Suggestions on tracking a virus on a 100 or so PC Network.

[BS911]

Have a bit of a situation and not exactly sure the best way to handle it. We just recently started doing support for a customer that perviously had a staffed IT person. Unfortunately the practices of this person were not so great and I believe there is a virus on the network killing the DSL router by flooding it with traffic. I checked a couple of the computers and their virus definition were from Sept. of 03!! 🙁

I've ran Etherpeek to watch traffic but i don't really notice anything out of the ordinary. Other than the obvious of updating everyone's virus software (which will be done soon) do you guys have any suggestions on tracking this thing down?

Thanks!

 

[loup garou]

No centralized virus protection on a 100 PC network? :Q

 

[BS911]

Well, I believe that was the intention of the person working there before but it look as though it never happened.

I forsee a nightmare tomorrow when going in and trying to fix things!

 

[buleyb]

I say go machine by machine and fix it. If the problem still exists, monitoring traffic will be easier to after that.

But remember, don't just A/V update these, patch, spyware, and lock down as you go.

 

[cmetz]

BS911, try Ethereal as your sniffer. Do they have a hub or a switch? You may have to do your sniffing on a hub attached to the DSL router to see what's getting that far.

Managed switches help with this problem, especially the newer ones with L4 filtering.

Also look for the possibility that it isn't a virus, but rather a spam trojan or otherwise being remotely exploited. Probably time to make sure you have a good firewall. Or for that matter any firewall at all.