(Sorry for the long post, but I wanted to give all of the info I have available.)
Our problems started Sunday morning. Thus far we can find no common thread. We have discovered 11 PCs that are "infected" with something. I put "infected" in quotes because we're not sure if we're dealing with multiple virii or some other blended problem. I personally suspect Netsky, Bagle and something else. However, the symptoms do not all exactly match Netsky or Bagle -- or any other virus I can find.
Most of the Win2K and WinXP Pro boxes are simply running slow. A few have shown up with the Netsky virus. ALL of the "infected" Win95/98 boxes display a message saying the hard disk has run out of space. If we reboot, the space is returned. However, it slowly disappears to the point that the users get an out of space error again. We have more than 300 PCs on the network and are afraid that many more will end up with similar problems. The worst part is that we can't nail the problems down to any one cause.
We run Symantec AntiVirus Corporate Edition on our network. The Win2K and XP boxes are using Symantec Client Security v8.x. Some of the Win98 boxes also run v8.x. The remaining Win98 boxes and *all* of the Win95 boxes run either Norton Antivirus v7.51 or v7.60. A portion of the "infected" PCs stopped auto scanning and receiving def file updates on 02/26/04. One stopped 02/25/04. However, a few had successful scans as late as today. Our server def files are up-to-date (using LiveUpdate). Another oddity -- NAV is catching attempted virus intrusions on *some* PCs (none that show any problems). Like I said, NO common thread that we can find...
Most of the users on these PCs have access to email -- which we thought would be the root cause. However, 3 of the 11 "infected" PCs have NO Internet or email access.
Thus far, we have:
1) Run Virus Sweep from the server
2) Scanned ALL servers for infections (None found)
3) Cross-checked everything we can think of to find a common thread (IP range, OS, NAV version, TCP/UDP ports open, email access, Inet access)
Folks, I am COMPLETELY stumped and I need help. I'm new to the Sys.Admin position (always been a hardware guy), so ANY good advice would be MOST appreciated.
Our problems started Sunday morning. Thus far we can find no common thread. We have discovered 11 PCs that are "infected" with something. I put "infected" in quotes because we're not sure if we're dealing with multiple virii or some other blended problem. I personally suspect Netsky, Bagle and something else. However, the symptoms do not all exactly match Netsky or Bagle -- or any other virus I can find.
Most of the Win2K and WinXP Pro boxes are simply running slow. A few have shown up with the Netsky virus. ALL of the "infected" Win95/98 boxes display a message saying the hard disk has run out of space. If we reboot, the space is returned. However, it slowly disappears to the point that the users get an out of space error again. We have more than 300 PCs on the network and are afraid that many more will end up with similar problems. The worst part is that we can't nail the problems down to any one cause.
We run Symantec AntiVirus Corporate Edition on our network. The Win2K and XP boxes are using Symantec Client Security v8.x. Some of the Win98 boxes also run v8.x. The remaining Win98 boxes and *all* of the Win95 boxes run either Norton Antivirus v7.51 or v7.60. A portion of the "infected" PCs stopped auto scanning and receiving def file updates on 02/26/04. One stopped 02/25/04. However, a few had successful scans as late as today. Our server def files are up-to-date (using LiveUpdate). Another oddity -- NAV is catching attempted virus intrusions on *some* PCs (none that show any problems). Like I said, NO common thread that we can find...
Most of the users on these PCs have access to email -- which we thought would be the root cause. However, 3 of the 11 "infected" PCs have NO Internet or email access.
Thus far, we have:
1) Run Virus Sweep from the server
2) Scanned ALL servers for infections (None found)
3) Cross-checked everything we can think of to find a common thread (IP range, OS, NAV version, TCP/UDP ports open, email access, Inet access)
Folks, I am COMPLETELY stumped and I need help. I'm new to the Sys.Admin position (always been a hardware guy), so ANY good advice would be MOST appreciated.
