Many viruses spread via computer networks in cafes and offices mainly due to Internet access. One client computers are infected can infect the entire network of computers that can be hundreds. In addition, each client computer to share files / folders will be more susceptible to the virus which, incidentally, always looking for opportunities to mengandakan yourself and then spread.
Consider how to overcome the Norman antivirus below:
Stop sharing network infectors
Many viruses today responsible actions infections. They infect open shares throughout the network. One infected computer is capable of infecting hundreds of other machines. This is a common scenario that many sites have open shares on their servers where all users have unlimited access. Shares goal is to ensure universal area where all users can exchange information and general files. Other scenarios include shares that are not intended for public use, but are open due to lack of planning and security. Whatever the reason, these file shares highly exposed to viruses such as Pinfi and FunLove opened file shares as a target for infection resources.
Share infektor scenario:
The figure above shows, unprotected station (IP: 192.168.0.13), which allowed Pinfi run the infected files. Infected plant will spread open file shares on computers in the network, look for files. Exe and. SCR extensions of these shares and then try to infect these files. All servers in this situation are protected by updated antivirus software, which monitors the file system on the server. An attempt to infect files on these actions will be identified and cleared the virus.
The problem, however, is that the workstation is still infected and re-infect files. Exe and. SCR presents shortly after the antivirus software performed the first clean operation. Now we have a cleaning cycle infect infect last forever unless something is done with the original infection: the infected plant.
Search for source of the problem
In a large network with hundreds, even thousands of machines, it can be very difficult to find these jobs. Virus warning usually only indicates the target file for the infection, the virus and what has been done to a file. This is not strictly necessary for some extra information to solve this problem.
One way to solve this problem is to use an external tool to monitor a file that can be infected. To avoid too many changes on any of the primary servers can be a good idea to create a new test machine in the network, create an open share on this machine, and place the copy. Exe file here. Pinfi if we know. Exe files are attractive targets to infect, and we copy the file calc.exe directory \ Windows into a new file share. Calc.exe file now "bait" for the infected.
Before connecting the machine "bait" for the network, you must install "sniffer". We think Wireshark is a good alternative, but programs like Sniffer Pro and EtherPeek do well, but Wireshark can be downloaded free of charge. It contains a lot of functionality, so in this paper only cover functions relevant to solve this particular situation.
Set Ethereal
Requires two components:
1. Install and run Winpcap drivers that can be downloaded from winpcap.polito.it
2. Install and run Wireshark - can be downloaded from ethereal.com
NOTE: Although our experience with Wireshark is good, we do not support it, so use at your own risk.
Monitor online activity
When installing Ethereal, make sure TSNV access scanner runs on your PC and start the NVC Utilities, opens a window where messages. Before you start monitoring the file, make sure it is infected with a virus agent View message window. If viruses, the bait does not work do not appear. Check again to make sure that the directory containing the bait really is shared, and all users have full access to the public.
If it still does not work, you may need to install Ethereal on one of the servers where the infection originally appeared. Some share infectors just infect shares that were available at the start of the infected program. In this case, find a file for use as bait for the infection. Ether start now. We want to capture the activity that the machine receives via the network. But we just want to focus on activity related to the bait, which calc.exe test file.
Mr. lower left corner there is a field labeled Filter: In this field type the string:
smb.file contains "calc.exe"
Click Capture / Start, and then click OK. Pick up window. Now watch the activity in the message window NVC power. Once there is a new infection on our bait, close the etheric shooting. Login outer capture appears in the main window. Make sure that our filter is active, click Apply.
Looking at the "Destination" column "Source", and should now be able to see the IP-address used in processing the file calc.exe. In our case the local address for our machine 192.168.0.15. IP-addresses and other 192.168.0.13 involved in the transaction. Obviously, the machine address 192.168.0.13 infected. Now you can solve this problem by providing, then do a full analysis sheets supplied with the appropriate reference point (s).
Repeat the process to ensure that there are no other infectors in the network.
0 Comment For "Overcoming Virus In Computer Networking"