Has Eduman been consumed by the virus too? :p
Printable View
Has Eduman been consumed by the virus too? :p
With an RM network you can not use group policy, what patch did you use and do you know where i can get it?Quote:
Originally Posted by jsnetman
I could only hope :)Quote:
Originally Posted by CHR1S
Actually you can, if you can work out their AD structure its as easy as creating a new GPO for the setting in the right location. Just don't edit any of their GPO's, they might get angry ;)Quote:
Originally Posted by EduMan
First thing to do is apply a registry patch to all machines and set security on the key to read for everyone including administrators the key is MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost. The easiest way is to do it via GP. I'm sure even on an RM network you can still use GP. Or you could deploy it via a script. I will post the other steps as soon as I can track what we did. It was a long time ago.
here is the svchost information from MS:
http://support.microsoft.com/kb/962007
We downloaded and stored this Virus Description: Worm:W32/Downadup.AL on a network share and and used a startup script to initiate detection and removal, machines that don't connect to the share or have the virus will have to be manually scanned. You also need to turn off autoplay on all removable devices again you can do this in GP but a regedit deployment script would also work. We also installed SP3 on all workstations and laptops, not sure you can do this on RM but I don't see why not. This can be done via WSUS or startup script, or manually.
Further info from Ms:
Virus alert about the Win32/Conficker worm
You can, yes.Quote:
We also installed SP3 on all workstations and laptops, not sure you can do this on RM but I don't see why not.
Can you, thats news to me, SP3 is included in CC4 SR2 isnt it?Quote:
Originally Posted by Edu-IT
SP3 build images are supplied with SR2.Quote:
Originally Posted by CHR1S
CC4UPD075 provides the necessary packages to update a station to SP3.
The SR2 build image also includes .NET 3.5 but I think that is the only difference.
As others have said, disable network access for all machines that are not being brought back to you. It seems like you cant progress without clearing the virus to ensure thats not causing any problems. Send out an email giving staff a day to bring in their laptop for scanning or loose their connection to the network. That way you have covered yourself and given staff warning. Staff can sometimes be lazy and you need to give them a prod to do what is needed(or use a shoe I can see from this thread :p )
Once you have cleared the virus you can go back to RM if need be.
We did this here, staff don't have a choice when a virus hits, only had to do it twice blaster and conficker. For blaster even the servers were turned off for a day or so.
If you can't go to SP3 there is a download which patches the problem with conficker:
http://www.microsoft.com/technet/sec.../MS08-067.mspx
Seem to remember we didi deploy this patch prior to upgrading to SP3.
We also deployed and ran http://www.tech-forums.net/pc/f51/co...mation-203975/ conficker_mem_killer.exe for a good few weeks after the attack.
No problems going to SP3 as long as you're SR1 at least. Update 75, as mentioned above provides the packages to do it. As long as your drivers are up to date (especially wireless if you have any Z91FR RM mobile one laptops or anything else with cewrtain model Intel wireless cards) you should be fine. Also make sure laptops are mains powered otherwise it wont install :D
Thank you all for your advice, ill pass them all on, beating with the shoes sounds perfect! May just try it ! :)
Grip by the toe, aim for a square hit with the heel.