virus

Discussions around the setup, operation, replacement, and disposal of clerk computers, not to include using MLS
Post Reply
farwest
Member
Posts: 201
Joined: Tue Jun 24, 2008 3:16 pm
Location: southern utah

virus

#1

Post by farwest »

got a call from one of the ward clerks said they had a virus. went in and there is definitely a problem sophos was not on the task bar and when you would try to open it it said it could not find the path or you don't have the right to open it. said the same thing for mls and system restore. i close it down and open windows in safe mode and ran system restore. after restore ran sophos came up on the task bar and it looks like things are ok. i started a scan and left it and will check up on later as it takes a long time. is this going to work as other posts say to reformat and load everything again. what line of process should one use in these situations?
russellhltn
Community Administrator
Posts: 34418
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#2

Post by russellhltn »

I have yet to see a directive, so I think it depends on one's time and paranoia level.

Obviously something got into the machine. And from what I've seen, once something gets in, it can load a bunch of "friends". You may or may not have gotten all of them. All you can say is that you've removed all that Sophos has found.

Are you comfortable with that answer? Knowing that no AV product can detect 100% of all malware out there. It can only detect known malware that has been reported.

Again, since I've seen no policy from CHQ, it comes down to your comfort/paranoia level.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
jdlessley
Community Moderators
Posts: 9858
Joined: Mon Mar 17, 2008 12:30 am
Location: USA, TX

#3

Post by jdlessley »

You may find that the time spent reloading the system and software take much less time than the time spent recovering from future problems associated with the original infection. Since the administrative computer systems do not have a lot of programs installed, the option to wipe the hard drive and start anew is probably a viable solution worthy of serious consideration.

Since you have taken a look at other threads that discuss the process of wiping the hard drive and starting again I will only mention the steps I have taken.
1. Copy all data and folders for MLS (C:\Program Files\LDS Church\MLS, and C:\mlsData-backup) and your working directories (My Documents, etc.) to a removable media.
2. Scan that removable media for infections on another system. Make sure you do not open any of the files until you have verified there are no known infections.
3. Some rootkit infections can be installed at ring one of the drive. Use a zeroing program such as Eraser (32 bit), available on the MLS download site, to really start from the beginning.
4. Use the new computer install instructions for the system you have to install the operating system and all other programs.
5. Copy the MLS data folders onto the drive before reinstalling MLS.
6. Call LUS for a security reset. This can be done before you begin the entire process. Since the security reset can only be done during the week, do this on Friday if you are going to the the wiping and reinstall over the weekend.

As a part of the overall proces you may need to investigate how the system became infected. To reduce the potential for future problems you may need to educate users on proper security measures.
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
russellhltn
Community Administrator
Posts: 34418
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#4

Post by russellhltn »

jdlessley wrote:4. Use the new computer install instructions for the system you have to install the operating system and all other programs.
Of course you should make sure you have the correct media for that computer to reload it. ;)
jdlessley wrote:As a part of the overall process you may need to investigate how the system became infected. To reduce the potential for future problems you may need to educate users on proper security measures.
A topic worthy of a new thread. Unfortunately it could easily be due to a "browse by" while having an out of date version of Flash. Even when going to legitimate websites. And some prompts seem legitimate, such as "XP Security 2010".
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
farwest
Member
Posts: 201
Joined: Tue Jun 24, 2008 3:16 pm
Location: southern utah

thanks

#5

Post by farwest »

thanks for your input it is great to have this site for us that know just enough to get in trouble!
farwest
Member
Posts: 201
Joined: Tue Jun 24, 2008 3:16 pm
Location: southern utah

virus

#6

Post by farwest »

well the finance clerk didn't back up. I was wondering if CHQ could update it as they transmitted to CHQ the last time but didn't back up.
JamesAnderson
Senior Member
Posts: 773
Joined: Tue Jan 23, 2007 2:03 pm

#7

Post by JamesAnderson »

I've also found that Sophos sent out a large volume of updates in the last month or so, and it is possible that due to an updater failure it didn't have the update for the very virus your installation got.

The best way to be sure you are current on updates is to about ten minutes after firing up the PC, hover over the blue 'U' (looks like it's made of bricks) logo in the system tray, you should see that it either gives a date and time of the last update or says 'Update Failed'. If the update failed to happen, right-click the 'U', then when the menu pops up, click 'update now' from the menu that pops up. That will force the update and your current.
Post Reply

Return to “Clerk Computers”