|
|
| Line 1: |
Line 1: |
|
| |
|
| Virus Block Cleaning & | | == [[Virus Block]] Cleaning & Verification Procedures == |
| Verification Procedures | |
|
| |
|
| I cannot stress enough the importance of taking detailed notes... you need to be able to show your work if there is ever a question.
| |
|
| |
|
| ==Preparing== | | == [[Vundo Removal]] == |
| 1. Turn off System Restore
| |
| a. in XP, all previous restore points are removed
| |
| b. in ME, Disk Cleanup should have an option to remove old restore points
| |
| c. 2000 doesn't have System Restore
| |
| 2. Turn off File & Printer Sharing
| |
| 3. Make sure the comp name=username and workgroup=resnet
| |
| 4. Remove all temp files
| |
| a. Disk Cleanup (System Tools)
| |
| b. BlasTemp (Fix CD)
| |
| c. del_temp_all (Fix CD)
| |
| 5. In the Fix CD, open \virus\Sophos\
| |
| 6. Read instructions.txt. Really.
| |
| 7. Double-click on sav32sfx.exe - it will extract the sv32cli folder to the root of C:
| |
| 8. Restart in Safe Mode with Command Prompt.
| |
|
| |
|
| ==Scanning with Sophos==
| |
| 1. At the command prompt, type "cd .." as many times as you need to in order to get to the root of C:
| |
| 2. Then type "cd sav32cli" to get to the sav32cli directory
| |
| 3. Then type "sav32cli -remove -nc -all -p=c:\viruslog.txt" and the scan will start.
| |
| 4. IMPORTANT! When the scan has finished, make note of:
| |
| a. how many viruses were found & cleaned
| |
| b. the viruses that were found & cleaned
| |
| c. how many & which viruses were found and not cleaned, if applicable
| |
| d. You will need to send this information to the network folks in your report.
| |
| 5. Restart in Safe Mode.
| |
|
| |
|
| ==also scan with (on Fix CD):==
| | Back to the [[RSA Techs]] main page. |
| AIMFix virus cleaner
| |
| Stinger
| |
| ClamWin (install it, update it, run it, uninstall it!)
| |
| AntiVir (install it, update it, run it, uninstall it!)
| |
| | |
| | |
| | |
| | |
| | |
| ==Updating Virus Defs==
| |
| If the user has Norton AntiVirus AND the subscription has not expired, you can update the defs by running the Intelligent Updater in the Virus folder on the Fix CD.
| |
| I have not been successful in downloading a stand-alone updater for McAfee.
| |
| For other AV software, get creative and go to their websites to see if updates can be downloaded.
| |
| | |
| ==Scanning with Bart's CD==
| |
| If the computer has internet access, all the better. That way you can download updates and scan with current defs.
| |
| | |
| ==Other stuff==
| |
| After viruses have been removed and updates have been applied, if available, check their computer even further by installing and running:
| |
| 1. AdAware (& updated defs.ref)
| |
| 2. SpyBot (& update with spybot_includes.exe)
| |
| 3. MSAS (no way to update without being connected)
| |
| 4. Service Pack 2 (XP only)
| |
| | |
| In order to get back on the network, the following conditions must be met:
| |
| 1. Computer must be virus-free
| |
| 2. Computer must have current, up-to-date anti-virus software
| |
| a. no expired subscriptions
| |
| b. working properly
| |
| c. set to auto-update
| |
| 3. The "penalty box" time must be up
| |
| a. some students will complain that their computer is clean, and why can't they be let back on... they need to wait until their 2 weeks are up.
| |
| b. I haven't heard of a repeat offender yet (kicked off for the rest of the semester)
| |
| | |
| It is also a very good idea to install Service Pack 2, and as many Windows Updates as you can. If it is a laptop, use one of our special Ethernet cards to connect, and do it swiftly.
| |
| | |
| You are responsible for sending an email message to the following people:
| |
| the student, Kevin Truman (trumank@), John Steely (steely@)
| |
|
| |
| ...with the following information:
| |
| 1. what viruses were found & removed (with which program couldn't hurt either)
| |
| 2. status of the student's antivirus software
| |
| 3. any other info you deem appropriate (spyware, SP2 install, etc.)
| |
| An example of this email is in the RSA email account, in the "Templates" folder. If you use Thunderbird to read your email, you can use this as a starting point, and change the names & details to suit the situation. If you use a different email reader, you can copy & paste into a new message and make sure all the details are changed.
| |
| | |
| | |
| [http://itech.dickinson.edu/wiki/index.php/RSA_Techs] Back to the RSA Techs main page. | |
|
| |
|
| --[[User:Bachmann|Bachmann]] 14:01, 27 February 2007 (EST) | | --[[User:Bachmann|Bachmann]] 14:01, 27 February 2007 (EST) |
Virus Block Cleaning & Verification Procedures
Back to the RSA Techs main page.
--Bachmann 14:01, 27 February 2007 (EST)
