP and using it's firewall - better that
>nothing.
>
>Any suggestions on good laptop policy regarding security - I know that might
>seem a silly question, but we have been using NT4 and 2000 on our laptops
>with good updated virus protection forever, long before I came here, even
>though I knew the lack of a software firewall was a risk and brought the
>issue up a few times.

Run MSBA to find all lagging machines.
Patch.
Set up SUS.
Set up a managed Antivirus.
Find a firewall product if not using XP.
Keep users out of Administrators group.
Keep users out of Administrators group.
Keep users out of Administrators group.
Keep users out of Administrators group.
***Do not give access to email w/o using VPN. (This forces the
occasional connection so the systems will check for updates)

Remove batteries and power cords

...butch

Relevant Pages

  • Re: Korgo Virus
    ... >>patch would have stopped it, but it wasn't on all our machines. ... >>firewall and then brought it in. ... > Run MSBA to find all lagging machines. ... > Keep users out of Administrators group. ...
    (microsoft.public.cert.exam.mcse)
  • Re: multiple windows opening
    ... When you install OneCare, it will automatically ... I have had windows live one care from the first setup of this laptop. ... I open it, it shows that the firewall is on, the virus thing is ...
    (microsoft.public.security)
  • Re: New Printer problem--Help please!
    ... I was able to successfully turn off all firewalls on the laptop, and I believe I also was successful with turning off all firewalls, virus protection, etc on the desktop. ... I have re-set up the network using the home network wizard. ... Following the suggestion I found elsewhere, I set up the network "wrong" (chose incorrect connection method), then set it up again "right". ... the presence of the Symantec VPN driver raises the possibility that the laptop has a Symantec firewall installed. ...
    (microsoft.public.windowsxp.print_fax)
  • Re: multiple windows opening
    ... When you install OneCare, ... Windows Firewall and Defender on its own. ... I have had windows live one care from the first setup of this laptop. ...
    (microsoft.public.security)
  • Re: multiple windows opening
    ... After uninstalling, one must download/run a removal tool to rid the machines of the "leftovers" and then reboot, preferably *before* installing another anti-virus application or security suite (e.g., OneCare). ... run Windows Update manually to make sure the machine's fully patched. ... Windows Firewall and Defender on its own. ... I have had windows live one care from the first setup of this laptop. ...
    (microsoft.public.security)