One of the network terminals at my work has big problems. A guy at my work was using an unused terminal to surf the net. When I passed by him I saw all kinds of anti spy ware windows open. I asked him what was going on and he said he found it that was. I ran a system wide scan and McAfee found 17 Trojans in the system and was able to clean all infected files.
I saw that he had the add/delete programs window open and asked him what he removed. He says nothing but I don't believe him. Also there is still problems with internet explorer, the home page will change each time you close IE and sometime you will get routed to a different address than you typed in.
Now when I restart the computer It won’t reload windows. I have to restart then log off and back on that network terminal. How far gone is this computer? I unplugged it from the server and haven't messed with it again
2007-03-15 11:31:52 · 3 answers · asked by millajovovichsboyfriend 4 in Computers & Internet ➔ Security
time to call the tech guys!
2007-03-15 11:39:21 · answer #1 · answered by Anonymous · 0⤊ 0⤋
Are you this guys boss? If so have you fired his behind yet? If I were his boss he would be guarded while he packed up his stuff and escorted out of the building, then barred from returning. This type of behavior is unnacceptable at any work site and/or office.
With that said, there are things a network administrator can do to stop such actions from occurring in the first place. Are you familiar at all with Group Policy? If so you know you can configure all sorts of items to control what users can do on any given computer on a domain or workgroup. If all the computers are XP Pro or Vista Ultimate, Enterprise or Business that is. SBS 2003 has fully capable features for running and configuring Group Policy and linking them to Containers, which are basically groups of computers and users. The desktop can be locked down, the browser configured to not allow certain actions, take off feature so they are inaccessable, and you can do the same with all applets on a system. Basically you can lock down a system so a user can only access those items you wish them to have access to. Limited accounts do not allow anyone to access Control Panel, so why was this guy using an administrator account? Microsoft Best Practices outline that ALL users should utilize a Limited User account, except for when an administrator needs to, well, administor a computer or domain. Then and only then does a manager or administrator log onto an account with full rights and privleges which opens the entire forrest and domain. One disgruntled worker can bring down an entire organization! IF given an Administrator account, OR access to one!! Windows Server 2003, Windows Longhorn 2007, (Vista) all have the power of Group Policy and that includes Active Directory directory.
You can also use Group Policy on stand alone computers with XP Pro, Vista Ultimate, Enterprise, Business. If it is a home or public computer you can use the Shared Computer Toolkit to lock down the sysem and only allow those features you want people/children to have access to. You can even control when and how long somebody is on the internet and force shut downs if they refuse to get off when the computer tells them time is up.
Now, in answer to your main question of whether or not this computer is toast, the answer is NO. All those technicians who like to wipe a drive, reformat and then reinstall the OS, to fix problems are simply lazy and not wishing to spend the time to find the root problem(s) and fix them. Instead they take the more simple but drastic step of wiping out everything and starting over. They try to put a good spin on this practice by telling people it gives them a "clean slate", and is the only real way to solve an infected computer, but this is simply not true. You CAN clean up a system and have it back in peak running mode with a little time and effort AND not have to wipe out valuable files in the process. Each time you wipe a drive and reformat it shaves off a portion of the lifetime of that particular drive. Lazy techs will then say, "oh, but this just allows for a new drive to be installed". Each hard drive has a lifespan, and once it reaches it it will die. Abusing a hard drive with the understanding of just "swapping" it out with another when it is broke, is not cost affective and it is simply avoidable.
I strongly reccomend you contacting your techical deprartment and have them fix this issue. If you do not have a tech department then call a reputable computer technical company and have somebody come out and fix this. Then learn all you can of Group Policy by going to the On demand webcasts at the Microsoft technet websites and purchasing a book called, "Microsoft Windows Group Policy Guide" put out by Microsoft press. It is an invaluable tool in stopping this very thing from occurring on a domain/workgroup network.
So, bottom line is the computer is fixable, it will just take some effort and perhaps a few dollars. If you have the time go ahead and work on it yourself. If you come to a problem you get stuck on call in some help, but make sure you watch what they do so you can replicate it later. There are computer technicians who can work on the system remotely, and you can allow the tech to do all the work, or you can have the tech walk you through the steps yourself, which in my HO is by far the better way to go as you learn what to do by doing it in a guided fashion.
Here are some websites to get you started on Group Policy:
http://technet2.microsoft.com/windowsserver/en/technologies/featured/gp/faq.mspx
http://www.microsoft.com/events/series/grouppolicy.mspx
The first link is to general decription/function and use of Group policy, the second is to a series of ondemand webcasts you can download and view on Windows Media Player. I personally have viewed all of the webcasts and found them very informative and helpfull in understanding and deploying Group Policy in my own Administrative roles.
Now, I am not saying cleaning up this computer will be simple, but that it is doable without having to discard or reformat and reinstall the OS. Also, it may take some time to find and root out all of the problems this employee has created, or it may be a simple reconfiguration of key areas. If you are not technically inclined then go ahead and send for a technician who can simply fix this and get it back up and running again. However, if you ARE curious how this works and would like to learn how to solve simular issues in the future, by all means do it yourself, or have somebody guide you through the process. It is great fun, in my opinion, but then I am a late blooming geek too! ;-)
Good luck and have a great day!
2007-03-15 13:14:32 · answer #2 · answered by Serenity 7 · 0⤊ 0⤋
first
download a spyware program from the link below
then see how things act
you can go to smartcomputing.com for some help
2007-03-15 12:50:33 · answer #3 · answered by Elvis 7 · 0⤊ 0⤋