virus

Discussions around the setup, operation, replacement, and disposal of clerk computers, not to include using MLS
farwest
Member
Posts: 193
Joined: Tue Jun 24, 2008 2:16 pm
Location: southern utah

virus

Postby farwest » Tue Nov 23, 2010 9:04 pm

got a call from one of the ward clerks said they had a virus. went in and there is definitely a problem sophos was not on the task bar and when you would try to open it it said it could not find the path or you don't have the right to open it. said the same thing for mls and system restore. i close it down and open windows in safe mode and ran system restore. after restore ran sophos came up on the task bar and it looks like things are ok. i started a scan and left it and will check up on later as it takes a long time. is this going to work as other posts say to reformat and load everything again. what line of process should one use in these situations?

russellhltn
Community Administrator
Posts: 20767
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Tue Nov 23, 2010 9:30 pm

I have yet to see a directive, so I think it depends on one's time and paranoia level.

Obviously something got into the machine. And from what I've seen, once something gets in, it can load a bunch of "friends". You may or may not have gotten all of them. All you can say is that you've removed all that Sophos has found.

Are you comfortable with that answer? Knowing that no AV product can detect 100% of all malware out there. It can only detect known malware that has been reported.

Again, since I've seen no policy from CHQ, it comes down to your comfort/paranoia level.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

jdlessley
Community Moderators
Posts: 6526
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Tue Nov 23, 2010 11:47 pm

You may find that the time spent reloading the system and software take much less time than the time spent recovering from future problems associated with the original infection. Since the administrative computer systems do not have a lot of programs installed, the option to wipe the hard drive and start anew is probably a viable solution worthy of serious consideration.

Since you have taken a look at other threads that discuss the process of wiping the hard drive and starting again I will only mention the steps I have taken.
1. Copy all data and folders for MLS (C:\Program Files\LDS Church\MLS, and C:\mlsData-backup) and your working directories (My Documents, etc.) to a removable media.
2. Scan that removable media for infections on another system. Make sure you do not open any of the files until you have verified there are no known infections.
3. Some rootkit infections can be installed at ring one of the drive. Use a zeroing program such as Eraser (32 bit), available on the MLS download site, to really start from the beginning.
4. Use the new computer install instructions for the system you have to install the operating system and all other programs.
5. Copy the MLS data folders onto the drive before reinstalling MLS.
6. Call LUS for a security reset. This can be done before you begin the entire process. Since the security reset can only be done during the week, do this on Friday if you are going to the the wiping and reinstall over the weekend.

As a part of the overall proces you may need to investigate how the system became infected. To reduce the potential for future problems you may need to educate users on proper security measures.
JD Lessley
Have you tried finding your answer on the LDS.org Help Center page or the LDSTech wiki?

russellhltn
Community Administrator
Posts: 20767
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Wed Nov 24, 2010 12:30 am

jdlessley wrote:4. Use the new computer install instructions for the system you have to install the operating system and all other programs.


Of course you should make sure you have the correct media for that computer to reload it. ;)

jdlessley wrote:As a part of the overall process you may need to investigate how the system became infected. To reduce the potential for future problems you may need to educate users on proper security measures.


A topic worthy of a new thread. Unfortunately it could easily be due to a "browse by" while having an out of date version of Flash. Even when going to legitimate websites. And some prompts seem legitimate, such as "XP Security 2010".
Have you searched the Wiki?

Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

farwest
Member
Posts: 193
Joined: Tue Jun 24, 2008 2:16 pm
Location: southern utah

thanks

Postby farwest » Wed Nov 24, 2010 6:49 am

thanks for your input it is great to have this site for us that know just enough to get in trouble!

farwest
Member
Posts: 193
Joined: Tue Jun 24, 2008 2:16 pm
Location: southern utah

virus

Postby farwest » Wed Dec 01, 2010 7:53 pm

well the finance clerk didn't back up. I was wondering if CHQ could update it as they transmitted to CHQ the last time but didn't back up.

JamesAnderson
Senior Member
Posts: 748
Joined: Tue Jan 23, 2007 2:03 pm

Postby JamesAnderson » Sat Dec 04, 2010 5:05 pm

I've also found that Sophos sent out a large volume of updates in the last month or so, and it is possible that due to an updater failure it didn't have the update for the very virus your installation got.

The best way to be sure you are current on updates is to about ten minutes after firing up the PC, hover over the blue 'U' (looks like it's made of bricks) logo in the system tray, you should see that it either gives a date and time of the last update or says 'Update Failed'. If the update failed to happen, right-click the 'U', then when the menu pops up, click 'update now' from the menu that pops up. That will force the update and your current.


Return to “Clerk Computers”

Who is online

Users browsing this forum: No registered users and 1 guest