virus
-
- Member
- Posts: 201
- Joined: Tue Jun 24, 2008 3:16 pm
- Location: southern utah
virus
got a call from one of the ward clerks said they had a virus. went in and there is definitely a problem sophos was not on the task bar and when you would try to open it it said it could not find the path or you don't have the right to open it. said the same thing for mls and system restore. i close it down and open windows in safe mode and ran system restore. after restore ran sophos came up on the task bar and it looks like things are ok. i started a scan and left it and will check up on later as it takes a long time. is this going to work as other posts say to reformat and load everything again. what line of process should one use in these situations?
-
- Community Administrator
- Posts: 34418
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
I have yet to see a directive, so I think it depends on one's time and paranoia level.
Obviously something got into the machine. And from what I've seen, once something gets in, it can load a bunch of "friends". You may or may not have gotten all of them. All you can say is that you've removed all that Sophos has found.
Are you comfortable with that answer? Knowing that no AV product can detect 100% of all malware out there. It can only detect known malware that has been reported.
Again, since I've seen no policy from CHQ, it comes down to your comfort/paranoia level.
Obviously something got into the machine. And from what I've seen, once something gets in, it can load a bunch of "friends". You may or may not have gotten all of them. All you can say is that you've removed all that Sophos has found.
Are you comfortable with that answer? Knowing that no AV product can detect 100% of all malware out there. It can only detect known malware that has been reported.
Again, since I've seen no policy from CHQ, it comes down to your comfort/paranoia level.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
-
- Community Moderators
- Posts: 9858
- Joined: Mon Mar 17, 2008 12:30 am
- Location: USA, TX
You may find that the time spent reloading the system and software take much less time than the time spent recovering from future problems associated with the original infection. Since the administrative computer systems do not have a lot of programs installed, the option to wipe the hard drive and start anew is probably a viable solution worthy of serious consideration.
Since you have taken a look at other threads that discuss the process of wiping the hard drive and starting again I will only mention the steps I have taken.
1. Copy all data and folders for MLS (C:\Program Files\LDS Church\MLS, and C:\mlsData-backup) and your working directories (My Documents, etc.) to a removable media.
2. Scan that removable media for infections on another system. Make sure you do not open any of the files until you have verified there are no known infections.
3. Some rootkit infections can be installed at ring one of the drive. Use a zeroing program such as Eraser (32 bit), available on the MLS download site, to really start from the beginning.
4. Use the new computer install instructions for the system you have to install the operating system and all other programs.
5. Copy the MLS data folders onto the drive before reinstalling MLS.
6. Call LUS for a security reset. This can be done before you begin the entire process. Since the security reset can only be done during the week, do this on Friday if you are going to the the wiping and reinstall over the weekend.
As a part of the overall proces you may need to investigate how the system became infected. To reduce the potential for future problems you may need to educate users on proper security measures.
Since you have taken a look at other threads that discuss the process of wiping the hard drive and starting again I will only mention the steps I have taken.
1. Copy all data and folders for MLS (C:\Program Files\LDS Church\MLS, and C:\mlsData-backup) and your working directories (My Documents, etc.) to a removable media.
2. Scan that removable media for infections on another system. Make sure you do not open any of the files until you have verified there are no known infections.
3. Some rootkit infections can be installed at ring one of the drive. Use a zeroing program such as Eraser (32 bit), available on the MLS download site, to really start from the beginning.
4. Use the new computer install instructions for the system you have to install the operating system and all other programs.
5. Copy the MLS data folders onto the drive before reinstalling MLS.
6. Call LUS for a security reset. This can be done before you begin the entire process. Since the security reset can only be done during the week, do this on Friday if you are going to the the wiping and reinstall over the weekend.
As a part of the overall proces you may need to investigate how the system became infected. To reduce the potential for future problems you may need to educate users on proper security measures.
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
-
- Community Administrator
- Posts: 34418
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
Of course you should make sure you have the correct media for that computer to reload it.jdlessley wrote:4. Use the new computer install instructions for the system you have to install the operating system and all other programs.
A topic worthy of a new thread. Unfortunately it could easily be due to a "browse by" while having an out of date version of Flash. Even when going to legitimate websites. And some prompts seem legitimate, such as "XP Security 2010".jdlessley wrote:As a part of the overall process you may need to investigate how the system became infected. To reduce the potential for future problems you may need to educate users on proper security measures.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
-
- Senior Member
- Posts: 773
- Joined: Tue Jan 23, 2007 2:03 pm
I've also found that Sophos sent out a large volume of updates in the last month or so, and it is possible that due to an updater failure it didn't have the update for the very virus your installation got.
The best way to be sure you are current on updates is to about ten minutes after firing up the PC, hover over the blue 'U' (looks like it's made of bricks) logo in the system tray, you should see that it either gives a date and time of the last update or says 'Update Failed'. If the update failed to happen, right-click the 'U', then when the menu pops up, click 'update now' from the menu that pops up. That will force the update and your current.
The best way to be sure you are current on updates is to about ten minutes after firing up the PC, hover over the blue 'U' (looks like it's made of bricks) logo in the system tray, you should see that it either gives a date and time of the last update or says 'Update Failed'. If the update failed to happen, right-click the 'U', then when the menu pops up, click 'update now' from the menu that pops up. That will force the update and your current.