Worms in my Network - Please Help

K

Kwak

n00b
Joined
Dec 28, 2005
Messages
36
Hi, can you offer some steps to protect my pc?

Main PC is running Windows XP Pro. Connected to the switch, switch connected to the router. AVG Free antivirus and default Windows Firewall enabled. Latest Windows update and Service Pack prior to the virus.

Four PC is running Windows XP Home and also connected to the switch.
Few of these pc got infected with bad trojan virus, malwares, and/or other evil spywares.


I wasn't aware before that these viruses can transfer themselves through the switch and router and unto my main PC.
The Main PC is now affected and have the following problems:

* Can't update on Microsoft Update page.
* Redirects to other spam websites.
* Opens up spam website in a new browser.
* "Work offline or Try Again" message appears when I go to a website.

After the virus, I can't update the Main PC both manually and automatically on Windows update page.

I ran AVG Free antivirus scan and deleted all found viruses. Ran Spybot Search & Destroy, deleted all spywares. Ran ESET online antivirus scanner and removed all virus. Still the same problem.


1) If I install a fresh copy of Windows 7 on the Main PC, can I still get the viruses from using the same switch and router?
2) How do I fix this problem? Thank you in advance.
 
1) No, using the same switch, router won't give you the same viruses. (Unless they are some new ones that infect the router firmware. Doubtful, but possible I suppose.)

2) Try running Combofix on all your computers.
 
by default all versions of windows are pretty lax about local polocies. Nobody wants to setup their own domain and add PCs to it, they just want to be able to browse to //othermachine/coolstuff, so Microsoft has a whole bunch of handles which makes windows promiscuous on its own network. Well, that is until windows 7, where, if you tell it that its on a public network it simply wont talk to anybody.

But yeah, pretty well all malicious code is network aware these days. If you nuke one PC on your network, there's a good chance the others are infected and thus removing one machine did nothing.

I think its time you reformatted all 4 of those machines.
 
Once you do fix all these issues

Setup limited accounts on the computer and use these for normal day to day uses(Will improve security)

Set your DNS to opendns
http://www.opendns.com/

Some will say AVG not the best. So personal choice. Their are other free one that are better IMO (Microsoft security essentials)
 
Thank you all, I will definitely give those programs a try in the sticky thread and come back if necessary.
 
You say your running XP but then you say you have the option to format and install windows 7? If you have this option then just screw all the malware fighting and just reformat to win7. You will see significantly less infections on win7 than you will on xp.
If this is not an option I would suggest trying to run Malwarebytes first. If you are unable to run malwarebytes (won't let you even run it) try running rkill first (kills active malicious processes) and then try running mbam again. Post the log here if you can. If it doesn't find anything then most likely you are best off at using combofix (use with caution, this is a very powerful tool). If it comes to that then post the combofix log as well (it should appear on C:\)
 
But if I install Win7 only on the Main PC and leave the four with XP Home, is there a possibility that the Main PC will catch a similar virus by sharing the same network (switch and router)?

I'm mainly concerned about this because the Main PC was virus/spyware-free until two of the four PC got infected with the nasty virus. The virus somehow transferred over to the Main PC and may have to do with the basic switch network setup.
 
Possibility...yes; but in reality the probability is greatly reduced with Win7. The OS is a MUCH more secure, with more protections and what not that XP. Additionally, things that infect XP will not necessarily be capable of infecting Win7.
 
Kwak said:
But if I install Win7 only on the Main PC and leave the four with XP Home, is there a possibility that the Main PC will catch a similar virus by sharing the same network (switch and router)?

I'm mainly concerned about this because the Main PC was virus/spyware-free until two of the four PC got infected with the nasty virus. The virus somehow transferred over to the Main PC and may have to do with the basic switch network setup.
Click to expand...

It's doubtful. Most likely the malware exploits a vulnerability in XP (there are tons) and that vulnerability most likely does not apply to windows 7 (can't say with 100% certainty though). Your best bet would be to do what I said above (mbam -> post log -> combofix -> post log) on the 4 other XP computers and then in the process install win7 on the main pc. Is there a possibility that you could just wipe the other computers? Combofix will most likely fix it but formatting can always make 100% sure its clean.

If you have the funds I would suggest upgrading all of your pc's to win7, but seeing as how that may not be possible right now do the steps above and go ahead and wipe your main pc if you already have win7.
 
You must log in or register to reply here.
Back
Top