+ Post New Thread
Results 1 to 7 of 7
Internet Related/Filtering/Firewall Thread, Web broswer probs... not looking forward to work tomorrow :( in Technical; OK i think this is my first post and i have dyslexia so please forgive any errors. i find it ...
  1. #1

    Join Date
    Jun 2011
    Location
    Atherton
    Posts
    112
    Thank Post
    13
    Thanked 6 Times in 1 Post
    Rep Power
    8

    Web broswer probs... not looking forward to work tomorrow :(

    OK i think this is my first post and i have dyslexia so please forgive any errors. i find it hard to get my point across sometimes but here goes....

    oh and sorry for the long post;

    i think we have some big probs at oursite..... and i think this might just be the tip of the iceberg!

    for a few weeks now, the internet access drops for approx 3mins at 3 set times during the day. I've checked update/backup schedules and almost every bit of software installed in our site to see if something is floodin' the net. i couldn't see anything amiss.

    it happened today, so i check the firewall log to see if anything popped up in there..... i have reports saying computer X @ 10.15.x.x has exceded http requests and might be infected.blah blah blah..... at first i thought, cable, nic faulty. but the list of machines is as long as my arm......

    so i think oh dear... we have a virus...... so i asked when the last sophos update was done and what the report reads... and 45% of the networks pcs are infected with;

    troj/userin-a

    vbs/autom-b

    vbs/malnir-a

    ...... now i'm very new to domains and large networks at a whole... so please forgive me if some of my wording is off.

    the sophos version we WERE on was 4.5 sophos console and endpoint 9.5 (i think might have that the wrong way around)

    with it being a virus issue i asked my boss if there was a newer version of sophos.... to which we found console 5 and endpoint 10.....

    both of which are NOW installed and fully updated.....after doing a scan on all the computers infected. the virus "SEEMS" to of been removed.

    however.... all the web broswers on all the computers on the network are now crashing ..... servers/clients on both domains the lot. Firefox/ie/safari .

    this didn't happen stright away some 3hrs after the sophos update...... it might just be coincidence that this is happening after a sophs update. but i really dont know where to start.....


    i tested all the broswers. firefox just crashes and gives a "oops error", ie just drops to the desktop, safari locks ups and google also gives the "oops" error.

    i thought sophos must be blocking something, so i disabled it breifly... but the same thing happened...... i had to use the 3g dongle to get online.... which worked fine on all broswers..... i even checked on a "suspected" infected pc. works fine.

    done a scan on all the servers all clean....... my head hurts now..... and im not looking forwards to tomorrow....

    any ideas? thx in advance.

  2. #2

    garethedmondson's Avatar
    Join Date
    Oct 2008
    Location
    Gowerton, Swansea
    Posts
    2,260
    Thank Post
    965
    Thanked 324 Times in 192 Posts
    Blog Entries
    11
    Rep Power
    164
    As a test how about building a totally fresh machine from CD. Download all the updates using WSUSOffline and burn them to CD or USB stick (at home maybe?) - this will let you setup a machine without connecting to the internet. Try and get an AV on there before connecting it to the network.

    Then connect it to the network and see what happens - does it still crash? Any virus shouldn't hit the machine as you are fully updated.

    Gareth

  3. #3

    teejay's Avatar
    Join Date
    Apr 2008
    Posts
    3,177
    Thank Post
    285
    Thanked 773 Times in 583 Posts
    Rep Power
    335
    Try getting What is Windows Defender Offline Beta&#63 and booting off this and re-checking the machine. Also check the machine with the free version of Malwarebytes : Free anti-malware, anti-virus and spyware removal download
    Try reinstalling Firefox, try Chrome. Test booting off a Linux Live CD such as Ubuntu and see if you get the problem.

  4. #4

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    10,400
    Thank Post
    602
    Thanked 2,171 Times in 994 Posts
    Blog Entries
    23
    Rep Power
    630
    It's not uncommon that when a virus is removed from an infected system that infected system files are also removed or damaged and the only recourse you have is to re-image the machine. Judgign by the fact that various browsers are malfunctioning you may have goosed a system file.
    It'll just be quicker to re-image and ensure the new image updates Sophos correctly than worry about what was damged/removed as there will probably be very little you could do anyway.

  5. #5

    Join Date
    Jun 2011
    Location
    Atherton
    Posts
    112
    Thank Post
    13
    Thanked 6 Times in 1 Post
    Rep Power
    8
    Quote Originally Posted by Dos_Box View Post
    It's not uncommon that when a virus is removed from an infected system that infected system files are also removed or damaged and the only recourse you have is to re-image the machine. Judgign by the fact that various browsers are malfunctioning you may have goosed a system file.
    It'll just be quicker to re-image and ensure the new image updates Sophos correctly than worry about what was damged/removed as there will probably be very little you could do anyway.
    yeah i could just re-image a machine first thing tomorrow.... we use fog so thats not much of an issue.... prob is.... i know before i put fog inplace the computers were build 1 by 1 ! and some of the hardware doesn't have an image........

    45% of the site is about 240 pcs!

    still...... i was really hopin' i would never have to use "i told you so" in my place of work..... leason learnt...... could of been alit worse!


    thanks for all the help guys...... i reimage a infected suite tomorrow and report back! thx again

  6. #6

    Join Date
    Jun 2011
    Location
    Atherton
    Posts
    112
    Thank Post
    13
    Thanked 6 Times in 1 Post
    Rep Power
    8
    just an update......

    after restoring a pc in one of the suites.. it worked fine... did all the updates still fine..... updated to endpoint 10 and it started again...... removed it, was fine again...... reinstalled 9.5 works fine..... removed 9.5 and installed 10. and it stopped working again......

    put 9.5 back on and its fine again!

    so looks to be sophos!

    still running the lastest console also......

  7. #7

    Join Date
    Jun 2011
    Location
    Atherton
    Posts
    112
    Thank Post
    13
    Thanked 6 Times in 1 Post
    Rep Power
    8
    think we've cracked this now..... now using latest console and endpoint 10

    we called sophos support who checked a few settings. we had download scanning off! once enabled it worked fine....

    sophos V10-policy setting.JPG

SHARE:
+ Post New Thread

Similar Threads

  1. [Website] Looking forward to this...Zombieland
    By mattx in forum Jokes/Interweb Things
    Replies: 0
    Last Post: 6th August 2009, 02:10 PM
  2. [News] Looking forward to this
    By mattx in forum Jokes/Interweb Things
    Replies: 1
    Last Post: 1st July 2009, 08:06 PM
  3. Looking forward to the day ahead
    By elsiegee40 in forum General Chat
    Replies: 2
    Last Post: 5th June 2009, 08:23 AM
  4. Something to look forward to
    By laserblazer in forum General Chat
    Replies: 2
    Last Post: 28th November 2008, 12:36 PM
  5. [Joke] Quite looking forward to retirement now...
    By OutToLunch in forum Jokes/Interweb Things
    Replies: 2
    Last Post: 3rd April 2008, 12:26 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •