+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 34
Network and Classroom Management Thread, CC4 Unable to rebuild anything... RM say Virus? in Technical; Has Eduman been consumed by the virus too?...
  1. #16

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,500
    Thank Post
    1,578
    Thanked 482 Times in 302 Posts
    Rep Power
    217
    Has Eduman been consumed by the virus too?

  2. #17
    EduMan's Avatar
    Join Date
    May 2010
    Posts
    24
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by jsnetman View Post
    If it's conficker its not that hard to ger rid of. We had it maybe a year ago and I seem to remember you can apply a group policy patch to stop anything from creating a scheduled task, which conficker does. You can also deploy conficker removal tools and patch them to SP3 via startup scripts as I think GP gets applied before the virus kicks in. We also ran a memory cleaning program on all sstations and servers which basically looked for the virus in memory and unloaded it if found.
    With an RM network you can not use group policy, what patch did you use and do you know where i can get it?

  3. #18
    EduMan's Avatar
    Join Date
    May 2010
    Posts
    24
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by CHR1S View Post
    Has Eduman been consumed by the virus too?
    I could only hope

  4. #19

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,500
    Thank Post
    1,578
    Thanked 482 Times in 302 Posts
    Rep Power
    217
    Quote Originally Posted by EduMan View Post
    With an RM network you can not use group policy, what patch did you use and do you know where i can get it?
    Actually you can, if you can work out their AD structure its as easy as creating a new GPO for the setting in the right location. Just don't edit any of their GPO's, they might get angry

  5. #20
    jsnetman's Avatar
    Join Date
    Oct 2007
    Posts
    887
    Thank Post
    23
    Thanked 134 Times in 126 Posts
    Rep Power
    39
    First thing to do is apply a registry patch to all machines and set security on the key to read for everyone including administrators the key is MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost. The easiest way is to do it via GP. I'm sure even on an RM network you can still use GP. Or you could deploy it via a script. I will post the other steps as soon as I can track what we did. It was a long time ago.

    here is the svchost information from MS:

    http://support.microsoft.com/kb/962007

  6. #21
    jsnetman's Avatar
    Join Date
    Oct 2007
    Posts
    887
    Thank Post
    23
    Thanked 134 Times in 126 Posts
    Rep Power
    39
    We downloaded and stored this Virus Description: Worm:W32/Downadup.AL on a network share and and used a startup script to initiate detection and removal, machines that don't connect to the share or have the virus will have to be manually scanned. You also need to turn off autoplay on all removable devices again you can do this in GP but a regedit deployment script would also work. We also installed SP3 on all workstations and laptops, not sure you can do this on RM but I don't see why not. This can be done via WSUS or startup script, or manually.

    Further info from Ms:


    Virus alert about the Win32/Conficker worm

  7. #22

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,139
    Thank Post
    403
    Thanked 622 Times in 568 Posts
    Rep Power
    181
    We also installed SP3 on all workstations and laptops, not sure you can do this on RM but I don't see why not.
    You can, yes.

  8. #23

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,500
    Thank Post
    1,578
    Thanked 482 Times in 302 Posts
    Rep Power
    217
    Quote Originally Posted by Edu-IT View Post
    You can, yes.
    Can you, thats news to me, SP3 is included in CC4 SR2 isnt it?

  9. #24
    ajs
    ajs is offline

    Join Date
    Jun 2008
    Location
    Wigton, Cumbria
    Posts
    226
    Thank Post
    2
    Thanked 35 Times in 35 Posts
    Rep Power
    23
    Quote Originally Posted by CHR1S View Post
    Can you, thats news to me, SP3 is included in CC4 SR2 isnt it?
    SP3 build images are supplied with SR2.

    CC4UPD075 provides the necessary packages to update a station to SP3.

    The SR2 build image also includes .NET 3.5 but I think that is the only difference.

  10. Thanks to ajs from:

    CHR1S (6th July 2010)

  11. #25


    Join Date
    Sep 2008
    Posts
    1,766
    Thank Post
    323
    Thanked 258 Times in 211 Posts
    Rep Power
    120
    As others have said, disable network access for all machines that are not being brought back to you. It seems like you cant progress without clearing the virus to ensure thats not causing any problems. Send out an email giving staff a day to bring in their laptop for scanning or loose their connection to the network. That way you have covered yourself and given staff warning. Staff can sometimes be lazy and you need to give them a prod to do what is needed(or use a shoe I can see from this thread )

    Once you have cleared the virus you can go back to RM if need be.

  12. #26
    jsnetman's Avatar
    Join Date
    Oct 2007
    Posts
    887
    Thank Post
    23
    Thanked 134 Times in 126 Posts
    Rep Power
    39
    We did this here, staff don't have a choice when a virus hits, only had to do it twice blaster and conficker. For blaster even the servers were turned off for a day or so.

  13. #27
    jsnetman's Avatar
    Join Date
    Oct 2007
    Posts
    887
    Thank Post
    23
    Thanked 134 Times in 126 Posts
    Rep Power
    39
    If you can't go to SP3 there is a download which patches the problem with conficker:

    http://www.microsoft.com/technet/sec.../MS08-067.mspx

    Seem to remember we didi deploy this patch prior to upgrading to SP3.

    We also deployed and ran http://www.tech-forums.net/pc/f51/co...mation-203975/ conficker_mem_killer.exe for a good few weeks after the attack.
    Last edited by jsnetman; 6th July 2010 at 12:38 PM.

  14. #28

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,945
    Thank Post
    583
    Thanked 1,017 Times in 783 Posts
    Blog Entries
    15
    Rep Power
    464
    No problems going to SP3 as long as you're SR1 at least. Update 75, as mentioned above provides the packages to do it. As long as your drivers are up to date (especially wireless if you have any Z91FR RM mobile one laptops or anything else with cewrtain model Intel wireless cards) you should be fine. Also make sure laptops are mains powered otherwise it wont install

  15. Thanks to synaesthesia from:

    CHR1S (6th July 2010)

  16. #29
    EduMan's Avatar
    Join Date
    May 2010
    Posts
    24
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thank you all for your advice, ill pass them all on, beating with the shoes sounds perfect! May just try it !

  17. #30

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,945
    Thank Post
    583
    Thanked 1,017 Times in 783 Posts
    Blog Entries
    15
    Rep Power
    464
    Grip by the toe, aim for a square hit with the heel.

SHARE:
+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. RM CC4 Rebuild Issues
    By Zaphod in forum Network and Classroom Management
    Replies: 2
    Last Post: 14th May 2010, 02:07 PM
  2. rebuild
    By visualman in forum Hardware
    Replies: 11
    Last Post: 18th June 2009, 03:09 PM
  3. Trying to Rebuild....
    By g.shaikh in forum How do you do....it?
    Replies: 1
    Last Post: 14th March 2008, 12:51 PM
  4. unable to set wallpaper in vista following virus
    By marky2027 in forum Windows Vista
    Replies: 16
    Last Post: 13th November 2007, 08:57 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •