Hello,
My organization first saw an infection of W32.IRCbot.gen a week and a half ago. Last Friday we also found out that we were infected with W32.gaobot and a c.bat virus. It looks like it was brought in on a laptop that was taken home and hooked up to a personal internet connection.
We have been fighting this trojan for over a week now, and I need any assistance this board can give. We run Symantec Antivirus Corporate Edition 9.0 and keep that managed under a server to keep current updates on our PC's. We also have IBM(linux), Compaq(Windows XP Embedded) and HP(WinXPe) thin clients in our environment too. The IBM thin clients were never infected, but both our Compaq and HP thin clients are getting nailed because they don't have room for a Norton AV solution.
We have had to triple windows update every PC in an attempt to block this trojan, but even after all the updates the PC's are reinfected, they just don't broadcast out and reinfect other machines. Norton is detecting the virus but we are still only getting about a 50% delete rate even though the dang thing is set to delete..other times it just quarantines the file.
The Compaq thin clients get infected but they too don't broadcast out and infect other machines. I have installed an altiris server, and have two updates that "may" fix the problem, or at least stop the broadcasting.
Installing the virus takes between 20-40 minutes over our WAN, and within that time the trojan infects the HP thin clients. During the update changes are 'commited' and now we have an infected machine that won't clean when it's rebooted. The only solution at this point is to load the updates (all the while the same thin client is infected and then broadcasting to everything else on our network) then rebooting and then cleaning off. And that is still not a gaurantee that it is not vulnerable.
I guess my point is, I am ready to pull my hair out and could really use a good solid solution to nail these dang things down. We have had users down for over a week straight and it's not looking good for the next week
Let me know if you have run into this situation before and have a good way to take care of it.
Thanks,
Noah
My organization first saw an infection of W32.IRCbot.gen a week and a half ago. Last Friday we also found out that we were infected with W32.gaobot and a c.bat virus. It looks like it was brought in on a laptop that was taken home and hooked up to a personal internet connection.
We have been fighting this trojan for over a week now, and I need any assistance this board can give. We run Symantec Antivirus Corporate Edition 9.0 and keep that managed under a server to keep current updates on our PC's. We also have IBM(linux), Compaq(Windows XP Embedded) and HP(WinXPe) thin clients in our environment too. The IBM thin clients were never infected, but both our Compaq and HP thin clients are getting nailed because they don't have room for a Norton AV solution.
We have had to triple windows update every PC in an attempt to block this trojan, but even after all the updates the PC's are reinfected, they just don't broadcast out and reinfect other machines. Norton is detecting the virus but we are still only getting about a 50% delete rate even though the dang thing is set to delete..other times it just quarantines the file.
The Compaq thin clients get infected but they too don't broadcast out and infect other machines. I have installed an altiris server, and have two updates that "may" fix the problem, or at least stop the broadcasting.
Installing the virus takes between 20-40 minutes over our WAN, and within that time the trojan infects the HP thin clients. During the update changes are 'commited' and now we have an infected machine that won't clean when it's rebooted. The only solution at this point is to load the updates (all the while the same thin client is infected and then broadcasting to everything else on our network) then rebooting and then cleaning off. And that is still not a gaurantee that it is not vulnerable.
I guess my point is, I am ready to pull my hair out and could really use a good solid solution to nail these dang things down. We have had users down for over a week straight and it's not looking good for the next week
Let me know if you have run into this situation before and have a good way to take care of it.
Thanks,
Noah
