Expert Profile

2

Details

Connect

Lawrence Abrams

I’M LAWRENCE ABRAMS, THE PRESIDENT of BLEEPINGCOMPUTERS.COM

As a former CTO of a New York City ISP, I’ve seen almost every type of malware pass through a network. To help people use their computers securely, I founded BleepingComputer.com. Since inception, the site has grown into one of the largest malware removal and computer help sites with close to 300,000 registered members and about 2.5 million unique visitors per month.

My Posts

COMMENTED ON:

Minimizing the burdens of moving to Windows Server 2008 R2

December 23, 2009 at 8:12 AM

3 comments

This is a comment

COMMENTED ON:

How can we rid our network of a worm outbreak without taking our PCs out of commission?

December 21, 2009 at 7:12 PM

3 comments

As others have said, you may want to look into a new antivirus vendor to prevent this happening again in the future.cleaning a network worm once it has spread through your network can be a royal pain. As said, once you clean a computer, another one could just reinfect it. Unfortunately, though, there is no easy way to clean your machines, and keep them from being reinfected, without downtime or lot's of firewalls or access lists. The best advice, which is unfortunately not what any network tech wants to hear, is to shutdown the network at night and literally go from computer to computer cleaning them. After each clean, detach it from the network and move on to the next. Once all the machines are clean, bring them back online.If its a fairly easy worm that does not protect itself, you can also add commands to the domain's logon script so the script kills the process, scrubs the registry, and deletes the file when a user logs on. It may take some experimenting, but this is a good method to do a network wide cleaning. This will only work,though, if the malware does not protect itself in some manner.