Virus Block

From Dickinson College Wiki
Jump to navigationJump to search

I cannot stress enough the importance of taking detailed notes... you need to be able to show your work if there is ever a question.

Preparing

1. Turn off System Restore
a. in XP, all previous restore points are removed
b. in ME, Disk Cleanup should have an option to remove old restore points
c. 2000 doesn't have System Restore
2. Turn off File & Printer Sharing
3. Make sure the comp name=username and workgroup=resnet
4. Remove all temp files
a. Disk Cleanup (System Tools)
b. BlasTemp (Fix CD)
c. del_temp_all (Fix CD)
5. Restart in Safe Mode with Command Prompt.

Scan with Sophos

1. Run sophos.bat at the root of the Fix CD and the scan will start.
2. IMPORTANT! When the scan has finished, make note of:
a. how many viruses were found & cleaned
b. the viruses that were found & cleaned
c. how many & which viruses were found and not cleaned, if applicable
d. You will need to send this information to the network folks in your report.
e. The report is automatically created & saved at c:\viruslog.txt
3. Restart in Safe Mode.

also scan with (on Fix CD):

AIMFix virus cleaner
ClamWin (install it, update it, run it, uninstall it!)
AntiVir (install it, update it, run it, uninstall it!)
any others!


Updating Virus Defs

If the user has Norton AntiVirus AND the subscription has not expired, you can update the defs by running the Intelligent Updater in the Virus folder on the Fix CD.
I have not been successful in downloading a stand-alone updater for McAfee.
For other AV software, get creative and go to their websites to see if updates can be downloaded.

Scanning with Bart's CD

If the computer has internet access, all the better. That way you can download updates and scan with current defs.

Other stuff

After viruses have been removed and updates have been applied, if available, check their computer even further by installing and running:
1. AdAware (& updated defs.ref)
2. SpyBot (& update with spybot_includes.exe)
3. Windows Defender
4. Service Pack 2 (XP only)

In order to get back on the network, the following conditions must be met:
1. Computer must be virus-free
2. Computer must have current, up-to-date anti-virus software
a. no expired subscriptions
b. working properly
c. set to auto-update
3. The "penalty box" time must be up
a. some students will complain that their computer is clean, and why can't they be let back on... they need to wait until their 2 weeks are up.
b. I haven't heard of a repeat offender yet (kicked off for the rest of the semester)

Install Service Pack 2, and as many Windows Updates as you can. If it is a laptop, use one of our special Ethernet cards to connect, and do it swiftly.

You are responsible for sending an email message to helpdesk@dickinson.edu with the following information:
1. what viruses were found & removed (with which program couldn't hurt either)
2. status of the student's antivirus software
3. any other info you deem appropriate (spyware, SP2 install, etc.)
An example of this email is in the RSA email account, in the "Templates" folder. If you use Thunderbird to read your email, you can use this as a starting point, and change the names & details to suit the situation. If you use a different email reader, you can copy & paste into a new message and make sure all the details are changed.


Back to the RSA Techs main page.

--Becka 14:48, 28 February 2007 (EST)

Retrieved from "https://wiki.dickinson.edu/index.php?title=Virus_Block&oldid=23903"