Have a 2000 server being infected once in a while with W32.Randex.gen periodically. Trying to find out where in the world this is coming from and it's driving me nuts.
The virus drops into the default users profile at C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\PC3PC6QA\
and tries to infect but norton is picking it up and dropping it in quarantine.
Problem is this... This company is connected (and recieves internet) thru a vpn line to their head office half way across the country. I know for a fact that norton always had a problem with virii coming across any vpn. I'm suspecting that it's coming from the head office and trying to find a way to prove it.
I have no control of internet security as of yet, and it's doubtful the head office will ever give me any type of control in the future. This client has been hacked in the past (with a virus called sdbot, same situation) proving that the security was terrible at one point, something I was trying to prove. Since the hack, a new cisco firewall has been installed in the office here (I still have no control).
I've been all around the network checking for the virus (same as last time with sdbot) and i'm confident it doesn't exist on the internal network so the only other place to look is the VPN. The server here is a basic DC running print services, DNS, DHCP and file storage, nothing else.
Any other ideas, short of installing a software firewall, to help track where this virus is coming from? BTW, there's nobody but me surfs the web thru the server, then it's only tek-tips
Thanks
~ K.I.S.S - Don't make it any more complex than it has to be ~
The virus drops into the default users profile at C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\PC3PC6QA\
and tries to infect but norton is picking it up and dropping it in quarantine.
Problem is this... This company is connected (and recieves internet) thru a vpn line to their head office half way across the country. I know for a fact that norton always had a problem with virii coming across any vpn. I'm suspecting that it's coming from the head office and trying to find a way to prove it.
I have no control of internet security as of yet, and it's doubtful the head office will ever give me any type of control in the future. This client has been hacked in the past (with a virus called sdbot, same situation) proving that the security was terrible at one point, something I was trying to prove. Since the hack, a new cisco firewall has been installed in the office here (I still have no control).
I've been all around the network checking for the virus (same as last time with sdbot) and i'm confident it doesn't exist on the internal network so the only other place to look is the VPN. The server here is a basic DC running print services, DNS, DHCP and file storage, nothing else.
Any other ideas, short of installing a software firewall, to help track where this virus is coming from? BTW, there's nobody but me surfs the web thru the server, then it's only tek-tips
Thanks
~ K.I.S.S - Don't make it any more complex than it has to be ~
