Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Tool to scan network for W32.Blaster.Worm infections?

Status
Not open for further replies.
krawz187

krawz187

MIS
Mar 19, 2002
27
US
Does anyone out there know of a way to scan your network to see which computers on your LAN are infected with the W32.Blaster.Worm or W32.Welchia.Worm? If I have to go to every PC in my office to do this...I'm going to go nuts!!! I've thought of a packet sniffer, but I'm not sure which traffic to look for. Any advice would be terrific!!!

Thanks!

krawz
 
Sort by date Sort by votes
Just to add, I do have a managed Norton Corporate Edition running on the LAN but I'm not sure I trust it to tell me accurately which computers are infected or not. What'd I'd really like to do, is force everyone's computer to run the removal tools. Perhaps a login script could do this? Opinions welcome.
 
Upvote 0 Downvote
Norton Corporate install properly can let you kick off scans from the server to remote computers on your network.

Microsoft also has a toll on their site that will scan you network and let you know which computers do not have the blaster patch.

James
MCP, MCSE
 
Upvote 0 Downvote
Thanks for the tips. I do have Norton Corporate set to do daily scans at lunch time. It has reportedly found a few infected systems, but it "quarantined" the files instead of cleaning them. I can't tell by that terminology if the system is now safe or not. I have also run the network scanner to detect which systems need the MS patch...my question now is, how do I patch allll the computers in my office without going to each one? I have perhaps 100 PC's to manage, all of which are 2000 professional, connected to an AD enabled 2k server. What would be the best way to force each PC to run the welchia and blaster removal tools? Group policy? Login script? I have limited experience with each, so any source with helpful info on how to do it would be great!

Thanks again
krawz
 
Upvote 0 Downvote
My experince with GPO's is also limited. You can download the patch and assign it to the computer portion of a GPO. Then re-run the MS patch detector app to verify the patch was applied. Search MS KB or Windows Help for info on configuring and applying GPOS.

Typically NAV will Quarantine infected files that can not be repaired. Usually when this happens, these files are not system or data files. Go ahead and delete the files in Quarantine to completly remove the virus from your network.

James
MCP, MCSE
 
Upvote 0 Downvote
Try this :
run via login script, and close any port i/o virus communication trought firewall/routers to reduce bandwith from outside intruders.

Update your service pack and patch.
Read them on "a damm hole" security from microsoft

My network (RPC services) already down because of that virus (and now more variant comes up!)
 
Upvote 0 Downvote
Just an afterthought. I've had 150 pc's to admin. Installed tight vnc on each, so when a user calls with a problem, I just vnc into the machine and fix it with the user there and me at my desk. (Doesn't help you now with the blaster, but it made my life easier.)

Glen A. Johnson
Johnson Computer Consulting
MCP W2K
glen@johnsoncomputers.us

Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884
"Watson, the game is afoot!" [pipe]
 
Upvote 0 Downvote
I've decided to go with Software Update Services for the moment. If it proves too difficult to work with, I may go another route. Thanks again for the suggestions.
 
Upvote 0 Downvote
I did the same thing, Just got SUS running and it seems to be working ok. You cant count on norton, we also had the corporate version running but we didnt have a version of virus definitions until after the worm hit that could actually catch it. Now even though norton is catching the virus, it cant clean it or quarantine it most of the time, so we are still having to do a manual clean on infected machines.

I decided to go with the SUS for future protection more than for the current mess.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
204
DTGMI
DTGMI
Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
235
gbaughma
gbaughma
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
210
mangentle
mangentle
mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
406
gbaughma
gbaughma
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
234
microsGuy16
microsGuy16

Part and Inventory Search

Sponsor

Back
Top