Jim Lawrence
accessd at shaw.ca
Fri Oct 30 12:42:18 CDT 2009
Hi John; That is all good advice. I have taken the liberty to attach one of the corrupted drives off the server and will be doing exactly as you suggest. I will give Sunsoft call after I have done some preliminary investigations. I plan to hit the corrupt drive with everything I can think of. The server has the same software protection as the rest of the stations. The only thing the server has different is that it is not directly accessible by the workers or do they know how to even login to it... that knowledge is between the owner and me. Jim -----Original Message----- From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of John Bartow Sent: Friday, October 30, 2009 8:06 AM To: 'Discussion of Hardware and Software issues' Subject: Re: [dba-Tech] Major site crash Hi Jim, Holy crap! I haven't seen anything that extreme. If all the stations were the same hardware, it may have been a system update. I've had the reboot cycle happen to a couple of PCs because of that. Although having all the same hardware in one office sounds great maybe that's a drawback and I should feel lucky I have to work on such menageries of equipment ;o) If it was malicious software then it sounds like Vipre caught part of it (probably a rootkit) and disabled it but missed another dependant part or the malware damaged some part of the Windows startup system. If it is Vipre Enterprise the malware detections would be listed in the server's history/quarantine. I have mine set to now announce anything to the user but to email the office administrator. I suggest contacting Sunbelt immediately upon issues like this. Of course if you have an imaging server system setup the easiest way to get back up is to reimage all of the stations. In the meantime I'd dismount one of the stations hard drives and attach and scan it with a "cleaning" machine loaded with Malwarebytes, AntiVir, Stinger, Rootkit Revealer and any other anti-malware products you have confidence in. (I install them without active protection type services running.) Once done I remount the HD and start in safe mode. Using Autoruns I would disable all unnecessary startups and services. Run a deep scan with Vipre in safe mode to clean the registry. (If this is Vipre Enterprise and the agent's options did not include these abilities via the GUI there are command line options available.) If you copy the logs or zip the quarantine files from the other anti-malware products you can submit them to Sunbelt via their support page. They evaluate these and add them to their detections. BTW were these PCs, terminal server stations or what? Odd that the server didn't get hit at all. I'd be very suspicious of that. What security software was on the server? Arg, these mal-ware programmers are getting far too good at what they do. Best of luck in resolving it. _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com