On Thu, 2004-04-08 at 10:46, James Kosin wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Ow Mun Heng wrote: > > | Hi Guys, > | > <<--snip-->> > > | > | SO.. what are your comments? > | > > It really depends on the virus. Some infect, or try to, every file on > the system. Some just reproduce themselves on shares to get executed by > unsuspecting users. Some actually remove/delete/trash files... > > 1) Usually, you need to isolate the computer infected from all outside > connections... this includes the NET. To keep spreading down to a minimum. > > 2) Next, inform all users. Regardless of weather or not they are > infected. Someone may remember something or realize I ran that file the > other day. > > 3) Disinfect the primary computer. And check all the others for the > virus as well. Some viruses will spoof / hide / trick you into thinking > things are OK and crop up again. > > 4) If any important files are missing or bad, restore them from known > good backups. (2 days ago, you need to go back at least 3 days in your > backups to restore). > > 5) PLEASE INFORM YOUR MIRROR SITE if off premises or out of your > control. The sooner they know the better. > > 6) Try to find out how the virus got on the system. This is research > intensive... FIND a solution to keep it from happening again. > > 7) Prepare for the next virus! > > Good Luck, > James Kosin > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (MingW32) > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org > > iD8DBQFAdWWwc7lFLjBWKW0RAjZsAKCCkP8mjTOMS1ue8PJRqrZOkAl8gwCfQyaR > NKN4pXSeL47qxEZ+miMXw3U= > =dttD > -----END PGP SIGNATURE----- And if I might add don't assume all is safe, since the virus may now be on a cdrom, floppy, or some other removable media out of your control. -- jludwig <wralphie@xxxxxxxxxxx>
