Computer technicians/experts/manipulators/programers/etc. pls help?

Question

We have a verey big problem in the HighSchool Department of SPUP almost all of the computers in our dept. had been infected by a virus so called:
"Gwen Garci Sex Scandal/Imeges/Videos"(im sory if the spelling is wrong) our anti spyware did not work/deleted the virus, our updated avg free edition did not work/deleted the virus, our updated norton 05 did not also work/deleted the virus. pls tell us what antivirus or what kind of process we will be doing exept reformating system restore cannot help because the virus came from a flash drive of one of the teachers. pls we need your help we must act fast bec. if the principal of our dept. will know this all teachers will be in a very big trouble. SO PLS ALL COMPUTER EXPERTS/TECHNICIANS/MANIPULATORS/PROGRAMERS
PLS HELP

Answer 1

If you follow all the following steps it should get rid of your problem and prevent future problems. All programs listed are free.

OS Reinstallation vs. Virus Removal
http://safecomputing.umn.edu/guides/rebuild_repair.html

When should I re-format? How should I reinstall? (#10063)
http://www.dslreports.com/faq/10063

Securing a Personal Machine
http://safecomputing.umn.edu/studentchecklist.html
---------------------------------------------------------
Update your antivirus and run a full scan

If you do not have full time (active) virus protection install (only one) all are excellent:

AVG Antivirus 7.5 Free Edition
http://free.grisoft.com/freeweb.php/doc/avg-anti-virus-free/lng/us/tpl/v5
http://www.download.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10669237.html?tag=lst-0-1
or
Free antivirus - avast! 4 Home Edition
http://www.avast.com/eng/avast_4_home.html
or
AOL Active Virus Shield (powered by Kaspersky)
http://www.activevirusshield.com/antivirus/freeav/index.adp
---------------------------------------------------------
Install Windows Defender (full time spyware protection)
Perform a full scan in safe mode
http://www.microsoft.com/athome/security/spyware/software/default.mspx

or
AOL Automatic Protection Against Spyware and Malware
http://daol.aol.com/safetycenter/spyware
http://daol.aol.com/safetycenter/
---------------------------------------------------------
Install the following five programs and run weekly or at least monthly. You need all five. They will greatly increase your protection. They are not a substitute for full time spyware and virus protection.

Ad-Aware SE Personal (update + full scan)
http://www.lavasoftusa.com/products/ad-aware_se_personal.php

Spybot Search & Destroy (update + immunize + scan)
Do not enable Tea Timer and SDHelper
After installation: update + scan + immunize
http://www.safer-networking.org/en/mirrors/index.html

SpywareBlaster: Update then open and click “enable all protection”.
http://www.javacoolsoftware.com/spywareblaster.html

SUPERAntiSpyware free version: (update + scan)
http://www.superantispyware.com/

CCleaner: Do not install toolbar option
Removes tracking cookies, unneeded files, history
In options.
Set to run when computer starts.
Place cookies you want to keep in save list
http://www.ccleaner.com/
-------------------------------------------------------------
Note if a scan detects a problem but is unable to remove, start the computer in safe mode with the internet line disconnected and run a full scan.

In severe cases your system restore files will also be infected. In these cases you will need to turn off system restore to prevent malware hiding in the system restore files and reinfecting the computer during removal or during a future system restore. Turning off system restore deletes the system restore files.

Right click on "my computer"> Properties > System Restore Tab > Check box turn off system restore

After the malware is removed turn on system restore.
---------------------------------------------
McAfee Site Advisor: Internet Explorer and Firefox
http://www.siteadvisor.com/
Indicates if a site is unsafe and can link to a page to explain why it is unsafe.
----------------------------------------------------------------------
Additional run this time and monthly.

Run Microsoft Update "Custom Mode" install everything
http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us

Microsoft OneCare Live, run “full service scan”
Updates windows, virus and spyware scan, disk cleanup, disk fragmentation (if needed), backs up registry and then cleans registry, and checks for open firewall ports
http://onecare.live.com/site/en-us/default.htm

Malicious Software Removal Tool (run “full scan”)
http://www.microsoft.com/security/malwareremove/default.mspx
-------------------------------------------------------
RootkitRevealer v1.71
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx

Rootkit Removal Guide
http://safecomputing.umn.edu/guides/scan_unhackme.html

Rootkits Removers
Pick any 2 install and run one each month

AVG Anti-Rootkit
http://www.grisoft.com/doc/products-avg-anti-rootkit-update-app-art/?ver=1.1.0.29

F-Secure BlackLight
http://www.f-secure.com/blacklight/

Panda Anti-Rootkit
http://research.pandasoftware.com/blogs/research/archive/2007/04/27/New-Panda-Anti_2D00_Rootkit-_2D00_-Version-1.07.aspx

Sophos Anti-Rootkit
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

Trend Micro Rootkit Buster
http://www.trendmicro.com/download/rbuster.asp
----------------------------------------------------------
----------------------------------------------------------
Online Free Scanners:
Run Trend Micro, Kaspersky, and Panda Scan now.
Run a different one each month.

Trend Micro: HouseCall Free Scan (removes what it finds)
http://housecall.trendmicro.com/
BitDefender Online Scanner http://www.bitdefender.com/scan8/ie.html
Kaspersky Labs Online Scanner http://www.kaspersky.com/virusscanner
McAfee http://us.mcafee.com/root/mfs/default.asp?affid=294
Edwido Spyware Scan
http://www.ewido.net/en/onlinescan/
F-Secure
http://support.f-secure.com/enu/home/ols.shtml
Panda ActiveScan Free Online Scanner http://www.pandasoftware.com/products/activescan?
Symantic Online Scanner http://security.symantec.com/sscv6/ssc_eula.asp?langid=ie&venid=sym&plfid=23&pkj=ALUFRHYTINMHDKDCWLL&vc_scanstate=2
-------------------------------------------------------------
Special Removal Tools
Run this time only if indicated.

CWShredder: run
http://www.trendmicro.com/cwshredder/

Roguefix.bat
http://www.internetinspiration.co.uk/roguefix.htm#uninstall

Shoot The Messenger
http://www.grc.com/stm/shootthemessenger.htm

SmitFraudFix
http://www.geekstogo.com/forum/How_to_use_SmitFraudFix-t109268.html

Vundo Fix and
VirtumundoBegone (if VundoFix does not work)
http://www.bleepingcomputer.com/forums/topic18610.html

VX2 tool for Ad-Aware and run tool (Install and run)
http://www.lavasoftusa.com/support/securitycenter/vx2_cleaner.php
---------------------------------------
Additional Information read:
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Overview
http://wiki.castlecops.com/Malware_Prevention:_Prevent_Re-infection
http://www.castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html
http://aumha.org/a/quickfix.htm
http://aumha.org/secure.htm
http://aumha.org/a/parasite.php
http://www.castlecops.com/t102301-Hijackthis_Guidelines_Read_Before_Posting.html
http://www.techsupportforum.com/security-center/hijackthis-log-help/15968-updated-important-read-before-posting-log.html
http://forum.aumha.org/viewtopic.php?t=4075&sid=901703d08c2ace31389ffef2d84b6607
===========================
Any school should be using a product like this:

Microsoft Shared Computer Toolkit for XP FREE

To make your computer kid proof install "Microsoft Shared Computer Toolkit for XP" . This powerful tool basically allows you to automatically undo anything they do.

DEMO WATCH: (Excellent)
http://www.microsoft.com/windowsxp/sharedaccess/demo/index.html

The Shared Computer Toolkit allows those who manage shared computers in these environments to easily:

• Defend shared computers from unauthorized changes to their hard disks.

• Restrict users from accessing system settings and data.

• Enhance the user experience on shared computers.


Shared Computer Toolkit for Windows XP product overview
http://www.microsoft.com/windowsxp/sharedaccess/overview.mspx

Microsoft Shared Computer Toolkit for Windows XP Handbook
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sct/SCTHCH04.mspx

Case Studies
http://www.microsoft.com/windowsxp/sharedaccess/whatsnew.mspx

The Shared Computer Toolkit requires you to add a partion to your hard drive. To add a partition without formatting use one of the following:

VistaBootPRO (free) Supports Vista,XP http://www.vistabootpro.org/

GParted: Gnome Partition Editor (free) Supports Vista,XP http://gparted.sourceforge.net/
Modify Your Partitions With GParted Without Losing Data
http://gparted.free.fr/screenshots/VISTA/Howto_move_VISTA.html
http://www.howtoforge.com/partitioning_with_gparted

Answer 2

you say it did not work, and it deleted the virus?! gonna have to choose one or the other, did it delete the infected file or not?! boot into safe mode, run full scan, delete all infected files. and then, go tell the principal that you put a flash drive on one of the computers, which you are not suppose to do in the first place for this exact reason, and let your schools IT department handle the problem. that is what he/she is paid to do. take responsibilty for your actions. it is a fact of life.

Answer 3

You may have to purchase an industrial strenght anti-virus solution from Symantec or Trend-Micro. Symantec has incredible deals for non-profits/schools so you may be able to get a total protection solution for not too much money.

AVG is simply not that good. Especially in a school environment, you need something "strong." Email symantec public relations and ask about "Symantec's Connected and Protected Child Safety Initiative"

Answer 4

Make sure you turn off system restore so the virus dosn't duplicate itself. Then download and install spybot search and destroy from downloads.com. I'd run spybot search and destroy to find the virus or the spyware location. If spybot will clean it even better I would try to clean It if not then go into safe mode find its location and delete it. You can also try pandscan and save the text file and also go into safe mode read the text file to find the locations of the bad files and delete them. Good luck

Answer 5

I would download and use AVG free Antivirus, Zonealarm Firewall, and quit relying upon major company software i.e. McAfee, and Norton as they seem to be the largest cause of virus attacks. Another good antivirus program is pctools antivirus.

Answer 6

Try Spybot (http://www.safer-networking.org/) and Avast! (http://www.avast.com). Have both of them run during startup.

Also try the free mcafee tool.... (http://vil.nai.com/vil/stinger/). Try one on each computer and see if one catches it.

If you can add more info like exactly what virus, just go to google and find a repair utility for it.

Answer 7

U can use a open proxy. Open proxy is easily available on the net, but it is very harmful to use tht proxy. The reason is one can never know wat kind of programme is being used, secondly the corporate network is a secure one, using a open proxy your system is open to all on the internet and it is more vulnerable for all kinds of threats, that might can steal your confidentila data from the system.

Answer 8

try this free online scan
http://onecare.live.com/site/en-us/scanner/default_scan.htm?redir=true
but do it on the computer that the virus was originally on
then if you have comcast internet get mcafee its a free security system and works really well
one of the best and its free
on the comcast.net site
under security

Answer 9

scan the computers in bios with your anti-virus program, if not try to get scan disk for the computer...

Answer 10

get Hijack This! and stop it starting in the first place BE CAREFULL