DrillO |
Good morning….
The best you can do is install anti-spyware as suggested and start your cleanup there. There are many other places to go, but that would be a start. The largest part of all of this is prevention. The standard setup for machines attaching to the network should be a good anti virus solution and a good anti spyware solution. Yes, I know that you cannot beat everything, but you must excercise caution. It is also important to manage and maintain updates. If this is a personal machine, then you should insist that these things are taken care of if they want to plug in to your network. If it is a corporate or company owned machine, then you must be sure that the machine is surrendered regularly for maintenance.
Good luck
Paul
jpagel |
My personnal suggestion would for you to go get the Microsoft AntiSpyware from <a href="http://www.microsoft.com" rel="nofollow">www.microsoft.com</a> in another 100 or so days they will have a full blown version that Microsoft is giving out for free to all their customers. I would also go download from <a href="http://www.downloads.com," rel="nofollow">www.downloads.com,</a> Ad-Aware, Spybot Search & Destroy, & SpywareBlaster. Make sure you update all of them before running. If there is an Antivirus on the machine, I would make sure it is up to date, and run a full system scan on it in safe mode with system restore turned off (alone with all your other anti-spyware scans) because Viruses and Spyware have a tendancy to keep themselves in the System Volume Information & system restore thus allowing them to come back easily due to the fact that a lot of scans do not scan there by default because system restore basically “locks” the folder. If you do not have an AntiVirus i would suggest Computer Associates EZArmor, it is their AV/Firewall Combo, it is a very “lite” program as far as not using much memory and space (compared to using Norton or McAfee), there is updates out for the AV everyday, and if there is a new version out you have full access to download and install it (for the first year), Also the firewall is very easy configurable and the whole suite is very easy to us. Make sure that your Windows Operating system is up-to-date, if the machine is XP make sure SP2 is installed. All this can be access from <a href="http://www.windowsupdate.com" rel="nofollow">www.windowsupdate.com</a> I doubt you have been hacked, make sure you check your ‘hosts’ files on your machine, but most likely the dropping off of the network is due to spyware/virus… Thank you, please post back results and further questions and information
marcjacquard |
First of all, until you know what the issue is, do not allow this machine to plug into the corporate network. You have no idea what is running and what the damage could be. Second, you need to decide if you are going to spend the time necessary to debug and fix the machine or just rebuild it and start over. Once you have fixed the machine, install A/V, anti-spyware, and a good desktop firewall. Anything not from Computer Associates is a good choice. Reviews on security products indicate they score the lowest on almost all points.
Also, AOL messenger has the potential for bringing things into the network. You should rethink the use of this product on company owned equipment.
jpagel |
As far as AV, CA is my personall suggestion I use them at work and home and have found viruses on machines that had Norton and McAfee wouldn’t find, there are Pros to them after far as Virus detection and cons, in the aspect of there Phone Tech support blows chunks because they charge, but I have emailed them before with an issue w/ their EZArmor and they replied that day with a fix that worked free of charge, also they have to quarentine folder…They have some low reviews as far as Tech Support and quarentine, but their virus detection in my eyes in wonderfull and has been reveiwed to be very good, the only other suggestion that i could see as being used would be Trend Micro, I personally would not suggest Norton & McAfee, they are wayyy over rated, Panda is an excellent product, but quite expensive…
TedRizzi |
First off, update the patches.
second install anti spyware, antivirus and a firewall.
I would recommend PestPatrol, and CA’s EZarmor.
Those steps should clean and lock down the system.
You may need to do a repair install in IE, or even remove it and re-install it. there is no telling what damage has been already done.
bobkberg |
Good replies all - although the suggestion above about “anything not from CA” is a little wide-open… 
To take another tack though, go to foundstone.com (or whoever owns them this week), and look for their free tools.
Get one called Vision - this is a GUI app that will not only show you the open ports like netstat does, it will show you what program opened them. This is often helpful in doing forensics. As long as you’re there, download the entire toolkit - lots of usefull things there.
Bob
Security, Product evaluation, Desktop antivirus, Outsourcing/Managed services, Redundancy, Application security, Exchange, Instant Messaging, Encryption, Database, secure coding, Management, Administration, Architecture/Design, Documentation, Features/Functionality, Installation, Outsourcing, Identity & Access Management, Digital certificates, Single Signon, provisioning, Security tokens, Biometrics, Network security, Firewalls, VPN, Intrusion management, Incident response, Forensics, Wireless, Service and support, IDS/IPS management, Host-based IDS/IPS, IDS vs IPS, Network-based IDS/IPS, Vendors, Cisco, Computer Associates, Cylant, Enterasys Networks, Internet Security Systems, Juniper, Network Associates, NFR Security, Sana Security, Snort/Sourcefire, StillSecure, Symantec, Tripwire, VSecure, Managed security services, Service contracts, Service evaluation, Security Program Management, Compliance, Risk management, CRM, Policies, Disaster Recovery, Product/Service evaluation, Platform Security, vulnerability management, patching, configuration, PEN testing, Bigfix, Citadel, Configuresoft, Ecora, GFI, Hewlett-Packard, Microsoft Windows, Network Elements, Patchlink, Shavlink Technologies, St. Bernard Software, Vulnerability Assessment & Audit, DataCenter, Desktop management applications
I'm an IT administrator with a little over 500 end users, running Windows 2000 and XP. One of our users is experiencing a problem with her Internet connection suddenly dropping for no apparent reason. When she restarts her computer, everything works fine for awhile, but then the connection drops again. The funny thing is, she's noticed that her AOL Instant Messenger service still works even when she can't access her e-mail. We've already run Netstat and noticed that more unknown open connections are being used to certain ports. This particular user has a laptop and works from home frequently, so we're not sure all updates have been installed. 
0
