On a network of this size you really have only one option: put down the network, reimage all terminals, clean all shared drives (or preferably, restore a clean backup) and only if each and every external drive and terminal is clean, connect everything back.Furthermore, if this is a business/institution computer, are you the domain administrator? If you are not, have you informed your domain administrator, (business manager, Systems Analyst, or Information Technology (IT) Specialist)?
I ask for several reasons:
- There may be restrictions and modifications installed on such machines that could be damaged or altered by the actions we take to remove Malware.
- Any infection could jump terminals in a computer network.
- There may also be legal issues regarding any loss of business data that I do not wish to deal with.
- Some people who come here use their computers for work, and the computers may contain the patient records of a physician or the financial records of an accountant's clients or credit card and bank account information of their employer's customers.
- There may be tremendous risks and legal liability for such users for not fully securing the computer. We will not know this unless we ask. We do not want to be accidentally putting those we help in vulnerable positions for lawsuits.
- Business factors outweigh technical factors in making the reformat and reinstall decision. Sometimes friends give missing CDs or lack of expertise as a reason for not doing a reformat and reinstall.
- The cost of replacing missing Windows XP and MS Office CDs and getting an Microsoft Certified Systems Engineer to come in for 3 hours to do the reinstall and apply all the critical updates, is trivial compared with the potential cost of a multi-million dollar lawsuit for breach of trust if confidential client or patient information is disclosed.
- In specific situations where highly confidential information about others is on the computer, and a backdoor virus or trojan is found, we are helping people more by identifying that they have a backdoor trojan which puts them in a particularly vulnerable situation and sending them to seek local professional help from a Microsoft Certified Systems Engineer or Certified Information Systems Security Professional or Global Information Assurance Certification Certified Security Expert or Certified Computing Professional or Internet Service Provider than we would be trying to fully resolve their problems long distance.
The solution you propose will help somewhat, but only as prevention method, not as cure.
Edited by elise025, 28 September 2011 - 11:19 AM.
"Now faith is the substance of things hoped for, the evidence of things not seen."
Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome
Malware analyst @ Emsisoft