Q: What is containment action after Virus is found

[James Kosin]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ow Mun Heng wrote:

| Hi Guys,
|
<<--snip-->>

|
| SO.. what are your comments?
|

It really depends on the virus.  Some infect, or try to, every file on
the system.  Some just reproduce themselves on shares to get executed by
unsuspecting users.  Some actually remove/delete/trash files...

1) Usually, you need to isolate the computer infected from all outside
connections... this includes the NET.  To keep spreading down to a minimum.

2) Next, inform all users.  Regardless of weather or not they are
infected.  Someone may remember something or realize I ran that file the
other day.

3) Disinfect the primary computer.  And check all the others for the
virus as well.  Some viruses will spoof / hide / trick you into thinking
things are OK and crop up again.

4) If any important files are missing or bad, restore them from known
good backups.  (2 days ago, you need to go back at least 3 days in your
backups to restore).

5) PLEASE INFORM YOUR MIRROR SITE if off premises or out of your
control.  The sooner they know the better.

6) Try to find out how the virus got on the system.  This is research
intensive...  FIND a solution to keep it from happening again.

7) Prepare for the next virus!

Good Luck,
James Kosin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAdWWwc7lFLjBWKW0RAjZsAKCCkP8mjTOMS1ue8PJRqrZOkAl8gwCfQyaR
NKN4pXSeL47qxEZ+miMXw3U=
=dttD
-----END PGP SIGNATURE-----