Phantasm66
Posts: 4,909 +8
PLEASE READ THIS
We are having A LOT of trouble at my work with a very nasty and very clever virus called Klez.
Please read this:
http://vil.mcafee.com/dispVirus.asp?virus_k=99455
The virus works by, amongst other devious things, searching the network for directory shares with "everyone write" access, and writing copies of itself into these.
This virus is making havok at my work LAN, and I am racing to beat it at every turn. Every time I stamp out one machine, one dumb *** user logs themselves onto another machine and loads injected files from their home directory before I have had time to clean that, and then infects another machine as well.
The virus seems very clever at breaking anti-virus software once its infected a box. Its made such a mess of certain machines, I have had to reinstall them.
But how do you figure out which machine on your LAN is sending out the virus when it writes to shares???/
Here is how:
1)Share a folder on your machine on the your LAN, and make the share permissions everyone full control.
2)Download this program:
http://146.191.34.65/sessionlogger.exe
I swear that this file is clean, and was written by a friend of mine.
3)Open a command prompt, and run sessionlogger.exe
4)This will log sessions to c:\sessions.txt.
5)Open another command prompt, and type
more c:\sessions.txt
6)Periodically repeat step 5, checking for changes in the file. You will see the computer name of any machine trying to send files to your share.
Good luck! This virus is really earning me my wages this week.
Any more information and I will report.
Many thanks to the Doctor at my work who wrote the sessionlogger.exe program.
Lord Phantazmm.
We are having A LOT of trouble at my work with a very nasty and very clever virus called Klez.
Please read this:
http://vil.mcafee.com/dispVirus.asp?virus_k=99455
The virus works by, amongst other devious things, searching the network for directory shares with "everyone write" access, and writing copies of itself into these.
This virus is making havok at my work LAN, and I am racing to beat it at every turn. Every time I stamp out one machine, one dumb *** user logs themselves onto another machine and loads injected files from their home directory before I have had time to clean that, and then infects another machine as well.
The virus seems very clever at breaking anti-virus software once its infected a box. Its made such a mess of certain machines, I have had to reinstall them.
But how do you figure out which machine on your LAN is sending out the virus when it writes to shares???/
Here is how:
1)Share a folder on your machine on the your LAN, and make the share permissions everyone full control.
2)Download this program:
http://146.191.34.65/sessionlogger.exe
I swear that this file is clean, and was written by a friend of mine.
3)Open a command prompt, and run sessionlogger.exe
4)This will log sessions to c:\sessions.txt.
5)Open another command prompt, and type
more c:\sessions.txt
6)Periodically repeat step 5, checking for changes in the file. You will see the computer name of any machine trying to send files to your share.
Good luck! This virus is really earning me my wages this week.
Any more information and I will report.
Many thanks to the Doctor at my work who wrote the sessionlogger.exe program.
Lord Phantazmm.