Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
jen
Master Smack Fu Yak Hacker
4110 Posts |
 Posted - 2005-11-25 : 07:44:33
|
it's me again on a friday night and right after thanksgiving...Anyone got any procedure on how to check if a virus is loosed in the network and assuming that the anti-virus software is unable to detect?I'd appreciate any help...thanks from the Lone DBA--ah i think i'll change my signature...  --------------------keeping it simple... |
|
|
spirit1
Cybernetic Yak Master
11752 Posts |
Posted - 2005-11-25 : 08:20:34
|
| scan with different software??which antiviral software did you try?Go with the flow & have fun! Else fight the flow |
 |
|
|
Kristen
Test
22859 Posts |
Posted - 2005-11-25 : 08:50:37
|
I saw your "one year on" anniversary post thins morning and wondered if there would be a "Friday post" too  We have a routine that "harvests" the output for DIR /S (with the extra bits about hidden/system files) into a table. We files that have changed date and/or size, and if a file is missing (e.g. deleted) or new since last time.We've had virus outbreaks on our hosting machines where the "managed service" engineers were saying "There is no virus on that machine" and I am then saying "How come all these files are 10 bytes bigger than yesterday and all have a timestamp of 05:01 this morning".Dunno if all virus outbreaks change size/timestamp of the files (clearly they could intercept the DIR request and fake correct values back again), and its obvious after-the-horse-has-bolted in your case, but IME you can never have too much diagnostic data!Kristen |
|
|
|
spirit1
Cybernetic Yak Master
11752 Posts |
Posted - 2005-11-25 : 09:03:32
|
is there anything you don't have covered kristen?  Go with the flow & have fun! Else fight the flow |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2005-11-25 : 09:26:33
|
"is there anything you don't have covered kristen?"Modesty forbids me telling ...  Kristen |
|
|
|
jen
Master Smack Fu Yak Hacker
4110 Posts |
Posted - 2005-11-26 : 01:11:53
|
Great idea Kristen, I'll work on this one next week..And yes, I agree, there's no such thing as 'too much data'Data is data and it's what we need for analysis From what I'm reading, it seems you have been through a lot in the past and now enjoying the fruits of your labor. You are wise and I truly admire you for that.  --------------------keeping it simple... |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2005-11-26 : 04:53:52
|
| "You are wise and I truly admire you for that"Nah, you flatter me. I've been there, done that, and got a wardrobe full of T-shirts in the consequence.However, I am not of the "patch up and mend" mentality, I do much prefer to engineer a solution, and my personal solutions come with lots of defensive-programming and just-in-case-logging!Kristen |
|
|
|
|
|
|
|
|
my favorite day... Friday