how to determine which virus I have

[nat2345]

Can anyone give me advice on how to figure out which virus I have on the network when it seems like the LAN is infected, so that I can properly remove the virus? Please let me know your methods of detection and determining which virus you have.

Thanks

 

[dyarwood]

What are the symptoms?

 

[SESaskDFC]

Howdy:

I usually just update my av program and run a full system scan on everything.. Oh ya.. I disconnect everything from the network first !!

Murray

 

[nat2345]

Murray, what if your network is down because of the virus and you don't have internet access (or it's very sluggish) or what if the av still isn't detecting the virus (for example if it's a very new virus)? Unless this method always worked for you then great!

Dyarwood, I don't have a virus, I'm asking a what if question.

Thanks

 

[SESaskDFC]

Nat:

If that is the case, then you would never know what the virii is that has infected you.. If it is new, there is nothing that could detect it to begin with.. You question leaves alot in the interpretation and is so hypothetical, there is NO for sure answer !!

Otherwise, I would be downloading and installing "Stinger" on a floppy and booting each system with it.. Does a virii check of the most common and newer virii during boot up !!

Murray

 

[nat2345]

I found the stinger program to run in windows but how do you install that on a floppy to boot with it?

 

[SESaskDFC]

Save to disk: Choose a: drive rather than your c: drive

Boot to DOS.. Put stinger disk in and run it..

As you did not say you couldn't get into windows, just download it to a floppy and then install on every system and run through Windows..

BTW, as Stinger only works with know virii as well, it would not work with your hypothetical brand new not controlled virii either..

In that case.. reformat and re-intall..

Murray

 

[ecobb]

Go home (or next door, or to a Library, or the office across the street), download the updates from the Internet, burn them to a disk, go back to the office and update your network.



Hope This Helps!

Ecobb

"My work is a game, a very serious game." - M.C. Escher

 

[Sympology]

Depends on how good a LAN you have.

Managed Switches:
Put on Rate Limiting on Broadcast and Multicast Traffic. That would stop packet storming by things such as Nachi and Blaster. Check which ports are hitting the switch hard abd unplug. Thus freeing up bandwidth.
Router:
Filter packet to drop fowarding of Broadcast traffic and monitor packets using a packet sniffer.Unplug rouges
Firewall:
Look for pc's going through unknown ports or trying many ip addresses. Block this addresses and ports. Again trace rouge pc's. Again unplug rouges.

Stu..


Only the truly stupid believe they know everything.
Stu.. 2004

 

[zebratech]

Lets not forget Process Explorer from

http://www.sysinternals.com,

lets you identify unknown processes and their related exe's and dll's so that they may be removed.



Unix IS user friendly... It's just selective about who its friends are.

 

[nat2345]

Thanks alot guys for the advice!

Nat