Hi all, i have users that keep getting infected with a worm Symantec calls
"W32.Spybot.KHO". The thing keeps coming back unless you disable file and print
sharing.
The thing I don't understand is that all my clients(winxp) virus defs are up to
date and they are all patched. I use SUS and push out patches on a regular
basis. I even ran MS baseline security analyzer on the infected boxes and they
come up good for up to datedness.
I don't really understand how an up to date patched pc can become infected over
and over.
according to Symantec, the holes that this thing exploits, i've had covered
awhile ago.
is it possible to be patched and up to date and STILL get infected?
is there anyway out of this quagmire?
thanks
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
