Security: Cleaning a Virus Infected Network
When a company's network gets compromised by a virus, it can set off panic throughout the workplace; and with Internet access a “must” for most company employees (specifically for email and company Intranet work), a network infection can happen in the blink of an eye.
In one particular case, Overmortal was called in to help one of our clients fight a company-wide infection that had crippled their network. The infection was extremely bad. Every single desktop computer was infected with three separate viruses and each time any one computer was clean, the virus was pushed back out to it from one of the other computers. The network was toast and the company was handcuffed.
The Overmortal team showed up at 7:00 am on Thursday morning and set about a network cleaning process that ran 21 straight hours. No sleep. Very little food.
The entire network needed to be brought down, and each computer was isolated and cleaned. We needed to kill very specific processes and run very specific tools based on security data we had researched just in order to get the computer running to a point that anti-virus software could work. After running a few different anti-virus software programs, the computer was then safe to reboot. At this time, we installed Windows Defender to help keep the individual computer clean.
Once all of the desktop computers were clean, we needed to start working on the servers. Not only did the servers need to be cleaned of any infection, but permissions needed to be adjusted, and the network's wiring was such a mess that nobody knew which network cables were hooked where. We ended up having to rewire and color code the entire network.
21 hours later, the network was clean, the desktop computers were hooked back into the network and running Windows Defender and all seemed right in the client’s world again.
No network cleaning operation is too big that it can’t be fixed. But at 21 straight hours with a team full of network security specialist, this was the single most expensive project that our client had ever needed to sign off on. All of this could have been avoided with proper security permissions on the servers, and anti-virus/anti-spyware programs on the desktop and laptop PC’s. Windows Defender was new at the time, but it was free and very effective. Today, we actually recommend Windows Live OneCare for people looking for an effective anti-virus/anti-spyware solution that doesn’t lock down or slow down your computer as much as Norton or MacAfee. Nine times out of ten, OneCare has successfully removed any infection we've come across. For that other one tenth of the time… well, that’s usually when all of the hardcore security research occurs.
As a business, you can't skip on virus protection. Protecting your employees' PC's with something like OneCare will help prevent network-wide infections, while ensuring the most qualified people are working on your servers and network will keep your business running smoothly despite the occasional hiccups. With more and more of business relying on technology, the security of your technology is one of the most important things for which you should be budgeting.
