Below I have provided some generic instructiions for network cleaning. We do not have the staff or resources to assist with disinfection of numerous machines but this will get you started in the right direction. Keep in mind, we at BC will assume no responsibility for any assistance provided
If this is a client machine, to prevent the malware from spreading to other clients on the network keep this system separated (isolated) from all others and disable network file and printer sharing
until fully cleaned. Vista users can refer to these instructions
If you're not sure about the source of infection, start by disconnecting (isolating) all client machines from the network. Check and disinfect each client individually by performing a full system scan with your anti-virus in safe mode
to ensure it is clean before reconnecting.
After that print out and follow these Instructions for using Malwarebytes Anti-Malware
and perform a Quick Scan
in normal mode, then reboot the system normally. Failure to reboot normally
(not into safe mode) will prevent MBAM from removing all the malware it finds.Note
: Some types of malware will disable Malwarebytes Anti-Malware and other security tools to keep them from running properly. If that's the case, please refer to the suggestions provided in For those having trouble running Malwarebytes Anti-Malware
Start with the server, then one at a time, do the same for each client machine until you ensure it is clean and can be reconnected. That is a tedious task, but it ensures each machine gets individual attention and a full system scan of all files and folders. Trying to do things remotely can result in missed detections. If scanning of a mapped drives only scans the mapped folders, it may not include all the folders on the remote computer. Further, if a malware file is detected on the mapped drive, the removal may fail if a program on the remote computer uses that file.How to scan your network with Sophos Anti-Rootkit <- this link has instructions for use on large networks
On a network where the domain controller has been infected with a rootkit, you should clean the domain controller before cleaning the remaining computers on the network. See rootkit removal on a network with an infected domain controller
If you were infected by malware that spreads to network shares or by a password stealing trojan, change the passwords for all important applications and set strong passwords for shared network resources.Note
: As an alternative to Flash Disinfector, you can download and use Panda USB Vaccine
.alternate download link 1alternate download link 2
Note: Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an AUTORUN_.INF as protection against malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.
- Double-click on USBVaccineSetup.exe to install the program to C:\Program Files\Panda USB Vaccine.
- Read and accept the license agreement, then click Next.
- When setup completes, make sure "Launch Panda USB Vaccine" is checked and click Finish to open the program.
- Click the Vaccinate computer button. It should now show a green checkmark and confirm Computer vaccinated.
- Hold down the Shift key and insert your USB flash drive.
- When the name of the drive appears in the dialog box, click the button to Vaccinate USB drive(s).
- Exit the program when done