+ Post New Thread
Results 1 to 5 of 5
Windows Thread, Cleaning of "Brontok-N" in Technical; Hi guys I am hoping someone here can help with this, we have a large number of infections of this ...
  1. #1
    Tony_Mc's Avatar
    Join Date
    Dec 2008
    Location
    London
    Posts
    184
    Thank Post
    40
    Thanked 17 Times in 15 Posts
    Rep Power
    15

    Cleaning of "Brontok-N"

    Hi guys

    I am hoping someone here can help with this, we have a large number of infections of this virus on my network, Sophos seems to be utterly useless.

    I am trying to find a quicker way of cleaning up other than doing the very VERY long winded way Sophos want me to (took 12 hours on a machine with a 200gb drive, dont really wnat to set that loose on a server with nearly 1Tb)

    I have a Deputy with every folder on her memory stick suffering from this infection which she brought in from home, I cleaned it once, she needed something so BAD that she put it in the infected computer at home again and brought it back into school, even though I asked her not to. *sigh*

    Any ideas or advice, my brain is fried this week

    Ta

    Tony

  2. #2
    rolfea's Avatar
    Join Date
    Nov 2008
    Location
    Hereford
    Posts
    682
    Thank Post
    66
    Thanked 50 Times in 25 Posts
    Rep Power
    22
    I could be COMPLETELY wrong with this

    and with a large drive it would take ages anyway

    but with a machine in one of our labs it was running a chkdsk because it wasn't shut down properly.
    I noticed that it was deleting some files called Zlob, which I know for a fact Zlob DNS Changer is one of those nasty virus' which is a pain to remove.

    I'm not sure if this would solve the problem, perhaps someone could tell me if this was removing infected files, or have I got wishful thinking?

  3. #3
    Sophos-Support-5's Avatar
    Join Date
    Jun 2007
    Location
    Abingdon, UK
    Posts
    48
    Thank Post
    0
    Thanked 7 Times in 6 Posts
    Rep Power
    17
    Quote Originally Posted by Tony_Mc View Post
    Sophos seems to be utterly useless.


    utterly: completely, entirely, to the fullest extent
    en.wiktionary.org/wiki/utterly


    useless: Without use or possibility to be used; : (of a person) unable to do well at a particular task or thing. Useless is mildly insulting
    source: en.wiktionary.org/wiki/useless


    Therefore: SAV is completely unable to remove this infection? What is failing to be cleanup?

    Quote Originally Posted by Tony_Mc View Post
    I am trying to find a quicker way of cleaning up other than doing the very VERY long winded way Sophos want me to (took 12 hours on a machine with a 200gb drive, dont really wnat to set that loose on a server with nearly 1Tb)
    We don't want you to. It is necessary based on our analysis of the worm. However the scan time sounds a bit long to me. What were your scan settings? Extensive? That shouldn't be required. It all really depends what's on the drive. You could try disk cleanup to remove as much unnecessary junk from the computer as possible. Also switch off system restore if you think the backups are potentially infected - it'll increase the scan time too. Then look at:

    W32/Brontok-N Win32 executable file virus - Sophos security analysis > 'more information'

    Sophos: Disinfecting PE executables

    Regards,

    Sophos Technical Support

  4. #4
    Tony_Mc's Avatar
    Join Date
    Dec 2008
    Location
    London
    Posts
    184
    Thank Post
    40
    Thanked 17 Times in 15 Posts
    Rep Power
    15
    Thank you for your reply.

    My opinion of Sophos is completely based on how many problems I have had removing viruses from the network when using it. I am sure I would be in a much worse state if I had no AV but I feel that when using it I don't get as much protection as I should either way it is what I have so i will go through the links you have sent me, one of which I have already completed. For the record this is a brand new install on a new server done exactly as instructed by LGFL.

    once again, thank you for the advice and yes, "utterly useless" is a little strong, moderately unfit for purpose is perhaps a better way of putting it.

    Kind Regards

    Tony

  5. #5
    mb2k01's Avatar
    Join Date
    Jan 2007
    Posts
    1,149
    Thank Post
    191
    Thanked 235 Times in 199 Posts
    Rep Power
    93
    While I would not openly attack Sophos specifically (they have a fine product that is used worldwide without issue etc etc...) I can say I've experienced similar issues to you historically.

    The positive bit I can say is that Sophos support personnel bent over backwards to try and sort our issues out (which ranged from similar issues to you right down to the client software making workstations practically unusuable due to log on speeds etc!), but ultimately never got the issue resolved.

    For the last few years I've used Symantec Endpoint and have never had one virus infection (a handful being shown in the monitor along with reports of other issues which had been stopped by Endpoint)
    It is by far the best product I've used at work.

    (...Views and opions are my own, not of my employer etc!)



SHARE:
+ Post New Thread

Similar Threads

  1. "Print Limit Pro" or "Print Managent Plus"
    By burgemaster in forum Windows
    Replies: 24
    Last Post: 10th June 2009, 10:32 AM
  2. "Error 403" & "Moved to here" message
    By tech_guy in forum Windows
    Replies: 4
    Last Post: 24th January 2008, 02:07 PM
  3. Proxy switch "proxy on" & " proxy off" software
    By GavRob in forum Network and Classroom Management
    Replies: 20
    Last Post: 30th July 2007, 11:05 PM
  4. Windows 98 machines "need cleaning up again"
    By Disorder in forum Windows
    Replies: 22
    Last Post: 21st March 2007, 10:08 AM
  5. Replies: 6
    Last Post: 28th September 2006, 08:06 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •