In article <162fae21-bed4-4d67-93ff-
>,
says...
>
> I posted a few weeks ago but have done some further work/consideration
> about this issue.
>
> I've just taken on a new client whose network has been left in pretty
> bad shape by their previous IT support provider. They have
> approximately 11 XP workstations and 1 SBS 2003 DC.
>
> To sum up the state they're in:
>
> - No server or workstation Windows Updates installed for a very long
> time (still on XP SP2)
> - AVG Personal Edition on all workstations, AVG SBS on the server but
> expired May 2010.
> - No logon passwords needed/very poor passwords on workstations
> - Conficker virus infection on all computers.
>
> The previous IT firm seemed to give up on the client once they knew
> they had a Conficker infection.
>
>
> I want to rid them of the Conficker virus first of all. My plan of
> attack is as follows:-
>
> One workstation at a time:
>
> 1. Format the workstation. Reinstall Windows.
> 2. Install all available Windows Updates.
> 3. Install business class anti-virus software
> 4. Implement additional protection to prevent reinfection (see below)
> 5. Ensure complex logon password
> 6. Join the workstation back into the domain and configure for the
> user.
>
> By doing this I'm hoping to gradually one workstation at a time
> eradicate the virus from the network and prevent reinfection once the
> workstation is re-introduced to the network. Additionally doing one at
> a time to prevent mass downtime.
>
> The advice I would appreciate from you guys is:
>
> 1. I want to PREVENT re-infection. This is crucial. As well as updates
> and AV software I plan on doing the following:
>
> - Complex local admin password
> - Block Autorun
>
> Is there anything else I can do on the workstation before
> reintroducing it to the network to PREVENT reinfection?
>
> 2. Is this the most effective method of removing the virus from the
> whole network?
You can't do this one at a time, you need to down all workstations, keep
them off the network, and then do as follows:
Download the Avira Antivir Server product, it will run for 30 days,
install it on the server, reboot, make sure it updated, run a full scan.
Download Avira Antivir and put it on a USB stick, download the manual
updates.
Now, take one of the XP workstations, assuming the company was smart
enough to purchase all the same systems around the same time - wipe it,
reinstall from scratch, install Avira Antivir, connect to the network,
do all the updates, DO NOT JOIN THE DOMAIN YET. Now, SYSPREP the
computer making it ready to clone to the other computers...
http://support.microsoft.com/kb/302577
Now, clone the computer's HD to the other machines that are the same
type/model.
Bring them all online, rejoin them to the domain, install a Enterprise
type AV solution that is managed by the server, don't make local
workstation users LOCAL ADMINISTRATORS.
Next, get them a firewall appliance that can inspect email and HTTP
traffic and remove malware - like the
www.watchguard.com units.
--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
(remove 999 for proper email address)
Similar Threads
Linear Mode
