Digital Spy

Search Digital Spy
 

DS Forums

 
 

Zeus


Reply
Thread Tools Search this Thread
Old 04-09-2013, 12:10
Old Man 43
Forum Member
 
Join Date: May 2006
Posts: 4,813

The company that I work for seems to have this Trojan on someone’s PC.

We know this because some servers that are picking this up keep blacklisting us.

Our IT manager is having trouble finding which PC it is on.

Short of running a anti-virus program like Kaspersky on every PC on the company network (that has access to the internet) is there any way of finding out which PC is infected?
Old Man 43 is offline   Reply With Quote
Please sign in or register to remove this advertisement.
Old 04-09-2013, 12:16
chrisjr
Forum Member
 
Join Date: May 2004
Location: Reading
Posts: 21,780
Run AV on every computer anyway. Regardless of which one (and it might not be just one) is infected.

You can't be sure the trojan hasn't got onto more than one computer so worth scanning all of them just to be safe.

Presumably they all have some sort of resident AV running on them?
chrisjr is offline   Reply With Quote
Old 04-09-2013, 12:46
Old Man 43
Forum Member
 
Join Date: May 2006
Posts: 4,813
Run AV on every computer anyway. Regardless of which one (and it might not be just one) is infected.

You can't be sure the trojan hasn't got onto more than one computer so worth scanning all of them just to be safe.

Presumably they all have some sort of resident AV running on them?
The network server has a firewall that should stop this sort of thing.

However none of the individual PC’s has an AV running on them.

We have discovered that the server that is blacklisting us. Is doing so 1st thing in the morning when people are logging onto their PC’s.

So what we are trying to do is shutting down internet access for each department and trying to trace it that way.
Old Man 43 is offline   Reply With Quote
Old 04-09-2013, 13:13
Maxatoria
Forum Member
 
Join Date: Apr 2011
Posts: 5,433
What you need to do is to put AV on every machine and probably tidy up the permissions and kick some users arses, you could spend forever trying to remove it as you decontaminate one machine another could just reinfect it 5 mins later

and with a good AV product you can one click push it out to every machine on the network and probably sort out the problem within 30 mins
Maxatoria is offline   Reply With Quote
Old 04-09-2013, 13:27
chrisjr
Forum Member
 
Join Date: May 2004
Location: Reading
Posts: 21,780
The network server has a firewall that should stop this sort of thing.

However none of the individual PC’s has an AV running on them.

We have discovered that the server that is blacklisting us. Is doing so 1st thing in the morning when people are logging onto their PC’s.

So what we are trying to do is shutting down internet access for each department and trying to trace it that way.
Well it very obviously doesn't stop it!

At work our IT bods are picky to the point of paranoia about AV on individual machines. If you let an unprotected machine loose on the network they will be removing your dangly bits before you can even plug the ethernet cable in!

In the last few months I have had to re-image two PCs that have been infected by users going to dodgy websites. And that is with AV and firewalling and all the other usual precautions. At least the AV on the machines detected the infections and seem to have prevented any damage.
chrisjr is offline   Reply With Quote
Old 04-09-2013, 13:48
Old Man 43
Forum Member
 
Join Date: May 2006
Posts: 4,813
Well it very obviously doesn't stop it!

At work our IT bods are picky to the point of paranoia about AV on individual machines. If you let an unprotected machine loose on the network they will be removing your dangly bits before you can even plug the ethernet cable in!

In the last few months I have had to re-image two PCs that have been infected by users going to dodgy websites. And that is with AV and firewalling and all the other usual precautions. At least the AV on the machines detected the infections and seem to have prevented any damage.
Yes I have said this in the past. However our IT manager would not even let me continue the subscription for NIS (which came with the PC). So I have NIS 2005 on my PC (at work) which is useless.

He won’t even let us have some of the cheap (less bloated) software that you can get online (AVG, Spybot etc).
Old Man 43 is offline   Reply With Quote
Old 04-09-2013, 13:54
chrisjr
Forum Member
 
Join Date: May 2004
Location: Reading
Posts: 21,780
Yes I have said this in the past. However our IT manager would not even let me continue the subscription for NIS (which came with the PC). So I have NIS 2005 on my PC (at work) which is useless.

He won’t even let us have some of the cheap (less bloated) software that you can get online (AVG, Spybot etc).
I would be showing that IT Manager the way to the Job Centre if I was his boss.
chrisjr is offline   Reply With Quote
Old 04-09-2013, 13:56
Old Man 43
Forum Member
 
Join Date: May 2006
Posts: 4,813
I would be showing that IT Manager the way to the Job Centre if I was his boss.
Ha unfortunately he is also a director.
Old Man 43 is offline   Reply With Quote
Old 04-09-2013, 13:58
Maxatoria
Forum Member
 
Join Date: Apr 2011
Posts: 5,433
try this sophos tool http://www.sophos.com/en-us/products...rity-scan.aspx it'll scan upto 200 machines for free so it might find the machine
Maxatoria is offline   Reply With Quote
Old 04-09-2013, 14:37
call100
Forum Member
 
Join Date: Mar 2005
Posts: 5,423
Ha unfortunately he is also a director.
Is he IT manager by accident or is it his trade?? Still best to replace him as IT manager, he can still remain a director....
call100 is offline   Reply With Quote
Old 04-09-2013, 15:02
chrisjr
Forum Member
 
Join Date: May 2004
Location: Reading
Posts: 21,780
Is he IT manager by accident or is it his trade?? Still best to replace him as IT manager, he can still remain a director....
Hopefully before somebody manages to install a less obvious bit of malware on a PC and starts uploading sensitive company data to some nefarious website.
chrisjr is offline   Reply With Quote
 
Reply



Thread Tools Search this Thread
Search this Thread:

Advanced Search

 
Forum Jump


All times are GMT +1. The time now is 17:06.