Hacked network...

[brokencrow]

...and cleaned both Netsky and Beagle out of one of the owners' computers. Everyone else looks clean. Our DSL provider lost a router on Friday and they're still having problems with the RBC clients (the PPPoE crowd is back online apparently), so we were offline anyway. I had downloaded Symantec's tools for those viruses last week and copied the exe's to each computer and ran them. I'd say we're good to go, but I know better...

[Tiger Shark]

Broken..... Always expect the unexpected..... but then I guess it won't really be unexpected....

[brokencrow]

...is to be expected at this point. What a mess. I was in yesterday trying to get the internet back up. Our DSL provider is Alltel. They lost a router on Friday, told us to pull the plug on our ol' Orchid modem for four hours or more, still no internet. Rebooted the server, still no internet.

Called Alltel's tech support and they had me plug up my laptop straight to the modem. The internet worked fine. But hooked back up to our firewall, nada. So I bypassed the firewall and went straight to the second nic on the server (like it used to be), nada. I hooked the PIX back up and tried accessing it, no luck. I don't know PIX, haven't RTFM'ed yet. Pretty much gave up, then tried a linux boot disk on the server. Don't think it had the driver for the gigabyte nic on the HP server, so that didn't work either.

A couple of strange things though. One, shutting down the server, it had an application error in vcagent.exe and said "the memory could not be written". We've had a number of these app errors. Two, unexpectedly had the W2K background for the desktop disappear right before my eyes. That was weird. Display Properties was open when I came in and the background was set to the bmp, I changed it, scrolled back down and it wasn't there. That bmp was named "bobrand" which is not the default name. Maybe that one is nothing, I dunno.

I also went thru the eventviewer for a bit. Is there a way for me to copy the eventviewer to a spreadsheet so we got some documentation? Thanks.

[Tiger Shark]

Yes.... Manage your computer... select event logs right click the log - Save as - name it what you want and change the file type to csv.... Bingo....

[whatthe]

cleaned both Netsky and Beagle out of one of the owners' computers. Everyone else looks clean.

What a shock. This seems to be the rule rather than the exception. It's also generally the IT person's fault that the boss got these.

[brokencrow]

....networking co's MCSE was in yesterday, turned out Alltel was the problem (surprised? I'm not...) as they couldn't push an IP past Ye Olde Orchid modem. The MCSE was in the PIX, config'ing it, but couldn't pull an outside IP. Wished I'd had a Smoothie ready to go. We went back & forth with Alltel, they finally rolled us over from an RBE authentication to PPPoE and the net came back up about 5 p.m.

Pointed out a couple of the server issues, but got little response other than a quick check of the eventviewer. It's tough to deal with issues that aren't right in front of you, and this stuff comes in layers. We got the networking layer handled, got my eye out for ass't virii, and we'll see where she takes us...