Somethingn of a Challenge for you :)

[Guest]

Hi All,
I have a domain network that runs through Windows 2000 Advanced Server to
access the internet. One Windows NT4.0 SP6A workstation has Norton Antivirus
V5.x that scans the network. I have no other security software as it is too
expensive. My Windows 2000 Advanced Server now displays warning and error
messages that indicate I have been infected by some kind of Spyware product.
My first question is how can an unprotected machine find this sort of thing
and my next question is how can I remove this infection and then protect
against future infections ....... WITHOUT costing me a fortune in new
security software products?
Regards & Thanks
Rob

 

[Guest]

Hello Rob;

So what has this to do with MS Antispywªre?
May I suggest going to www.symantec.com/nav for best prªctices.

Good luck.

Engel

 

[Hakama]

With such an installation, I suspect this is not a domestic network,
rather a small business network. Please give some thinking to this: it
may cost you much more not having security software that paying for one.
And there are lots of free software that protects your machines, just
look at the postings in these newsgroups, those softwares are often
mentioned.

 

[Bill Sanderson]

Do you browse the web from the Server? I'd recommend not doing that--lock
down the console when it is not in use.

I wouldn't hesitate to install Microsoft Antispyware on the server and have
the real-time protection from it working for you.

I'd be cautious about the first installation, update, and scan. Expect to
need to reboot, and concievably, more disastrous possibilities--make sure
you have a good backup before proceeding.

However, once you are past that point, there shouldn't be significant
issues. Put it on all your 2k or XP workstations, as well--same caveat--run
the update and first scan while you can watch what happens.

You're no doubt running the malicious software removal tool as part of the
monthly security patches--that'll kill the worst of the really nasty stuff.
Keep the patches up to date, via Microsoft Update.

I'll admit to not running antivirus on some servers. It's a risk. Even if
you don't see the server itself as a vector by which a virus might arrive,
there are lots of bugs that spread across a network, and those can arrive on
the server. Your method of scanning the whole network via a workstation is
worth something, but not near as much as having protection on each machine.
There's a lot that simple file-based scanning isn't looking at.

Microsoft Antispyware isn't perfect--it's a beta--there are bugs it can't
clean. So try it out--preferably: 1) install Microsoft Antispyware, 2)
update definitions 3) restart in safe mode 4) do full, deep scans until a
scan comes through clean. (downtime for the server, I'm afraid.....)

That's the best shot at getting rid of what you are seeing if, in fact, it
is simple ad/spyware. If that does not do the job--we need to hear more
about the content of what you are seeing, so we can recommend some
alternatives or additional cleaning measures.