Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Network infested 4

Status
Not open for further replies.
danno74

danno74

IS-IT--Management
Nov 13, 2002
295
US
A good majority of the PCs here have something wrong with them. Yesterday they were getting the message from SAV that the blaster worm was being caught and deleted. Then people all at the same time would get "svchost. exe has generated errors". When they go to use MS Office programs such as Excel, Word, and sometimes Outlook, they get the following messages - "could not use linking and embedding", "the office assistant cannot be started", and "An error occurred initializing the VBA libraries (14)." I have scanned 4 PCs with both SAV and Housecall from Microtrend, and nothing was found. On one of those PCs I could not even use the online scan because the browser was messed up - I went to About to check the version and the text in there had been changed.

I have installed SP4 on the PCs that did not have it and reinstalled Office on a couple to try that out, and they still get errors.

Any programs or anything you guys know of that might help me I would appreciate.
 
Sort by date Sort by votes
Actually, I would download the blaster removal tool from symantec and copy it to every pc. I would then disconnect them all from the network. Run the tool on each, you may have to do this from safe mode if they give you problems.


Don't forget to install the patch against blaster, there is a link in the above mentioned page, or it will likely return. Might even copy the patch to each pc before you plug them back in to the network. I would then use your virus scanner to scan any locations where data are kept, before your users go back to work.

Matt J.

Please always take the time to backup any and all data before performing any actions suggested for ANY problem, regardless of how minor a change it might seem. Also test the backup to make sure it is intact.
 
Upvote 0 Downvote
Easy thing to do:

Download the blaster removal tool mentioned above.

Download a copy of the Windows patch that fixes the exploit that Blaster uses.

Burn both to a CD.

Have everyone shut down their PCs, and disconnect them from the network. Go to a PC, boot it, then run the Blaster removal tool. Now install the Windows patch. Re-connect to network and reboot. Lather, rinse, repeat.
 
Upvote 0 Downvote
We installed ZoneAlarm on a couple PCs and discovered that a remote office that has access to our network had very outdated AV. We shut off their access, then went to every PC on the network, unplugged it, ran the McAfee Stinger program and the Blaster removal tool, along with the SAV client we have installed. We then plugged them back in, ran another scan with and then did Windows Update.

Now you say that you can burn the patches onto a CD - how??? It would save us so much time if we could have that data available instead of having to download it on every workstation. I thought MS had some sort of policy where you had to download it...

Also, does anyone know of an application that can remotely appply Windows patches? I need to find something that will do that, and a friend of mine says MS might have a free one available. Anyone know of anything out there?
 
Upvote 0 Downvote
There's a couple of options.

To remotely install the Windows patches, look into Microsoft Software Update Services (aka, SUS). It is a free application from Microsoft that runs on a server inside your network and basically works like Windows Update. If you have Windows 2000 or XP you can configure Auto-update on those PCs to automatically pull down the patches from the SUS server as they become available. All you have to do once everything is configured is log into the SUS server regularly and approve any new security updates. SUS can be found at
There are a couple of short whitepapers (20-30 pages) that go into great detail about installing and configuring it.

Another thing to keep in mind is that Microsoft lately has tried to shift to a monthly update process instead of issuing patches whenever the mood struck. The current schedule is that the patches are released on the secnod Tuesday of every month around 5PM Pacific time (they did it just yesterday, so you may want to update your clients again today). At any rate, the theory is that it's easier for businesses to plan to install the updates if they know that they're going to be released on a regular basis at a given time. Hopefully this leads to more systems being patched.

If you go to:


then you can get a lot of information on security updates, patches, etc.

At this page:


you can sign up to receive security bulletins via email from Microsoft as they release new patches.

You can still download the patches individually as installable files (you used to be able to do so through but that site is gone now), but now you'll probably need to know the number of the security bulletin to get the downloadable version. If you know what you're looking for, you can usually find it from:

 
Upvote 0 Downvote
I thought MS had some sort of policy where you had to download it...
Click to expand...

No, a lot of large corps download the patches once, put them to a central location where anybody can get them.

does anyone know of an application that can remotely appply Windows patches?
Click to expand...

MS has a product called SUS. It allows users to put the program on a server then have the corp's workstations look at the server for updates. This allows the sys admins to test the updates before putting them out. MS is in the process of changing this to a product called WUS. SUS only deals with Windows while WUS will also update Office, SQL server, ect.

See
James P. Cottingham

There's no place like 127.0.0.1.
There's no place like 127.0.0.1.
 
Upvote 0 Downvote
Do I have to go to every workstation and activate Automatic Update and setup the options? Can I do that cnetrally through SUS? I installed it and am downloading the patches right now, but reading through the papers I don't see anything concerning that except deploying the program itself for PCs that don't have the update software (which all of ours do already).

Also, once the options are setup regardless of who set it up, is it unique to one user or does it cover everyone that uses that workstation. I don't want to do this and have to change the settings everytime we move people around.

Thanks again for the great info.
 
Upvote 0 Downvote
It's probably buried in one of the whitepapers, but there should be a WUAU.ADM teplate that comes with SUS. Either that or you need to download the lastest version of Automatic Updates (I believe the file is WUAU22.MSI (that's the version that we run anyway, might not be the latest) to get the .MSI, I can't recall which.

At any rate, if you are using group policy, you can create a new policy, click on Computer Configuration, then select Administrative Templates. From there you right-click Administrative Templates and select Add/Remove Templates, then browse to the location where you saved the WUAU.ADM. Once the template is loaded, you will now have settings to control how Automatic Updates work on PCs that use that policy. You can control how the updates are downloaded, which server they download from, when they are installed, if any user interaction is required, etc. As long as all of your systems have the latest version of Automatic Updates (XP systems or 2000 systems with SP4) then you can control the settings from this policy.

I have to say, SUS and automatic updates for a corporate environment is quite possibly Microsoft's best product ever, not least because it's free. It makes everyone's life sooooo much easier.
 
Upvote 0 Downvote
I'll give it a shot and let you know. I've never done anything with group policies, so I might have questions... thanks.
 
Upvote 0 Downvote
Alright, I have gotten in there and setup the policies. I found the topic in the white papers. Now I am confused on one point - Do you do this on the server only, or do you have to on every workstation? Will this change in policy automatically propigate to the rest of the network? I find that hard to believe. I have this installed on a server that does not have Active Directory on it. Do I have to install this on the one that does, go through the directions for installing the snap on policy, and just have it point to the server with the updates installed on it?

Thanks.
 
Upvote 0 Downvote
OK.

Crash course in group policy. It requires Active Directory. You will create the policy on your domain controller, and make sure that the systems that need the policy applied are somewhere in the AD tree below the container where you make the change (the easiest way for a domain-wide policy is to make the change at the top level of the tree). Then it will be propogated to all of your AD client PCs when they authenticate.

If you don't have AD and can't implement it (or don't want to), then you'll need to manually make the changes to Automatic Updates on every system.

I highly recommend that anyone who is running Windows 2000 or later on their clients and servers should use Active Directory. It takes a little bit of learning up front, but once it is in place you will have a centralized point for administering your workstations/servers. It's a great way to work.
 
Upvote 0 Downvote
I got it working, thanks again. Now I have to deal with an old issue we had of not being able to print any MS docs (Excel, Word, Outlook, etc). The only way I way able to remedy this was to remove patches until it started printing again.

It never ends, you fix one thing, something else goes wrong.
 
Upvote 0 Downvote
You might want to post that problem in another thread and see if anyone has a solution.

Something that I would suggest (this is assuming that you are using network printers that have queues on a server) is deleting one of the printers from and installing it with the latest version of the printer driver. See if that works. If it does then you may need to repeat the process for other printers, though you may be able to get away with just updating the drivers instead of re-adding the printers.
 
Upvote 0 Downvote
I did post in the W2k forum. Thanks again for the input, I will try that. I did try the Office XP SP3 on one of them, it does not seem to have worked.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Curious network activity over port 445
Replies
8
Views
339
DrB0b
DrB0b
lowKut
  • Locked
  • Question
Clients are Getting Numerous Network Threat Protection Block IPs
Replies
3
Views
134
lowKut
lowKut
amanua
  • Locked
  • Question
How to block facebook on corporate network
2
Replies
21
Views
330
dibbkd
dibbkd
stduc
  • Locked
  • Helpful tip
Avast v6.0.1000 causes networked files issue
Replies
1
Views
78
stduc
stduc
gavm99
  • Locked
  • Question
AVG Network Edition - Add Additional Liceneses
Replies
6
Views
43
cajuntank
cajuntank

Part and Inventory Search

Sponsor

Back
Top