Antivirus 2008

Alan C · Sep 6, 2008

One XPPro workstn was infected by the antivirus 2008 trojan, which I have
managed to clean.
One problem remains: I cannot browse any server (2003) shares via network
places or explorer, although all mapped drives are accessible.
When I try to browse to the server, - '\\our_srv\' only one share is shown -
'userdata' - and this appears as an empty folder.

I know that the trojan affects the local policies, which I've reset, but
cannot find anything that would cause the above.

Any help, suggestions, guidance would be gratefully received.

P.S. I'm not sure if this is the correct ng. Hope it is.

dan · Sep 6, 2008

Re: Antivirus 2008

I've had two clients get infected with this and though I tried mightily I
never did get them clean. I had to wipe and reload both workstations.

"Alan C" <nospam@noisp.com> wrote in message
news:uq4O1rAEJHA.1460@TK2MSFTNGP03.phx.gbl...
> One XPPro workstn was infected by the antivirus 2008 trojan, which I have
> managed to clean.
> One problem remains: I cannot browse any server (2003) shares via network
> places or explorer, although all mapped drives are accessible.
> When I try to browse to the server, - '\\our_srv\' only one share is
> shown - 'userdata' - and this appears as an empty folder.
>
> I know that the trojan affects the local policies, which I've reset, but
> cannot find anything that would cause the above.
>
> Any help, suggestions, guidance would be gratefully received.
>
> P.S. I'm not sure if this is the correct ng. Hope it is.

Alan C · Sep 6, 2008

Re: Antivirus 2008

Please read the original post!!!!!!

I HAVE REMOVED the trojan/virus, and am hoping that someone clever may know
why network browsing stopped working and how to restore it.

"dan" <dan(remove)@westerveltconsulting.com> wrote in message
news:ul%23%23b4BEJHA.4720@TK2MSFTNGP02.phx.gbl...
> I've had two clients get infected with this and though I tried mightily I
> never did get them clean. I had to wipe and reload both workstations.
>
>
> "Alan C" <nospam@noisp.com> wrote in message
> news:uq4O1rAEJHA.1460@TK2MSFTNGP03.phx.gbl...
>> One XPPro workstn was infected by the antivirus 2008 trojan, which I have
>> managed to clean.
>> One problem remains: I cannot browse any server (2003) shares via network
>> places or explorer, although all mapped drives are accessible.
>> When I try to browse to the server, - '\\our_srv\' only one share is
>> shown - 'userdata' - and this appears as an empty folder.
>>
>> I know that the trojan affects the local policies, which I've reset, but
>> cannot find anything that would cause the above.
>>
>> Any help, suggestions, guidance would be gratefully received.
>>
>> P.S. I'm not sure if this is the correct ng. Hope it is.
>
>

Peter Foldes · Sep 6, 2008

Re: Antivirus 2008

And he answered you correctly.

******** I had to wipe and reload both workstations*************

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"Alan C" <nospam@noisp.com> wrote in message news:OiQyAnEEJHA.3940@TK2MSFTNGP04.phx.gbl...
> Please read the original post!!!!!!
>
> I HAVE REMOVED the trojan/virus, and am hoping that someone clever may know
> why network browsing stopped working and how to restore it.
>
>
> "dan" <dan(remove)@westerveltconsulting.com> wrote in message
> news:ul%23%23b4BEJHA.4720@TK2MSFTNGP02.phx.gbl...
>> I've had two clients get infected with this and though I tried mightily I
>> never did get them clean. I had to wipe and reload both workstations.
>>
>>
>> "Alan C" <nospam@noisp.com> wrote in message
>> news:uq4O1rAEJHA.1460@TK2MSFTNGP03.phx.gbl...
>>> One XPPro workstn was infected by the antivirus 2008 trojan, which I have
>>> managed to clean.
>>> One problem remains: I cannot browse any server (2003) shares via network
>>> places or explorer, although all mapped drives are accessible.
>>> When I try to browse to the server, - '\\our_srv\' only one share is
>>> shown - 'userdata' - and this appears as an empty folder.
>>>
>>> I know that the trojan affects the local policies, which I've reset, but
>>> cannot find anything that would cause the above.
>>>
>>> Any help, suggestions, guidance would be gratefully received.
>>>
>>> P.S. I'm not sure if this is the correct ng. Hope it is.
>>
>>
>

Alan C · Sep 7, 2008

Re: Antivirus 2008

For information and enlightenment:

I fixed the problem, it turned out to be a winsock corruption.

reinstalling tcp was the answer.

"Alan C" <nospam@noisp.com> wrote in message
news:uq4O1rAEJHA.1460@TK2MSFTNGP03.phx.gbl...
> One XPPro workstn was infected by the antivirus 2008 trojan, which I have
> managed to clean.
> One problem remains: I cannot browse any server (2003) shares via network
> places or explorer, although all mapped drives are accessible.
> When I try to browse to the server, - '\\our_srv\' only one share is
> shown - 'userdata' - and this appears as an empty folder.
>
> I know that the trojan affects the local policies, which I've reset, but
> cannot find anything that would cause the above.
>
> Any help, suggestions, guidance would be gratefully received.
>
> P.S. I'm not sure if this is the correct ng. Hope it is.

Hank Arnold (MVP) · Sep 7, 2008

Re: Antivirus 2008

Obviously, you haven't. Removing a virus/malware program isn't
"successful" just because a removal program says it was and you don't
get any error messages. You still have consequences of the infection and
that means you were *NOT* successful.

What "dan" said is that he wasn't able to restore the systems to full
functionality until he did a clean install. For many of us, that is all
too often the only way to be sure.

--

Regards,
Hank Arnold
Microsoft MVP
Windows Server - Directory Services

Alan C wrote:
> Please read the original post!!!!!!
>
> I HAVE REMOVED the trojan/virus, and am hoping that someone clever may know
> why network browsing stopped working and how to restore it.
>
>
> "dan" <dan(remove)@westerveltconsulting.com> wrote in message
> news:ul%23%23b4BEJHA.4720@TK2MSFTNGP02.phx.gbl...
>> I've had two clients get infected with this and though I tried
>> mightily I never did get them clean. I had to wipe and reload both
>> workstations.
>>
>>
>> "Alan C" <nospam@noisp.com> wrote in message
>> news:uq4O1rAEJHA.1460@TK2MSFTNGP03.phx.gbl...
>>> One XPPro workstn was infected by the antivirus 2008 trojan, which I
>>> have managed to clean.
>>> One problem remains: I cannot browse any server (2003) shares via
>>> network places or explorer, although all mapped drives are accessible.
>>> When I try to browse to the server, - '\\our_srv\' only one share is
>>> shown - 'userdata' - and this appears as an empty folder.
>>>
>>> I know that the trojan affects the local policies, which I've reset,
>>> but cannot find anything that would cause the above.
>>>
>>> Any help, suggestions, guidance would be gratefully received.
>>>
>>> P.S. I'm not sure if this is the correct ng. Hope it is.
>>
>>
>

Kerry Brown · Sep 7, 2008

Re: Antivirus 2008

You still don't seem to understand what everyone has been trying to tell
you. Once a system has been infected there is no way of knowing if it has
been cleaned/repaired except doing a full format and rebuild. You have been
able to fix the symptoms that you noticed. There may still be other left
over problems or the computer may still be infected.

--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/
http://vistahelpca.blogspot.com/

"Alan C" <nospam@noisp.com> wrote in message
news:%23Zn6XNNEJHA.1456@TK2MSFTNGP03.phx.gbl...
> For information and enlightenment:
>
> I fixed the problem, it turned out to be a winsock corruption.
>
> reinstalling tcp was the answer.
>
> "Alan C" <nospam@noisp.com> wrote in message
> news:uq4O1rAEJHA.1460@TK2MSFTNGP03.phx.gbl...
>> One XPPro workstn was infected by the antivirus 2008 trojan, which I have
>> managed to clean.
>> One problem remains: I cannot browse any server (2003) shares via network
>> places or explorer, although all mapped drives are accessible.
>> When I try to browse to the server, - '\\our_srv\' only one share is
>> shown - 'userdata' - and this appears as an empty folder.
>>
>> I know that the trojan affects the local policies, which I've reset, but
>> cannot find anything that would cause the above.
>>
>> Any help, suggestions, guidance would be gratefully received.
>>
>> P.S. I'm not sure if this is the correct ng. Hope it is.
>

Alan C · Sep 7, 2008

Re: Antivirus 2008

You don't seem to understand that I know what I am doing, having started in
IT in the mid 1970's. Admittedly there is still a learning curve as OS's,
etc, evolve, hence my questions to these ng's.

And I don't appreciate the patronizing attitude of some posters.

The pc in question is now clean.
"Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
news:uaW$6fPEJHA.3288@TK2MSFTNGP03.phx.gbl...
> You still don't seem to understand what everyone has been trying to tell
> you. Once a system has been infected there is no way of knowing if it has
> been cleaned/repaired except doing a full format and rebuild. You have
> been able to fix the symptoms that you noticed. There may still be other
> left over problems or the computer may still be infected.
>
> --
> Kerry Brown
> MS-MVP - Windows Desktop Experience: Systems Administration
> http://www.vistahelp.ca/phpBB2/
> http://vistahelpca.blogspot.com/
>
>
> "Alan C" <nospam@noisp.com> wrote in message
> news:%23Zn6XNNEJHA.1456@TK2MSFTNGP03.phx.gbl...
>> For information and enlightenment:
>>
>> I fixed the problem, it turned out to be a winsock corruption.
>>
>> reinstalling tcp was the answer.
>>
>> "Alan C" <nospam@noisp.com> wrote in message
>> news:uq4O1rAEJHA.1460@TK2MSFTNGP03.phx.gbl...
>>> One XPPro workstn was infected by the antivirus 2008 trojan, which I
>>> have managed to clean.
>>> One problem remains: I cannot browse any server (2003) shares via
>>> network places or explorer, although all mapped drives are accessible.
>>> When I try to browse to the server, - '\\our_srv\' only one share is
>>> shown - 'userdata' - and this appears as an empty folder.
>>>
>>> I know that the trojan affects the local policies, which I've reset, but
>>> cannot find anything that would cause the above.
>>>
>>> Any help, suggestions, guidance would be gratefully received.
>>>
>>> P.S. I'm not sure if this is the correct ng. Hope it is.
>>
>

Kerry Brown · Sep 7, 2008

Re: Antivirus 2008

I'm sorry if you think I was patronizing. I also started in IT in the 70's,
although I don't know what this has to do with the conversation. At the very
least my experience has taught me that there are many different points of
view regarding computer security and that my view may differ from others. I
have learned that I need to be open to other points of view. There is no one
right answer when it comes to computer security. These newsgroups are read
by many thousands of people who may not have your experience and knowledge.
Many people will find these posts through a search engine. They need to know
that even though an anti-malware program may seem to remove some malware the
possibility exists that the computer is not "clean".

Once a computer is owned by someone else (infected) the only way to be 100%
certain the infection is gone is to flatten and rebuild the system from
known good media. This could mean starting from scratch or restoring from a
known good backup. A good part of my business is dealing with malware
infections. I have learned that an infected system can be repaired but not
definitively cleaned by any other other method. It is up to you to decide
how much of a risk this is. As you posted this in a server newsgroup I
assume the computer in question is part of a network. If this is the case
then by cleaning an infected computer you are taking a chance that the
computer may not be fully cleaned and may compromise the network. Balancing
the time and resources used between mitigating that risk and fixing the
infected computer is a decision only you can make. For me, if the computer
is part of a network that a business relies on, the best way to fix a
malware infection is to flatten the computer and restore a clean image.
There shouldn't be any important data on the computer so this is a quick and
easy fix. If the computer is not part of a network, or good network policies
have not been implemented, then other solutions may work better. I am
sometimes called in to fix things when something goes wrong due to good
network policies not being implemented. Like you, I sometimes resort to
cleaning an infected system as the customer does not want to pay for the
proper fix, which is not quick and easy because there is no image available
and company data is not stored on a server. This doesn't mean this is the
best solution or that I don't inform the customer of the potential risks of
this solution. The important thing to understand is that is is a compromise
and not the best solution.

--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/
http://vistahelpca.blogspot.com/

"Alan C" <nospam@noisp.com> wrote in message
news:ua9zUAQEJHA.3604@TK2MSFTNGP06.phx.gbl...
> You don't seem to understand that I know what I am doing, having started
> in IT in the mid 1970's. Admittedly there is still a learning curve as
> OS's, etc, evolve, hence my questions to these ng's.
>
> And I don't appreciate the patronizing attitude of some posters.
>
> The pc in question is now clean.
> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
> news:uaW$6fPEJHA.3288@TK2MSFTNGP03.phx.gbl...
>> You still don't seem to understand what everyone has been trying to tell
>> you. Once a system has been infected there is no way of knowing if it has
>> been cleaned/repaired except doing a full format and rebuild. You have
>> been able to fix the symptoms that you noticed. There may still be other
>> left over problems or the computer may still be infected.
>>
>> --
>> Kerry Brown
>> MS-MVP - Windows Desktop Experience: Systems Administration
>> http://www.vistahelp.ca/phpBB2/
>> http://vistahelpca.blogspot.com/
>>
>>
>> "Alan C" <nospam@noisp.com> wrote in message
>> news:%23Zn6XNNEJHA.1456@TK2MSFTNGP03.phx.gbl...
>>> For information and enlightenment:
>>>
>>> I fixed the problem, it turned out to be a winsock corruption.
>>>
>>> reinstalling tcp was the answer.
>>>
>>> "Alan C" <nospam@noisp.com> wrote in message
>>> news:uq4O1rAEJHA.1460@TK2MSFTNGP03.phx.gbl...
>>>> One XPPro workstn was infected by the antivirus 2008 trojan, which I
>>>> have managed to clean.
>>>> One problem remains: I cannot browse any server (2003) shares via
>>>> network places or explorer, although all mapped drives are accessible.
>>>> When I try to browse to the server, - '\\our_srv\' only one share is
>>>> shown - 'userdata' - and this appears as an empty folder.
>>>>
>>>> I know that the trojan affects the local policies, which I've reset,
>>>> but cannot find anything that would cause the above.
>>>>
>>>> Any help, suggestions, guidance would be gratefully received.
>>>>
>>>> P.S. I'm not sure if this is the correct ng. Hope it is.
>>>
>>
>

Alan C · Sep 7, 2008

Re: Antivirus 2008

Although the pc in question is a on a small network(assumption correct), it
is used by the financial controller. It therefore has software/data (e.g.
payroll) and some proprietary programs that are not on the server. The data
is safe, but flattening the pc would mean not just reinstalling the OS and
programs but booking the 3rd party guys to come and reconfigure their
software. Last time (hdd failure) this cost more than the pc was worth and
took over a week.

OK, special case. We all know how frequent they are. That is why I've spent
the last two days sweating blood to ensure the malware is removed fully, and
didn't just wipe it.

For the record, I mentioned the '70's start to illustrate my cynicism at the
obviously banal replies that are inevitable. Also wordy, 'stating the
obvious' posts can appear to be extremely patronizing, even when not
intended.

I use these ng's for clues and ideas, not necessarily for cures. Rant over.
"Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
news:O51R2gQEJHA.1272@TK2MSFTNGP02.phx.gbl...
> I'm sorry if you think I was patronizing. I also started in IT in the
> 70's, although I don't know what this has to do with the conversation. At
> the very least my experience has taught me that there are many different
> points of view regarding computer security and that my view may differ
> from others. I have learned that I need to be open to other points of
> view. There is no one right answer when it comes to computer security.
> These newsgroups are read by many thousands of people who may not have
> your experience and knowledge. Many people will find these posts through a
> search engine. They need to know that even though an anti-malware program
> may seem to remove some malware the possibility exists that the computer
> is not "clean".
>
> Once a computer is owned by someone else (infected) the only way to be
> 100% certain the infection is gone is to flatten and rebuild the system
> from known good media. This could mean starting from scratch or restoring
> from a known good backup. A good part of my business is dealing with
> malware infections. I have learned that an infected system can be repaired
> but not definitively cleaned by any other other method. It is up to you to
> decide how much of a risk this is. As you posted this in a server
> newsgroup I assume the computer in question is part of a network. If this
> is the case then by cleaning an infected computer you are taking a chance
> that the computer may not be fully cleaned and may compromise the network.
> Balancing the time and resources used between mitigating that risk and
> fixing the infected computer is a decision only you can make. For me, if
> the computer is part of a network that a business relies on, the best way
> to fix a malware infection is to flatten the computer and restore a clean
> image. There shouldn't be any important data on the computer so this is a
> quick and easy fix. If the computer is not part of a network, or good
> network policies have not been implemented, then other solutions may work
> better. I am sometimes called in to fix things when something goes wrong
> due to good network policies not being implemented. Like you, I sometimes
> resort to cleaning an infected system as the customer does not want to pay
> for the proper fix, which is not quick and easy because there is no image
> available and company data is not stored on a server. This doesn't mean
> this is the best solution or that I don't inform the customer of the
> potential risks of this solution. The important thing to understand is
> that is is a compromise and not the best solution.
>
> --
> Kerry Brown
> MS-MVP - Windows Desktop Experience: Systems Administration
> http://www.vistahelp.ca/phpBB2/
> http://vistahelpca.blogspot.com/
>
>
> "Alan C" <nospam@noisp.com> wrote in message
> news:ua9zUAQEJHA.3604@TK2MSFTNGP06.phx.gbl...
>> You don't seem to understand that I know what I am doing, having started
>> in IT in the mid 1970's. Admittedly there is still a learning curve as
>> OS's, etc, evolve, hence my questions to these ng's.
>>
>> And I don't appreciate the patronizing attitude of some posters.
>>
>> The pc in question is now clean.
>> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
>> news:uaW$6fPEJHA.3288@TK2MSFTNGP03.phx.gbl...
>>> You still don't seem to understand what everyone has been trying to tell
>>> you. Once a system has been infected there is no way of knowing if it
>>> has been cleaned/repaired except doing a full format and rebuild. You
>>> have been able to fix the symptoms that you noticed. There may still be
>>> other left over problems or the computer may still be infected.
>>>
>>> --
>>> Kerry Brown
>>> MS-MVP - Windows Desktop Experience: Systems Administration
>>> http://www.vistahelp.ca/phpBB2/
>>> http://vistahelpca.blogspot.com/
>>>
>>>
>>> "Alan C" <nospam@noisp.com> wrote in message
>>> news:%23Zn6XNNEJHA.1456@TK2MSFTNGP03.phx.gbl...
>>>> For information and enlightenment:
>>>>
>>>> I fixed the problem, it turned out to be a winsock corruption.
>>>>
>>>> reinstalling tcp was the answer.
>>>>
>>>> "Alan C" <nospam@noisp.com> wrote in message
>>>> news:uq4O1rAEJHA.1460@TK2MSFTNGP03.phx.gbl...
>>>>> One XPPro workstn was infected by the antivirus 2008 trojan, which I
>>>>> have managed to clean.
>>>>> One problem remains: I cannot browse any server (2003) shares via
>>>>> network places or explorer, although all mapped drives are accessible.
>>>>> When I try to browse to the server, - '\\our_srv\' only one share is
>>>>> shown - 'userdata' - and this appears as an empty folder.
>>>>>
>>>>> I know that the trojan affects the local policies, which I've reset,
>>>>> but cannot find anything that would cause the above.
>>>>>
>>>>> Any help, suggestions, guidance would be gratefully received.
>>>>>
>>>>> P.S. I'm not sure if this is the correct ng. Hope it is.
>>>>
>>>
>>
>

NeilH · Sep 8, 2008

Re: Antivirus 2008

Sounds to me like a good backup is required!!

"Alan C" <nospam@noisp.com> wrote in message
news:%23GXZffREJHA.4040@TK2MSFTNGP02.phx.gbl...
> Although the pc in question is a on a small network(assumption correct),
it
> is used by the financial controller. It therefore has software/data (e.g.
> payroll) and some proprietary programs that are not on the server. The
data
> is safe, but flattening the pc would mean not just reinstalling the OS and
> programs but booking the 3rd party guys to come and reconfigure their
> software. Last time (hdd failure) this cost more than the pc was worth and
> took over a week.
>
> OK, special case. We all know how frequent they are. That is why I've
spent
> the last two days sweating blood to ensure the malware is removed fully,
and
> didn't just wipe it.
>
> For the record, I mentioned the '70's start to illustrate my cynicism at
the
> obviously banal replies that are inevitable. Also wordy, 'stating the
> obvious' posts can appear to be extremely patronizing, even when not
> intended.
>
> I use these ng's for clues and ideas, not necessarily for cures. Rant
over.
> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
> news:O51R2gQEJHA.1272@TK2MSFTNGP02.phx.gbl...
> > I'm sorry if you think I was patronizing. I also started in IT in the
> > 70's, although I don't know what this has to do with the conversation.
At
> > the very least my experience has taught me that there are many different
> > points of view regarding computer security and that my view may differ
> > from others. I have learned that I need to be open to other points of
> > view. There is no one right answer when it comes to computer security.
> > These newsgroups are read by many thousands of people who may not have
> > your experience and knowledge. Many people will find these posts through
a
> > search engine. They need to know that even though an anti-malware
program
> > may seem to remove some malware the possibility exists that the computer

> > is not "clean".
> >
> > Once a computer is owned by someone else (infected) the only way to be
> > 100% certain the infection is gone is to flatten and rebuild the system
> > from known good media. This could mean starting from scratch or
restoring
> > from a known good backup. A good part of my business is dealing with
> > malware infections. I have learned that an infected system can be
repaired
> > but not definitively cleaned by any other other method. It is up to you
to
> > decide how much of a risk this is. As you posted this in a server
> > newsgroup I assume the computer in question is part of a network. If
this
> > is the case then by cleaning an infected computer you are taking a
chance
> > that the computer may not be fully cleaned and may compromise the
network.
> > Balancing the time and resources used between mitigating that risk and
> > fixing the infected computer is a decision only you can make. For me, if
> > the computer is part of a network that a business relies on, the best
way
> > to fix a malware infection is to flatten the computer and restore a
clean
> > image. There shouldn't be any important data on the computer so this is
a
> > quick and easy fix. If the computer is not part of a network, or good
> > network policies have not been implemented, then other solutions may
work
> > better. I am sometimes called in to fix things when something goes wrong
> > due to good network policies not being implemented. Like you, I
sometimes
> > resort to cleaning an infected system as the customer does not want to
pay
> > for the proper fix, which is not quick and easy because there is no
image
> > available and company data is not stored on a server. This doesn't mean
> > this is the best solution or that I don't inform the customer of the
> > potential risks of this solution. The important thing to understand is
> > that is is a compromise and not the best solution.
> >
> > --
> > Kerry Brown
> > MS-MVP - Windows Desktop Experience: Systems Administration
> > http://www.vistahelp.ca/phpBB2/
> > http://vistahelpca.blogspot.com/
> >
> >
> > "Alan C" <nospam@noisp.com> wrote in message
> > news:ua9zUAQEJHA.3604@TK2MSFTNGP06.phx.gbl...
> >> You don't seem to understand that I know what I am doing, having
started
> >> in IT in the mid 1970's. Admittedly there is still a learning curve as
> >> OS's, etc, evolve, hence my questions to these ng's.
> >>
> >> And I don't appreciate the patronizing attitude of some posters.
> >>
> >> The pc in question is now clean.
> >> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
> >> news:uaW$6fPEJHA.3288@TK2MSFTNGP03.phx.gbl...
> >>> You still don't seem to understand what everyone has been trying to
tell
> >>> you. Once a system has been infected there is no way of knowing if it
> >>> has been cleaned/repaired except doing a full format and rebuild. You
> >>> have been able to fix the symptoms that you noticed. There may still
be
> >>> other left over problems or the computer may still be infected.
> >>>
> >>> --
> >>> Kerry Brown
> >>> MS-MVP - Windows Desktop Experience: Systems Administration
> >>> http://www.vistahelp.ca/phpBB2/
> >>> http://vistahelpca.blogspot.com/
> >>>
> >>>
> >>> "Alan C" <nospam@noisp.com> wrote in message
> >>> news:%23Zn6XNNEJHA.1456@TK2MSFTNGP03.phx.gbl...
> >>>> For information and enlightenment:
> >>>>
> >>>> I fixed the problem, it turned out to be a winsock corruption.
> >>>>
> >>>> reinstalling tcp was the answer.
> >>>>
> >>>> "Alan C" <nospam@noisp.com> wrote in message
> >>>> news:uq4O1rAEJHA.1460@TK2MSFTNGP03.phx.gbl...
> >>>>> One XPPro workstn was infected by the antivirus 2008 trojan, which I
> >>>>> have managed to clean.
> >>>>> One problem remains: I cannot browse any server (2003) shares via
> >>>>> network places or explorer, although all mapped drives are
accessible.
> >>>>> When I try to browse to the server, - '\\our_srv\' only one share is
> >>>>> shown - 'userdata' - and this appears as an empty folder.
> >>>>>
> >>>>> I know that the trojan affects the local policies, which I've reset,
> >>>>> but cannot find anything that would cause the above.
> >>>>>
> >>>>> Any help, suggestions, guidance would be gratefully received.
> >>>>>
> >>>>> P.S. I'm not sure if this is the correct ng. Hope it is.
> >>>>
> >>>
> >>
> >
>

Hank Arnold (MVP) · Sep 8, 2008

Re: Antivirus 2008

I don't think any of us were patronizing. There was no information
indicating your skill level. Almost 100% of postings like yours are not
by experienced IT folks like us.

I'll be honest with you, in your situation, considering the fact that
this is a network *AND* used by a finance controller, I would still have
recommended a clean rebuild. Since you have the original hard drive
working, the time to rebuild should still be less than a week. If the
"customer" can't do without it for any length of time I would suggest a
perhaps a parallel build and replace the system when ready.

It's your network and you are, obviously, very familiar with it. Bottom
line is that you are "the boss" and you seem to know what you are doing.

As another suggested, since this is the second time the affected system
has caused significant loss of time (and data?), I would urge in the
strongest terms that you insist on a rigorous backup strategy for this
computer.....

--

Regards,
Hank Arnold
Microsoft MVP
Windows Server - Directory Services

Alan C wrote:
> Although the pc in question is a on a small network(assumption correct),
> it is used by the financial controller. It therefore has software/data
> (e.g. payroll) and some proprietary programs that are not on the server.
> The data is safe, but flattening the pc would mean not just reinstalling
> the OS and programs but booking the 3rd party guys to come and
> reconfigure their software. Last time (hdd failure) this cost more than
> the pc was worth and took over a week.
>
> OK, special case. We all know how frequent they are. That is why I've
> spent the last two days sweating blood to ensure the malware is removed
> fully, and didn't just wipe it.
>
> For the record, I mentioned the '70's start to illustrate my cynicism at
> the obviously banal replies that are inevitable. Also wordy, 'stating
> the obvious' posts can appear to be extremely patronizing, even when not
> intended.
>
> I use these ng's for clues and ideas, not necessarily for cures. Rant over.
> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
> news:O51R2gQEJHA.1272@TK2MSFTNGP02.phx.gbl...
>> I'm sorry if you think I was patronizing. I also started in IT in the
>> 70's, although I don't know what this has to do with the conversation.
>> At the very least my experience has taught me that there are many
>> different points of view regarding computer security and that my view
>> may differ from others. I have learned that I need to be open to other
>> points of view. There is no one right answer when it comes to computer
>> security. These newsgroups are read by many thousands of people who
>> may not have your experience and knowledge. Many people will find
>> these posts through a search engine. They need to know that even
>> though an anti-malware program may seem to remove some malware the
>> possibility exists that the computer is not "clean".
>>
>> Once a computer is owned by someone else (infected) the only way to be
>> 100% certain the infection is gone is to flatten and rebuild the
>> system from known good media. This could mean starting from scratch or
>> restoring from a known good backup. A good part of my business is
>> dealing with malware infections. I have learned that an infected
>> system can be repaired but not definitively cleaned by any other other
>> method. It is up to you to decide how much of a risk this is. As you
>> posted this in a server newsgroup I assume the computer in question is
>> part of a network. If this is the case then by cleaning an infected
>> computer you are taking a chance that the computer may not be fully
>> cleaned and may compromise the network. Balancing the time and
>> resources used between mitigating that risk and fixing the infected
>> computer is a decision only you can make. For me, if the computer is
>> part of a network that a business relies on, the best way to fix a
>> malware infection is to flatten the computer and restore a clean
>> image. There shouldn't be any important data on the computer so this
>> is a quick and easy fix. If the computer is not part of a network, or
>> good network policies have not been implemented, then other solutions
>> may work better. I am sometimes called in to fix things when something
>> goes wrong due to good network policies not being implemented. Like
>> you, I sometimes resort to cleaning an infected system as the customer
>> does not want to pay for the proper fix, which is not quick and easy
>> because there is no image available and company data is not stored on
>> a server. This doesn't mean this is the best solution or that I don't
>> inform the customer of the potential risks of this solution. The
>> important thing to understand is that is is a compromise and not the
>> best solution.
>>
>> --
>> Kerry Brown
>> MS-MVP - Windows Desktop Experience: Systems Administration
>> http://www.vistahelp.ca/phpBB2/
>> http://vistahelpca.blogspot.com/
>>
>>
>> "Alan C" <nospam@noisp.com> wrote in message
>> news:ua9zUAQEJHA.3604@TK2MSFTNGP06.phx.gbl...
>>> You don't seem to understand that I know what I am doing, having
>>> started in IT in the mid 1970's. Admittedly there is still a learning
>>> curve as OS's, etc, evolve, hence my questions to these ng's.
>>>
>>> And I don't appreciate the patronizing attitude of some posters.
>>>
>>> The pc in question is now clean.
>>> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
>>> news:uaW$6fPEJHA.3288@TK2MSFTNGP03.phx.gbl...
>>>> You still don't seem to understand what everyone has been trying to
>>>> tell you. Once a system has been infected there is no way of knowing
>>>> if it has been cleaned/repaired except doing a full format and
>>>> rebuild. You have been able to fix the symptoms that you noticed.
>>>> There may still be other left over problems or the computer may
>>>> still be infected.
>>>>
>>>> --
>>>> Kerry Brown
>>>> MS-MVP - Windows Desktop Experience: Systems Administration
>>>> http://www.vistahelp.ca/phpBB2/
>>>> http://vistahelpca.blogspot.com/
>>>>
>>>>
>>>> "Alan C" <nospam@noisp.com> wrote in message
>>>> news:%23Zn6XNNEJHA.1456@TK2MSFTNGP03.phx.gbl...
>>>>> For information and enlightenment:
>>>>>
>>>>> I fixed the problem, it turned out to be a winsock corruption.
>>>>>
>>>>> reinstalling tcp was the answer.
>>>>>
>>>>> "Alan C" <nospam@noisp.com> wrote in message
>>>>> news:uq4O1rAEJHA.1460@TK2MSFTNGP03.phx.gbl...
>>>>>> One XPPro workstn was infected by the antivirus 2008 trojan, which
>>>>>> I have managed to clean.
>>>>>> One problem remains: I cannot browse any server (2003) shares via
>>>>>> network places or explorer, although all mapped drives are
>>>>>> accessible.
>>>>>> When I try to browse to the server, - '\\our_srv\' only one share
>>>>>> is shown - 'userdata' - and this appears as an empty folder.
>>>>>>
>>>>>> I know that the trojan affects the local policies, which I've
>>>>>> reset, but cannot find anything that would cause the above.
>>>>>>
>>>>>> Any help, suggestions, guidance would be gratefully received.
>>>>>>
>>>>>> P.S. I'm not sure if this is the correct ng. Hope it is.
>>>>>
>>>>
>>>
>>
>

Antivirus 2008

Alan C

Guest

dan

Guest

Alan C

Guest

Peter Foldes

Guest

Alan C

Guest

Hank Arnold (MVP)

Guest

Kerry Brown

Guest

Alan C

Guest

Kerry Brown

Guest

Alan C

Guest

NeilH

Guest

Hank Arnold (MVP)

Guest