So I made a post awhile ago in OT about a virus I was dealing with that would create two letter executables and was sending out mass amounts of network traffic. It crippled us for a few hours the first day it has hit.
We were first hit about a month ago and I have been trying to clean us up the entire time. The problem is that we keep getting reinfected because of how many users and holes we've had for so long.
I'll post some links to the virus that we're dealing with, Keep in mind, none of these links were showing up in a Google result when I was trying to clean this up, so I was trying to do it without any info.
I have since been able to get most of our PCs installed with antivirus and windows firewall turned on for those that didn't have it.
The servers that keep getting reinfected do not have a firewall installed on them and only have avast server edition trial on them. Originally they did not have antivirus installed (long story, I was not in charge of these servers).
I am unable to bring these servers down much, as they are public safety related. Here is my plan, I would like some feedback on it.
Restart all servers at once (7 total) and do a boot time scan to remove the virus (it removes it each time, but they keep getting reinfected). My thought is that if I remove them all at once then they can't reinfect the servers again. Then I will bring the servers up one by one and install the firewall and lock it down. Once all the servers are up with the firewalls configured, I wait and pray they continue to stay uninfected.
I will then go around to all the computers in our network and ensure they are locked down. We have about 200 desktops and 100 mobile units connecting via a VPN.
This is where I'm asking for firewall suggestions.
Link to virus info.
link 1
link 2
link 3
I apologize if this isn't making any sense. I've worked an 18 hour day so far...
We were first hit about a month ago and I have been trying to clean us up the entire time. The problem is that we keep getting reinfected because of how many users and holes we've had for so long.
I'll post some links to the virus that we're dealing with, Keep in mind, none of these links were showing up in a Google result when I was trying to clean this up, so I was trying to do it without any info.
I have since been able to get most of our PCs installed with antivirus and windows firewall turned on for those that didn't have it.
The servers that keep getting reinfected do not have a firewall installed on them and only have avast server edition trial on them. Originally they did not have antivirus installed (long story, I was not in charge of these servers).
I am unable to bring these servers down much, as they are public safety related. Here is my plan, I would like some feedback on it.
Restart all servers at once (7 total) and do a boot time scan to remove the virus (it removes it each time, but they keep getting reinfected). My thought is that if I remove them all at once then they can't reinfect the servers again. Then I will bring the servers up one by one and install the firewall and lock it down. Once all the servers are up with the firewalls configured, I wait and pray they continue to stay uninfected.
I will then go around to all the computers in our network and ensure they are locked down. We have about 200 desktops and 100 mobile units connecting via a VPN.
This is where I'm asking for firewall suggestions.
Link to virus info.
link 1
link 2
link 3
I apologize if this isn't making any sense. I've worked an 18 hour day so far...