Netsky files on main server

  ventanas 15:35 10 Mar 2004

I was clearing up some folders on the server that where created by someone who has recently left us. Got a surprise when I discovered in two of them 18 Netsky infected files. Norton found and deleted them immediately, but I have no idea what damage this idiot might have done.

Does anyone have any advice as to what I should be looking for. Probably got through right at the beginning of this thing before the Norton update was available.

Grateful for any help.

  Stuartli 15:53 10 Mar 2004
  johnnyrocker 15:57 10 Mar 2004

not familiar with servers etc but if it uses an os like ME or XP disable system restore update norton and microsoft and scan again hope this helps.


  ventanas 16:05 10 Mar 2004

Getting serious. Scanned his entire section and found 1224 infected files. Now deleted. Going to scan the whole drive overnight. It will take hours.

Am I right in thinking that the only effect of this THING is to mass mail itself, and it does not delete or amend any files etc?

  Sir Radfordin 17:26 10 Mar 2004

What kind of server we running here?

May be an idea to kick off all the clients then scan the server, scan each client and only when you are sure they are all clean to then connect them back up again. Failing to do this could mean the virus is hiding elsewhere in the system waiting for you to turn you back again!

  sattman 21:16 10 Mar 2004

In addition to the link from Stuartli

[email protected]" title="[email protected]" TARGET="_new">click here

  sattman 21:17 10 Mar 2004

Oops - not sure how I got double knock ?

  ventanas 08:16 11 Mar 2004

Sorry for the delay. Win2k. I scanned all network drives overnight, and it's still going. I have already forbad anyone from switching on.
It's going to be a long day.

Thanks for the input, and sorry for the delay in replying.

Thanks to all others as well. So far 1404 infected files. God knows how it happened, but I suspect someone has been using an infected floppy.

  ventanas 08:43 11 Mar 2004

Scan finished at 1404, BUT 2 machines are mass mailing every other machine with W32.Beagle. It goes on. This is beginning to look like sabotage.

I'm going home.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

WPA2 hack: How secure is your Wi-Fi?

Add Depth Of Field to a photo using Tilt Shift Blur in Photoshop

iPhone tips & tricks

Les meilleures tablettes 2017