okay computer genius peoples: i was having some problems on our work computers here at the office and have found a "worm" that has been loaded on to a few of the computers that totally maxes out performance of the computer, freezing everything. the names i found were: oocfwm.exe results.exe ~2.EXE lknq.exe oocfwm.exe gwigsb.exe anyways. i searched the 'net, found a way to manually remove them <they are different names, all for the same "worm"> from the computers and have done so...they seem to be gone but the question i have for those more computer literate than myself... how did they get on my system in the first place? not that i totally care but i just would like to know for future reference, i know i didn't download any sort of attachment that had them on it, at least that i know....so could i have gotten them from visiting a web site or what? thanks.
Well, depending on the worm, it may have happened in a couple of ways- But it probably propagated through your "shares", if you all are in a small office environement and sharing files off each others PCs. In addition there are a myriad of well-know exploitable holes in the OS and other services (ftp & web servers, among many other useless services run by default on W2k) it provides. I would recommend disabling the "allow others to access my files and printers" (not exactly it, but there's something like that in you network set-up area) and making sure everyone is absolutely vigilant about running Windows Update and updating their anti-virus definitions. Unfortunately, virus scanners are only as good as their definitions and many of the worms are able to spread before a definition can be created and distributed. A properly configured Intrusion Detection System is actually the most effective way to prevent this, and future worms that anti-virus aren't able to catch due to update convergence time, but I'm guessing if you're doing PC support, you all probably aren't big enough to spend the 25-60k that a decent internal IDS sytem is going to run you. And yes, if you're not careful, you can get worms or viruses or trojans from websites- I just had to rebuild a clients terminal server the other week because his users install anything the web tells them too. Another common way I've seen malware get into decently secured networks is people downloading cracked software- While you might not have to pay for the software you want, you might also be getting quite a few suprises silently installed on your PC. If you have macros enabled and running silently, you can also get a whole host of problems from that too.
yea, i am the "pc support" for the 5 of us... and i know just enough to get me through certain things, and get me in trouble on the computer. to solve this problem i just search the net and figured it out but it took me all morning long so it was quite a pain. the problem probably happened b/c up until this past monday we only had the internet on one computer in the office, we have since swtiched the connection so we are all connected. needless to say windows NT <which we are running> hadn't been updated in ages and neither had the anti-virus software. hell, i spend monday-wednesday of this week just doing that for our system. uggh, thanks for your suggestions and help.
Oh, you might consider Zone Alarm as another layer of defense. It's free and it's sort of like host-based IDS, and it should greatly aid you in preventing network-bourne viruses. And don't forget AVG is a great, free anti-virus, that I personally prefer to nortons. And before some other whitehat corrects me- I wasn't talking about "classic" IDS. I know that won't stop a worm. I'm talking about the newer generation IDS implementations that perform real-time mitigation through ACLs, flooding, spoofing and other methodologies . . . .
okay, i checked out that AVG and it is only available for non-networked computers, we are in a networked office environment. spending money is not a "problem" in terms of anti-virus software, is there anything that anyone would recomend over another? we are running windows NT so that might limit the programs we can use. any suggestions would be helpful.
OK, you're slightly misunderstanding their caveats, and with good reason, as they've propogated a semantic disconnect between the actual understood meaning of that term "networked" and the way they're using it, in context of their AV program- When they say "non-networked", what that means is that is has no centralized management and update distribution center, both typically located on a server, which they like to say provides "total network protection" which it doesn't- It enables centralized management of Anti-virus functionality, and takes the resposibility off users to update and scan. I know plenty of people who are using the free editions in networked environements, but upon further review of the license agreement, that appears to be a violation. So while I can assure you that the free edition of AVG would satisfy your needs, and would certainly run in your environment, I can't really recommend it, though any of the premium versions would be legal. So basically you have two options- Regular anti-virus, where the users have to be trusted to update their definitions and scan for viruses or you can choose a centralized system- Norton Antivirus Corporate Edition or AVG Network Edition. Both of these rely on a AV server (which can be a user workstation in a small environment), where virus updates are stored, and centralized management over all the workstation's anti-virus functionality is performed. Technically, this model does not provide any more protection than regular AV, though the typical problem with anti-virus is the user at the workstaion, so centralized management does mitigate that issue.
so i can download individual anti-virus software to each workstation <we only have 6 of them> and as long as each is updated by the user <or by programmed each day/week/etc> we should be alright? no need to get centralized in my opinion with such a small network...thanks so much for your help! my boss appreciates it too
Yes, but don't forget that running Windows Update (or using the automated thingy) regularly is also an integral part of your malware containment strategy.
okay zpjohnstone i am back with a few more... i talked with my boss yesterday and he would prefer to run a centralized anti-virus system, where it would be located on one computer within the network <not the server> and scan all the other computers in the network, just makes updating the anti-virus software a "one computer deal" which he prefers... so the question i have is; what kind of software would you recomend using. looking through mcafee i was kinda confused b/c they have software for small businesses which is for mulitple licenses, and then you have the standard "stand alone deal" for your normal "home" computer user. we are all running windows nt service pack 6 so i don't know if this limits what brand or kind of software we can use on the system. sorry to keep bothering you with my own workplace problems...just that our office is so small my boss would prefer a somewhat computer knowledgeable idiot like myself to work on the system <adding anti-virus software and updating windows> as opposed to hiring a computer person to come in for the day and do it.
Norton Anti-Virus Corporate Edition You will have to install code on the clients, but only once- They will not be able to disable or mess with their anti-virus, and your central AV server will control updates and scanning and such.