- I am working with several the most prominent being win32/afcore.nba Trojan - They seem to replicate to multiple machines at once from unknown origin
- about 60% conservativly so over a 100 - I have been back pedalling so hard I have not had time to packet capture or even analyze - Eset Nod32 v 4 Is our AV and it is catching and cleaning but it is cleaning 10 or so every min which is hitting network performance a great deal when there are hundreds of them - We have malware bytes, eset and well at this time thats about it Thank you so much again for your help it is a huge help to have more than one mind to bounce a frustrating month onto. TR On Thu, Sep 2, 2010 at 1:17 PM, Bill Swearingen <[email protected]>wrote: > Sounds like you need to take a quick step back and assess your position: > > > - What malware are you working with? (any details online?) > - What are its specific characteristics? > - How many potential machines? > - Does it phone home in any way? > - What tools/systems do you have in place that can *detect* an infected > system? > - What tools do you have that can clean an infected system? > > Then design your incident response from there. > > On Thu, Sep 2, 2010 at 10:27 AM, Tyler Robinson <[email protected] > > wrote: > > >> Hey everyone just wondering what kinds of procedures you are using to >> prevent and stop virus outbreaks on your local network after some genius end >> user investigates child porn on local network PCs. Do most of you use >> microsofts firewall with GP and just open exceptions for the applicatoins >> that need it or run another piece of software. I have a massive infection >> that i cannot track down our Eset is catching them but my network is nothing >> but trojan packets we were not running an internal firewall (previous Admin >> setup) without hardend systems, So do i start hardening systems first and >> then do a GP with Firewall or does anyone have any better suggestions first >> to get my network back and clean the infection second to setup the correct >> way so there is no next time..As always thanks so much to the PDC community >> you guys are the best. >> TR >> >> -- >> Tyler Robinson >> Owner of Computer Impressions >> >> >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> >> > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > -- Tyler Robinson Owner of Computer Impressions
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
