Windows Thread, Cleaning of "Brontok-N" in Technical; Hi guys
I am hoping someone here can help with this, we have a large number of infections of this ...
6th March 2009, 10:03 AM #1
Cleaning of "Brontok-N"
I am hoping someone here can help with this, we have a large number of infections of this virus on my network, Sophos seems to be utterly useless.
I am trying to find a quicker way of cleaning up other than doing the very VERY long winded way Sophos want me to (took 12 hours on a machine with a 200gb drive, dont really wnat to set that loose on a server with nearly 1Tb)
I have a Deputy with every folder on her memory stick suffering from this infection which she brought in from home, I cleaned it once, she needed something so BAD that she put it in the infected computer at home again and brought it back into school, even though I asked her not to. *sigh*
Any ideas or advice, my brain is fried this week
6th March 2009, 10:10 AM #2
I could be COMPLETELY wrong with this
and with a large drive it would take ages anyway
but with a machine in one of our labs it was running a chkdsk because it wasn't shut down properly.
I noticed that it was deleting some files called Zlob, which I know for a fact Zlob DNS Changer is one of those nasty virus' which is a pain to remove.
I'm not sure if this would solve the problem, perhaps someone could tell me if this was removing infected files, or have I got wishful thinking?
6th March 2009, 10:27 PM #3
Originally Posted by Tony_Mc
utterly: completely, entirely, to the fullest extent
useless: Without use or possibility to be used; : (of a person) unable to do well at a particular task or thing. Useless is mildly insulting
Therefore: SAV is completely unable to remove this infection? What is failing to be cleanup?
We don't want you to. It is necessary based on our analysis of the worm. However the scan time sounds a bit long to me. What were your scan settings? Extensive? That shouldn't be required. It all really depends what's on the drive. You could try disk cleanup to remove as much unnecessary junk from the computer as possible. Also switch off system restore if you think the backups are potentially infected - it'll increase the scan time too. Then look at:
Originally Posted by Tony_Mc
W32/Brontok-N Win32 executable file virus - Sophos security analysis > 'more information'
Sophos: Disinfecting PE executables
Sophos Technical Support
9th March 2009, 08:59 AM #4
Thank you for your reply.
My opinion of Sophos is completely based on how many problems I have had removing viruses from the network when using it. I am sure I would be in a much worse state if I had no AV but I feel that when using it I don't get as much protection as I should either way it is what I have so i will go through the links you have sent me, one of which I have already completed. For the record this is a brand new install on a new server done exactly as instructed by LGFL.
once again, thank you for the advice and yes, "utterly useless" is a little strong, moderately unfit for purpose is perhaps a better way of putting it.
9th March 2009, 09:06 AM #5
While I would not openly attack Sophos specifically (they have a fine product that is used worldwide without issue etc etc...) I can say I've experienced similar issues to you historically.
The positive bit I can say is that Sophos support personnel bent over backwards to try and sort our issues out (which ranged from similar issues to you right down to the client software making workstations practically unusuable due to log on speeds etc!), but ultimately never got the issue resolved.
For the last few years I've used Symantec Endpoint and have never had one virus infection (a handful being shown in the monitor along with reports of other issues which had been stopped by Endpoint)
It is by far the best product I've used at work.
(...Views and opions are my own, not of my employer etc!)
By burgemaster in forum Windows
Last Post: 10th June 2009, 09:32 AM
By tech_guy in forum Windows
Last Post: 24th January 2008, 01:07 PM
By GavRob in forum Network and Classroom Management
Last Post: 30th July 2007, 10:05 PM
By Disorder in forum Windows
Last Post: 21st March 2007, 09:08 AM
Last Post: 28th September 2006, 07:06 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)