Amiga.org

The "Not Quite Amiga but still computer related category" => Alternative Operating Systems => Topic started by: orange on January 06, 2009, 06:39:29 PM

Title: virus outbreak on windowsXP
Post by: orange on January 06, 2009, 06:39:29 PM

we have huge problems with viruses at the place I work.
there was some critical patch (http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx) that nobody installed..
Few other computers on corporate LAN claim to receive ping from mine. Would that be a sign of infection? or does windows send pings 'by itself'?

BTW, the virus name is W32.Downadup.B (http://www.symantec.com/security_response/writeup.jsp?docid=2008-123015-3826-99)

Title: Re: virus outbreak on windowsXP
Post by: ChuckT on January 06, 2009, 06:45:58 PM

Our company uses Sonic Wall and they now use PC Tools Spyware Doctor because our secretary was on one of those blogging sites and got a virus from just cruising the internet.

I was doing a google search and got one and though I really didn't like PC Tools Spyware Doctor, it caught Malware and cleaned the computer the same day I received it.

Title: Re: virus outbreak on windowsXP
Post by: ffastback on January 06, 2009, 07:05:36 PM

Quote

orange wrote:
we have huge problems with viruses at the place I work.
there was some critical patch (http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx) that nobody installed..
Few other computers on corporate LAN claim to receive ping from mine. Would that be a sign of infection? or does windows send pings 'by itself'?

BTW, the virus name is W32.Downadup.B (http://www.symantec.com/security_response/writeup.jsp?docid=2008-123015-3826-99)

Assuming you are in the same VLAN (if you even use VLANS) you probably should be able to ping other machines in your LAN subnet.  Make sure you try to ping by ip and not name as glancing at the write-up it does some funky stuff to DNS.

Title: Re: virus outbreak on windowsXP
Post by: orange on January 06, 2009, 07:17:02 PM

but what I meant, firewalls report ping/ICMP packets originating from my computer, even when I haven't sent them!

(my firewall says that 'kernel' is trying to ping)

Title: Re: virus outbreak on windowsXP
Post by: Lockon_15 on January 06, 2009, 07:50:16 PM

That might be infection.
There are some viruses using RPC flaws left unpatched after XP SP3 and before KB958644. Maybe one uses ping to discover machines and attempt to spread itself.

Check with your net admins if they could modify ACLs on VLANs and pinpoint if you're lone source (I doubt, but make sure they check).

Oh, BTW, Merry Christmass :)

Title: Re: virus outbreak on windowsXP
Post by: orange on January 07, 2009, 01:11:21 PM

@Lockon_15

hvala..

Title: Re: virus outbreak on windowsXP
Post by: Zac67 on January 07, 2009, 09:59:49 PM

If you use Windows keep it patched at all times.
If you use Internet Explorer :-P on Windows DOUBLY so.
Keep the firewall well configured at all times.
Install a good antivirus software and keep it updated always.
Keep your co-workers well informed about virus/worm dangers.
Don't grant admin rights to standard users, use centralized software installation.

Too much hassle? Use Linux.
 ;-)