Re: Antivirus 2008
- From: "Hank Arnold (MVP)" <rasilon@xxxxxxx>
- Date: Mon, 08 Sep 2008 05:17:29 -0400
I don't think any of us were patronizing. There was no information indicating your skill level. Almost 100% of postings like yours are not by experienced IT folks like us.
I'll be honest with you, in your situation, considering the fact that this is a network *AND* used by a finance controller, I would still have recommended a clean rebuild. Since you have the original hard drive working, the time to rebuild should still be less than a week. If the "customer" can't do without it for any length of time I would suggest a perhaps a parallel build and replace the system when ready.
It's your network and you are, obviously, very familiar with it. Bottom line is that you are "the boss" and you seem to know what you are doing.
As another suggested, since this is the second time the affected system has caused significant loss of time (and data?), I would urge in the strongest terms that you insist on a rigorous backup strategy for this computer.....
--
Regards,
Hank Arnold
Microsoft MVP
Windows Server - Directory Services
Alan C wrote:
Although the pc in question is a on a small network(assumption correct), it is used by the financial controller. It therefore has software/data (e.g. payroll) and some proprietary programs that are not on the server. The data is safe, but flattening the pc would mean not just reinstalling the OS and programs but booking the 3rd party guys to come and reconfigure their software. Last time (hdd failure) this cost more than the pc was worth and took over a week..
OK, special case. We all know how frequent they are. That is why I've spent the last two days sweating blood to ensure the malware is removed fully, and didn't just wipe it.
For the record, I mentioned the '70's start to illustrate my cynicism at the obviously banal replies that are inevitable. Also wordy, 'stating the obvious' posts can appear to be extremely patronizing, even when not intended.
I use these ng's for clues and ideas, not necessarily for cures. Rant over.
"Kerry Brown" <kerry@xxxxxxxxxxxxxxxxxxx*a*m> wrote in message news:O51R2gQEJHA.1272@xxxxxxxxxxxxxxxxxxxxxxxI'm sorry if you think I was patronizing. I also started in IT in the 70's, although I don't know what this has to do with the conversation. At the very least my experience has taught me that there are many different points of view regarding computer security and that my view may differ from others. I have learned that I need to be open to other points of view. There is no one right answer when it comes to computer security. These newsgroups are read by many thousands of people who may not have your experience and knowledge. Many people will find these posts through a search engine. They need to know that even though an anti-malware program may seem to remove some malware the possibility exists that the computer is not "clean".
Once a computer is owned by someone else (infected) the only way to be 100% certain the infection is gone is to flatten and rebuild the system from known good media. This could mean starting from scratch or restoring from a known good backup. A good part of my business is dealing with malware infections. I have learned that an infected system can be repaired but not definitively cleaned by any other other method. It is up to you to decide how much of a risk this is. As you posted this in a server newsgroup I assume the computer in question is part of a network. If this is the case then by cleaning an infected computer you are taking a chance that the computer may not be fully cleaned and may compromise the network. Balancing the time and resources used between mitigating that risk and fixing the infected computer is a decision only you can make. For me, if the computer is part of a network that a business relies on, the best way to fix a malware infection is to flatten the computer and restore a clean image. There shouldn't be any important data on the computer so this is a quick and easy fix. If the computer is not part of a network, or good network policies have not been implemented, then other solutions may work better. I am sometimes called in to fix things when something goes wrong due to good network policies not being implemented. Like you, I sometimes resort to cleaning an infected system as the customer does not want to pay for the proper fix, which is not quick and easy because there is no image available and company data is not stored on a server. This doesn't mean this is the best solution or that I don't inform the customer of the potential risks of this solution. The important thing to understand is that is is a compromise and not the best solution.
--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/
http://vistahelpca.blogspot.com/
"Alan C" <nospam@xxxxxxxxx> wrote in message news:ua9zUAQEJHA.3604@xxxxxxxxxxxxxxxxxxxxxxxYou don't seem to understand that I know what I am doing, having started in IT in the mid 1970's. Admittedly there is still a learning curve as OS's, etc, evolve, hence my questions to these ng's.
And I don't appreciate the patronizing attitude of some posters.
The pc in question is now clean.
"Kerry Brown" <kerry@xxxxxxxxxxxxxxxxxxx*a*m> wrote in message news:uaW$6fPEJHA.3288@xxxxxxxxxxxxxxxxxxxxxxxYou still don't seem to understand what everyone has been trying to tell you. Once a system has been infected there is no way of knowing if it has been cleaned/repaired except doing a full format and rebuild. You have been able to fix the symptoms that you noticed. There may still be other left over problems or the computer may still be infected.
--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/
http://vistahelpca.blogspot.com/
"Alan C" <nospam@xxxxxxxxx> wrote in message news:%23Zn6XNNEJHA.1456@xxxxxxxxxxxxxxxxxxxxxxxFor information and enlightenment:
I fixed the problem, it turned out to be a winsock corruption.
reinstalling tcp was the answer.
"Alan C" <nospam@xxxxxxxxx> wrote in message news:uq4O1rAEJHA.1460@xxxxxxxxxxxxxxxxxxxxxxxOne XPPro workstn was infected by the antivirus 2008 trojan, which I have managed to clean.
One problem remains: I cannot browse any server (2003) shares via network places or explorer, although all mapped drives are accessible.
When I try to browse to the server, - '\\our_srv\' only one share is shown - 'userdata' - and this appears as an empty folder.
I know that the trojan affects the local policies, which I've reset, but cannot find anything that would cause the above.
Any help, suggestions, guidance would be gratefully received.
P.S. I'm not sure if this is the correct ng. Hope it is.
- References:
- Antivirus 2008
- From: Alan C
- Re: Antivirus 2008
- From: Alan C
- Re: Antivirus 2008
- From: Kerry Brown
- Re: Antivirus 2008
- From: Alan C
- Re: Antivirus 2008
- From: Kerry Brown
- Re: Antivirus 2008
- From: Alan C
- Antivirus 2008
- Prev by Date: Re: Software Mirror Failing
- Next by Date: Re: Anti virus program
- Previous by thread: Re: Antivirus 2008
- Next by thread: HyperV Options
- Index(es):
Relevant Pages
|
