Netsky virus got me 1

[mswilson16]

today i discovered that my network had been hit by the netsky virus... I have norton anti virus corporate 7.60 installed. I disconnected each machine and then ran the removal tool from symantec on each local machine. This was done on all machines including servers (excluded m drive on exchange server). I have not yet reconnected my network as i wish to check with my mail host that the emails have stopped.

i know how the virus got into my network (a user found out the administrator password and added his own personal laptop which was infected because he needed to update his virus def's). From there the first hit was on the server (which runs NAVC and is kept fully upto date) then there where 2 more machines that got hit. Many machines received the virus through email but most quaratined it when received. the 2 machines have NAVC installed but still got the virus. I have been informed that this virus can actually shut down NAVC if on the network.

What are the actions to take when I get to work in the morning?? i was planning on updating the NAVC server's virus def's. Forcing all machines to get an update of the virus def's and run a scan on all machines.... Any thing that I have forgotten????

thanks in advance

mswilson

 

[dibbkd]

mswilson, my advice, update the defs daily either manually or with CEGETTER.BAT. If you hear about a new virus on the news (CNN, MSN, radio, whatever), check more than once a day for new versions of the daily defs, then force them to your SAV as well as your clients.

Also, you can setup AMS to notify you via email, pager, etc when a virus is detected on your LAN. This could give you a heads up to get moving on your defs if they're not already current.

 

[mswilson16]

thanks for the advise... what is AMS???? and what is the quickest way to force all clients to update the virus def's?????

thanks in advance!

 

[dibbkd]

AMS is Alert Management System. If you right-click on your main group and choose "all tasks", it's one of the choices.

Check it out.

 

[j0ckser]

I have NAV with what I thought was the latest updates and the same virus got me. NAV was set to auto-update. I am really ticked that NAV missed this and while I wouldn't wish this on anyone, I am glad to see that NAV missed it for someone else: it has justified my acquiring some other anti-virus protection.

per ardua ad astra

 

[mswilson16]

Interesting!!! So it was set exactly the same as mine and you also got infected... how long did it take you to get back to normal??? What procedure did you take to remove it? What other product are you thinking of getting?

 

[j0ckser]

to mswilson16:
To be honest I didn't realise I was infected, and I don't remember exactly what I did to clear it. I do remember receiving a notification from a friend with a symantec fix to clear it. I don't even think that cleared it, because I think I had to use a full scan later to clear it out.

Another friend told me of a free anti-virus program with free updates, but I cannot remember the name and I'm doubtfull the a free program would be very effective. I have used NAV for a long time and WAS satisfied. This recent infection has made me think twice, but I still have 6 month to go on my subscription, and cash is a little tight.

If anyone reading this has any suggestion for or against other software, please advise.

thanks

per ardua ad astra

 

[dibbkd]

wilson and jockser, I don't understand why you guys are upset at Symantec because you received a virus. It is likely that Symantec had an updated virus def before you got infected, as a network admin you must make sure that your servers and clients have the most up-to-date daily defs. Like I've said in other posts, you can use CEGETTER.BAT to automate daily new defs, LiveUpdate doesn't always give you daily new defs.

 

[vicentell]

How do you configure AMS?
You Sais :right-click on your main group and choose "all tasks",
I have Symantec system Center Console and Symantec quarantine console, I don see any opcion "all task"
Sorry for my question I am new guy performing norton antivirus task.

Is there any step by step procedure for AMS Configuration?
thanks.

 

[vicentell]

I found a SSC Symantec System Center.
I have Console Root below SSC below System Hierarchy and then my Server Group.. I´m right click on my Server Group and I dont have the option for all task, I have Unlock Server Group, configure Server group password.

should I to unlock in order to have "all tasks" enable it?

 

[tgbbz]

yes
unlock,
and then (when installed, when not, it´s on the installation-cd) you see AMS (Alert Management System)



sorry for my english
german trainee

 

[vicentell]

Thanks.
I´m able to get AMS, but now, after click on configure option, I have a window, Norton Antivirus Corporate Edition.
I guess here I should have a list of virus and the I should choose the alert action and congifure my email account to be notified when an event occurs, but this window is empty..

Is tha correct?.

 

[glacierxx]

The below link will take you to Symantec instructions on how to set up AMS for email alerts

http://service1.symantec.com/SUPPOR...sav_ce&dtype=corp&svy=&prev=&miniver=sav_8_ce

"evil prospers when good men do nothing”