Q: What is containment action after Virus is found
jludwig
wralphie at comcast.net
Thu Apr 8 15:34:40 UTC 2004
On Thu, 2004-04-08 at 10:46, James Kosin wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Ow Mun Heng wrote:
>
> | Hi Guys,
> |
> <<--snip-->>
>
> |
> | SO.. what are your comments?
> |
>
> It really depends on the virus. Some infect, or try to, every file on
> the system. Some just reproduce themselves on shares to get executed by
> unsuspecting users. Some actually remove/delete/trash files...
>
> 1) Usually, you need to isolate the computer infected from all outside
> connections... this includes the NET. To keep spreading down to a minimum.
>
> 2) Next, inform all users. Regardless of weather or not they are
> infected. Someone may remember something or realize I ran that file the
> other day.
>
> 3) Disinfect the primary computer. And check all the others for the
> virus as well. Some viruses will spoof / hide / trick you into thinking
> things are OK and crop up again.
>
> 4) If any important files are missing or bad, restore them from known
> good backups. (2 days ago, you need to go back at least 3 days in your
> backups to restore).
>
> 5) PLEASE INFORM YOUR MIRROR SITE if off premises or out of your
> control. The sooner they know the better.
>
> 6) Try to find out how the virus got on the system. This is research
> intensive... FIND a solution to keep it from happening again.
>
> 7) Prepare for the next virus!
>
> Good Luck,
> James Kosin
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFAdWWwc7lFLjBWKW0RAjZsAKCCkP8mjTOMS1ue8PJRqrZOkAl8gwCfQyaR
> NKN4pXSeL47qxEZ+miMXw3U=
> =dttD
> -----END PGP SIGNATURE-----
And if I might add don't assume all is safe, since the virus may now be
on a cdrom, floppy, or some other removable media out of your control.
--
jludwig <wralphie at comcast.net>
More information about the fedora-list
mailing list