|
NecessaryEvil posted:The xpajkiller program sees nothing drat  also you're correct the rootkit if one existed wouldn't make it past a reformat, a bootkit would if you didn't fix the boot partition but you wiped the drive with dban so that should have negated the possibility of that too. Maybe their routing equipment has a malicious DNS server in it that is pointing the machines out to a place that infects them after they've been reimaged. Either that or they've got some hidden system on their network that no one knows about and is just sitting there continually reinfecting things. Wouldn't be unheard of either for a while where I used to work before my current job "servers" were running off workstation machines stuffed under desks that people forgot about.
|
#
?
Oct 19, 2012 14:51
|
|
|
|
| # ? May 14, 2024 05:08 |
|
|
Khablam posted:If this doesn't work, backup and do a clean install, as there's no option available to you that would take less time, so you may as well invest that time in a guaranteed fix. Don't forget to wipe the mbr and stuff
|
|
#
?
Oct 19, 2012 15:28
|
|
|
There are too many unknowns for me to recommend something foolproof, so I will just ask some questions: - How are the firewalls configured for LAN traffic? It may help to set them to see the LAN adapter as "Public" - Are you swapping any USB drives in and out? - Do the computers share an admin password? - How do they connect to the internet? Sadly my experience of MSE is that it is completely useless, and 3rd party evaluation doesn't score it much higher.* It does nothing to block/analyse network traffic and executions until it's already in the working memory, by that time it's usually too late. Decent commercial AVs (Trend Micro is a good example, as is BitDefender) and Avast! Free will scan incoming traffic for these infections and stop the transfer a long time before they're able to execute. The fact MSE can absolutely know the file is a rootkit and still gets infected bogles my mind. Oh well. If you can plug a known-clean machine into the network running Avast! it may give some clue where it is coming from as it will log and block the traffic. Investigate getting your Trend Micro updated to 64bit, as it's also rated highly in tests. * - http://www.av-comparatives.org/images/docs/avc_beh_201207_en.pdf Best detection rate: 97%. Best free (Avast): 91% MSE: 76% Their simple grading system is probably easiest to use for reference:  Take anything from 3 star and you'll not be sunk by year old viruses
|
|
#
?
Oct 19, 2012 19:00
|
|
|
On the other hand, that chart recommends McAfee, so it's pretty much useless.
|
|
#
?
Oct 19, 2012 19:13
|
|
|
The reason MSE/Windows Defender scores so low is because it's designed to have as few false positives as possible. In the latest report, it caught 95% of viruses with zero false positives, compared to 97% with four false positives for ESET and 99% with 23 false positives for G DATA. Additionally, MSE scored toward the top of the performance tests, as did ESET, while G DATA scored very low. You can't just look at one of those charts and say, "This is the best anti-virus software out there." You have to look at all the metrics for the software and decide what's most important for your organization (and also look at the price).Khablam posted:Sadly my experience of MSE is that it is completely useless, and 3rd party evaluation doesn't score it much higher.* Do note that that's for the proactive tests, I.E. brand new malware that nobody's seen before. MSE also got less than four false alarms in that test, matched only by ESET (which had a higher detection rate, at 87%).
|
|
#
?
Oct 19, 2012 21:16
|
|
|
I can never work out how they inspire the engines to pop up so many false positives, since I have seen only about 2 or 3 (ever, across a myriad of machines) and they've all been the same thing; Warez files using virus-like or actual virus code to modify and inject code into DLLs (not a filthy pirate, this was back before Steam and no-cd keys were legitimately useful). I assume they have a lot of files like this in the sample to try to trip up the engines into showing false positives. It is absolutely at odds with how they work in the real world, where you just don't see machines returning any false positives on a full system scan. They weight the false positives report much too highly in my opinion, as it needs to fire off on more than synthetically dodgy looking files to be an issue. If MSE is deliberately designed to be 3-5% less effective in on-demand (http://www.av-comparatives.org/images/docs/avc_fdt_201209_en.pdf) and 20-30% less effective in pro-active, to make up for the one time Doris in accounting gets a false alarm on a joke Exe (or, much much much more common, simply detects malware in other programs quarantine; the majority case of false alerts and is harmless), then that's just a bad design decision. A false positive is an annoyance; a missed sample can lead to a completely compromised system. I have no idea why they try to balance that weighting how they do. I agree system performance is important, however. G-Data should really not be considered as it's a dual-engine and is silly. Most of the AVs these days offer less than 2% impact, which is negligible. The days of Norton hitting your system for 15% are long gone.* quote:Do note that that's for the proactive tests, I.E. brand new malware that nobody's seen before I know a URL that is infected with Zero-access (the nefarious rootkit) and if you want to see MSE fall on it's face for yourself, PM me for it. Avast, ESET and TM will block the page from loading after detecting the infected element. MSE will do absolutely nothing and will actually not BE able to do anything, as it will handily get uninstalled by it. It does this to nearly every virus that lands on your system via a Java exploit, which is drat near to all of them these days. This thread is all about "sexy malware" and the truth of it is, scanners like MSE are increasingly less relevant to these new types of threats. A scanner with perfect detection and zero false positives is exactly useless when it gets disabled by code it allowed to run, even though it matched a known virus. This was a problem with AV scanners in 2000 and MSE has barely made progress on that, whereas most of the rest intercept threats much further from the point of execution (yes, there are other weak scanners, I'm just making a point about this one). I'll close by saying AV-comparatives don't include MSE (and a couple others) in their "real world" tests, as it's not seen as full system protection, essentially because, as I said previously, it does very little to stop bad code from executing in the first place. * since MSE is insufficient on it's own anyway, you will need other active residents on your system to account for this, so the real world idea that you would get better performance here is a myth.
|
|
#
?
Oct 20, 2012 00:47
|
|
|
Khablam posted:Sadly my experience of MSE is that it is completely useless, and 3rd party evaluation doesn't score it much higher.* It does nothing to block/analyse network traffic and executions until it's already in the working memory, by that time it's usually too late. Decent commercial AVs (Trend Micro is a good example, as is BitDefender) and Avast! Free will scan incoming traffic for these infections and stop the transfer a long time before they're able to execute.
|
|
#
?
Oct 20, 2012 04:45
|
|
|
They all suck and consumers are pretty hosed but in any sort of corporate environment bigger than 3 users workstation antivirus should be your last line of defense.
|
|
#
?
Oct 20, 2012 04:53
|
|
|
go3 posted:They all suck and consumers are pretty hosed but in any sort of corporate environment bigger than 3 users workstation antivirus should be your last line of defense.  DING DING DING WE HAVE A WINNER
|
|
#
?
Oct 20, 2012 05:54
|
|
|
Khablam posted:You could very well have a system file that has been replaced with a modified version. Open a command prompt and hit "sfc /scannow" and let it verify your Windows files. You may need your installation media. I was slapping myself for not doing a sfc, but it came up clean. hosts and DNS is clean. I'd just do a clean install, but at this point I really just want to find this fucker. the google redirect itself doesn't affect my usage of the machine horribly, so time spent isn't an issue...
|
|
#
?
Oct 20, 2012 18:02
|
|
|
Does it happen in multiple browsers? I'm not sure you said you tried a full scan with Windows Defender Offline. Since we're talking about throwing stuff at the wall to see if it sticks, try ESET's servicesrepair.exe and/or sirefef tools? HitmanPro? Symantec's FixTDSS? Farbar Recovery Scan Tool? I'm literally just naming tools to try here, since you're professionally curious.
|
|
#
?
Oct 20, 2012 18:39
|
|
|
mindphlux posted:the google redirect itself doesn't affect my usage of the machine horribly, so time spent isn't an issue... Yea but if the google redirect is active what other wonderful things might it be doing or potentially siphoning from your machine outside of just the google searches? It is a bit of a risk to take but if you don't do anything crucial/sensitive on it I guess that's fine.
|
|
#
?
Oct 20, 2012 19:02
|
|
|
Mr Chips posted:Microsoft aren't nostalgic enough for their massive legal battles enough with the EU & US governments enough to try and give away a complete AV/antimalware suite for free. Not sure if you're just trying to be humorous, but they could legally do this under the rulings placed on them. The kicker was always bundling the software with Windows; nothing stops them offering whatever software they want as long as it's not in such an uncompetitive manner. MSE doesn't come pre-installed for this reason as it stands. mindphlux posted:I was slapping myself for not doing a sfc, but it came up clean. hosts and DNS is clean. http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx You can WhoIS the connections it doesn't resolve and you may get some leads. If you see nothing with no browser open, try opening the browser and doing a search and seeing if it makes any connections to where it shouldn't. What is the URL of the re-direct?
|
|
#
?
Oct 20, 2012 19:17
|
|
|
Khablam posted:Not sure if you're just trying to be humorous, but they could legally do this under the rulings placed on them. The kicker was always bundling the software with Windows; nothing stops them offering whatever software they want as long as it's not in such an uncompetitive manner. MSE doesn't come pre-installed for this reason as it stands. If I recall correctly, MSE's features have been integrated into Windows 8.
|
|
#
?
Oct 20, 2012 19:34
|
|
|
As a follow up, they're getting ESET to replace Trend (it turns out that it hadn't udpated in 3 years (definition dates are for 9/9/09), due to the version (7.3) no longer receiving anything new from Trend!). The boss went back and looked, and apparently, nothing's been done as far as renewals (quotes or purchases) since I started in December 09. Unfortunately, they're wanting to try to salvage what's there (and since one of the machines I was able to run eSet's online scan gave 1200 hits, after running their removal tool, as well as MSE's initial scan), as it'll be a pain to reformat a dozen machines + a Windows 2003 Server. I think we just need to nuke the whole site from orbit; it's the only way to be sure. Luckily, I made plans for the weekend, and am over 100 miles away, happily drinking Jack & cherry Cokes. NecessaryEvil fucked around with this message at 20:40 on Oct 20, 2012 |
|
#
?
Oct 20, 2012 20:37
|
|
|
Toast Museum posted:If I recall correctly, MSE's features have been integrated into Windows 8. I'm predicting the EU Legal response as:  NecessaryEvil posted:As a follow up, they're getting ESET to replace Trend (it turns out that it hadn't udpated in 3 years (definition dates are for 9/9/09), due to the version (7.3) no longer receiving anything new from Trend!). The boss went back and looked, and apparently, nothing's been done as far as renewals (quotes or purchases) since I started in December 09. If salvage means anything other than "rescue key files using a non-live OS" then please beat some sense into them.
|
|
#
?
Oct 20, 2012 21:48
|
|
|
go3 posted:They all suck and consumers are pretty hosed but in any sort of corporate environment bigger than 3 users workstation antivirus should be your last line of defense. So I'm assuming there should be some sort of active network defense, but what would the recommended solution be? Of course it doesn't help me when my boss/coworkers deliberately make things insecure. Oh sure, just forcibly disable everyone's firewall and don't let them change it back. Yes no password changes ever, no length or complexity requirements sure. Everyone local admin? Perfect!
|
|
#
?
Oct 20, 2012 21:48
|
|
|
What do you guys think about the current Symantec Endpoint? We sell it to business customers at work so we can manage their antivirus remotely (we do a lot of remote network monitoring/management). I got a copy of it at-cost for my mom's system to run in unmanaged mode and it seems to have a minimal performance impact.
|
|
#
?
Oct 20, 2012 21:53
|
|
|
Serfer posted:So I'm assuming there should be some sort of active network defense, but what would the recommended solution be? 9/10ths of any corporate environment hinges on the Group policy settings your domain controller gives out, and the inevitable lockdown of the general user environment. Windows updates are vetted for compatibility then fed to the machines by the controller, and you will typically have an AV solution that is centrally controlled. DNS requests are usually local, to the controller, and many will include some manner of known-bad URL filtering, as well as the usual time-sink culprits. It's mostly preventing your end users from getting access to, and the machine from executing, anything which you did not intend. In any larger environment your user settings and files (+programs) won't be stored locally, and any problem is solved by writing a clean disk image onto the client machine. If you're a small business then the usual solution is locked down (local) user accounts, a firewall/DNS filter, a good all-in A/V and daily backups. There's basically two ways of spending IT time: fixing individual problems and implementing policy that prevents/solves wider problems. There's a tipping point where it's better to spend time on the latter to prevent the former from arising. It's a lot larger than "3 people" but you get the basic gist. Crimson Harvest posted:What do you guys think about the current Symantec Endpoint? We sell it to business customers at work so we can manage their antivirus remotely (we do a lot of remote network monitoring/management). I got a copy of it at-cost for my mom's system to run in unmanaged mode and it seems to have a minimal performance impact. Benchmarks will disagree, but if it works for you and the price is right, there's no horrible reason why not. Disable the proactive detection/defence nonsense, though. Khablam fucked around with this message at 22:07 on Oct 20, 2012 |
|
#
?
Oct 20, 2012 22:02
|
|
|
Oh the heuristic stuff or the network intrusion or what? Or all of it, I guess? Seriously we have a NAT router so I don't see how the network intrusion stuff could even be remotely helpful.
|
|
#
?
Oct 20, 2012 22:31
|
|
|
Khablam posted:If salvage means anything other than "rescue key files using a non-live OS" then please beat some sense into them. Unfortunately, I don't have the last word on this. I've expressed my desire to nuke everything over and over again. Yes, it will suck all sorts of rear end, but I don't trust this method. The infection's spread too far, and bandaids aren't what we need. We need amputations.
|
|
#
?
Oct 20, 2012 23:45
|
|
|
Crimson Harvest posted:Oh the heuristic stuff or the network intrusion or what? Or all of it, I guess? Seriously we have a NAT router so I don't see how the network intrusion stuff could even be remotely helpful. It trying to suss out what is malware or not based on loose definitions of what malware does, is a recipe for disaster. Comodo used to do something similar to this, and it was utterly terrible. They kick up a poo poo about java, flash and your browsers doing their normal update thing. If your end users are all computer experts then it's actually very very solid protection, but if they're not they can cripple their own systems by pressing no on "Do you REALLY want to modify this critical system file?" when they needed to press yes. Note I've not seen the Symantec version of this in action, so take this with a grain of salt. The core idea of it doesn't synergize with user terminals in my experience. I imagine as an enterprise solution it tries to remain transparent to the client operators ... so I honestly don't know what it does well. Intrusion protection is really about stopping a threat from phoning home, not the other way around, as like you say, NAT makes this impossible by design. My philosophy on this is to prevent the malware from landing and launching in the first place, and stopping it from dialing back is usually not going to save you a lot of manhours, as you still have a rootkit / trojan to remove all the same, you're just usually minus the fake AV asking for your CC# The other side of this, is leave it all on until/if you encounter issues. You're in a company recommending Symantec software, so you're already way off map for usual advice 
|
|
#
?
Oct 21, 2012 01:30
|
|
|
Hm thanks for the comments. Yeah the boss likes Symantec Endpoint for some reason. I think it's because there's a pretty decent margin in selling it. However I expect this to change in the future as we add more contract customers. We recently deployed N-able's managed service thing (moving away from Quest's) and it includes Panda-based antivirus and we have like 5000 licenses.
|
|
#
?
Oct 21, 2012 02:03
|
|
|
Crimson Harvest posted:Hm thanks for the comments. Yeah the boss likes Symantec Endpoint for some reason. I think it's because there's a pretty decent margin in selling it. However I expect this to change in the future as we add more contract customers. We recently deployed N-able's managed service thing (moving away from Quest's) and it includes Panda-based antivirus and we have like 5000 licenses. Bitdefender has been in the Top 3 for both detection and performance for years and years (others tend to swing quite a bit on the former) and their business solution is pretty robust - http://www.bitdefender.co.uk/business/ ESET end-point is also an excellent choice - http://www.eset.co.uk/Business/Endpoint-Protection and they offer solutions (I hate that loving word, but it applies..) to remote management and phone security (android) that you can stick all under the same license. Android security is a legitimate need if you go to those kind of expo's where you all connect to the same WiFi connection (after paying £500 for it, of course!) Enterprise level firewalls and routers are a thing. We have used WatchGuard systems for years and never experienced an issue. The one we use currently (http://www.watchguard.com/products/xtm-5/overview.asp) can support 350,000 concurrent connections, which is essentially 1000 users running uTorrent and not giving a poo poo. But, of course it will block all torrent traffic if you ask it to These systems are less about stopping malware (some protection exists for it) and more about ensuring uptime where any downtime could be catastrophic to your business. For instance, we have our xtm-5 set to load balance and auto-fallover on two 100mbit fibre connections - if one dies for any reason it is almost totally transparent to the client machines. This also includes your VPN connections. Note you'll want a networking specialist to both install and maintain these units.
|
|
#
?
Oct 21, 2012 14:31
|
|
|
One of the computers in book keeping is infected with ZeroAccess, TDSSKiller doesn't see it though. I'm just gonna tell the kid who's ostensibly IT to flatten, delete the rootkit partition, and give this ancient piece of crap a fresh install, but what's the best tool for knocking out ZA?
|
|
#
?
Oct 23, 2012 22:28
|
|
|
pienipple posted:One of the computers in book keeping is infected with ZeroAccess, TDSSKiller doesn't see it though. I'm just gonna tell the kid who's ostensibly IT to flatten, delete the rootkit partition, and give this ancient piece of crap a fresh install, but what's the best tool for knocking out ZA? An offline scan (slaved HDD, liveCD) to remove the active components, then ComboFix on the running OS (safemode) to attempt a reversal of the system hooks. If that doesn't work, then your success rate will be pretty low, and your time is better spent on flattening/reinstalling. The easiest route if it works, is TDSS (did you try renaming the .exe?) >> ComboFix >> RogueKiller >> MBAM for cleaning anything it pulled down. ESET have a tool to remove it, also: http://kb.eset.com/esetkb/index?page=content&id=SOLN2895 -- try running this, then into ComboFix >> RK >> MBAM. ZA usually infects by exploiting out of date Java and weak AV that offers no HTTP scanning, something you might want to resolve.
|
|
#
?
Oct 23, 2012 23:22
|
|
|
Khablam posted:The easiest route if it works, is TDSS (did you try renaming the .exe?) >> ComboFix >> RogueKiller >> MBAM for cleaning anything it pulled down. I found ZA on a relative's computer over the summer and was able to remove it in more or less the same way. A horrendous pain in the rear end, particularly coupled with all of the critical updates needed on their thoroughly out of date and insecure system (with Mcaffee); but doable.
|
|
#
?
Oct 24, 2012 03:14
|
|
|
There is some rootkit in an ad on the forums, I cant tell what ad as it instantly reboots my PC and I have to restart in safemode for TDSS killer to wipe it out. So apparently Avast is not doing its job and I just installed the Firefox addons from the OP, any recommendations for another free replacement?
|
|
#
?
Oct 24, 2012 03:20
|
|
|
ColHannibal posted:There is some rootkit in an ad on the forums, I cant tell what ad as it instantly reboots my PC and I have to restart in safemode for TDSS killer to wipe it out. If you have NoScript installed this really shouldn't be the case; what is making you sure it is a Rootkit, and coming from an advert here? Specifically which RootKit is being detected and where?
|
|
#
?
Oct 24, 2012 09:43
|
|
|
Khablam posted:If you have NoScript installed this really shouldn't be the case; what is making you sure it is a Rootkit, and coming from an advert here? Specifically which RootKit is being detected and where? I did not have no script installed prior, and it kept occurring while browsing the forums (only window open). Let me dig through my log for the name. Edit: Detected object count: 1 19:08:08.0543 1412 Actual detected object count: 1 19:08:18.0932 1412 \Device\Harddisk0\DR0\# - copied to quarantine 19:08:18.0932 1412 \Device\Harddisk0\DR0 - copied to quarantine 19:08:18.0964 1412 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 19:08:18.0964 1412 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 19:08:18.0964 1412 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 19:08:18.0979 1412 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 19:08:18.0979 1412 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 19:08:18.0979 1412 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 19:08:18.0979 1412 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 19:08:18.0979 1412 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 19:08:18.0979 1412 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 19:08:18.0979 1412 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 19:08:18.0979 1412 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 19:08:18.0979 1412 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 19:08:18.0979 1412 \Device\Harddisk0\DR0 - ok 19:08:18.0979 1412 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure ColHannibal fucked around with this message at 16:32 on Oct 24, 2012 |
|
#
?
Oct 24, 2012 15:30
|
|
|
You pretty much need to manually remove that variant, and then manually repair the damage it has done to stop it rebooting and bluescreening. By which time, you would have managed to reinstall Windows - probably 2 or 3 times over. Flatten and reinstall the system, taking care to nuke the MBR and re-create the partitions. e: To be clear, I am pretty sure TDSS is not getting rid of that for you; these forums aren't infected with anything that anyone else has seen.
|
|
#
?
Oct 24, 2012 21:01
|
|
|
I can confirm TDSSKiller is not currently able to remove and repair pihar.c.
|
|
#
?
Oct 24, 2012 21:50
|
|
|
Khablam posted:An offline scan (slaved HDD, liveCD) to remove the active components, then ComboFix on the running OS (safemode) to attempt a reversal of the system hooks. If that doesn't work, then your success rate will be pretty low, and your time is better spent on flattening/reinstalling. Thanks! Yeah TDSSKiller was running ok after running rkill but just wasn't seeing this variant, while mbam and rkill were identifying a few files and processes but not everything. XP machine with no updates, Java 6, elderly versions of Flash and Reader, and no AV. Fortunately it's not my responsibility and I can just walk away, I'm just "good with computers" so I occasionally get called upon to put out metaphorical fires.
|
|
#
?
Oct 24, 2012 22:38
|
|
|
so...new AV installed, scans have been going on since Monday, and I've rebuilt all but 5 machines + server (of which 2 were clean, and never attacked). And...now the main server is detecting infections and deleting files. Regedit, Internet Explorer, MMC (can't open active directory stuff). Those are kind of important, right? And, the print server which is running XP tried to infect the other machines after the print driver got infected, and has broken eSet. I loving told them. I will have to reformat every infected machine before this is over, and I will not put in another 14 hour day to rush anything, stay up until 11PM, work weekends, etc. I told them we need to clean it up right, not deal with bandaids and hope for the best. NecessaryEvil fucked around with this message at 00:26 on Oct 25, 2012 |
|
#
?
Oct 25, 2012 00:16
|
|
|
NecessaryEvil posted:so...new AV installed, scans have been going on since Monday, and I've rebuilt all but 5 machines + server (of which 2 were clean, and never attacked). Khablam posted:If salvage means anything other than "rescue key files using a non-live OS" then please beat some sense into them.  Sorry dude. Also, I'm pretty sure you're dealing with SkyNet here, so convince them to do it your way, or just walk away. It's totally lovely for someone to repeatedly butt in to have you do it the way they want, then be loaded with the extra work doing it wrong creates. It's pretty much whynottoworkinIT.txt
|
|
#
?
Oct 25, 2012 01:37
|
|
|
NecessaryEvil posted:so...new AV installed, scans have been going on since Monday, and I've rebuilt all but 5 machines + server (of which 2 were clean, and never attacked). I'm a loving wizard when it comes to cleaning machines of things but this is loving retarded and I'd of long since punted.
|
|
#
?
Oct 25, 2012 15:50
|
|
|
It hit again overnight, and reinfected everything. I said it was time to just rebuild everything offline. They said "call eSet". 4 hours on the phone (hey, kudos to him for saying "I'll stay on until these scans are done") and we've found that it's a new variant of Goblin that they've never seen before, and after submitting it, they hope to have a fix for it. But, now I have to go run another scan in safe mode tonight. I so want to walk away. My boss and coworker both agree that I'm the best one in the company with malware removal, so why am I sitting here arguing that it's time to stop loving around? If I can't get it, if eSet hasn't seen it before, what else do we have to do? They've not had their network working properly in over a week and a half at this point, and at the rate we're doing things, it'll be another week of playing catchup unless eSet manages to get a good cleaner working. And that probably still won't fix what it's broken in the network and on the server. Internet Explorer is nonfunctional. Device Manager throws an error. MMC.exe won't work. If we'd have just reformatted this poo poo last week, they could be up and running by now. I need alcohol, and to develop a drinking problem.
|
|
#
?
Oct 25, 2012 21:45
|
|
|
NecessaryEvil posted:
Might I suggest taking up something of the herbal variety? Definitely works wonders on these situations, you also won't have to deal with the morning after hangover  I can't believe they wont' let you blast everything clean off-network and then slowly bring up uninfected systems once they're done rebuilding
|
|
#
?
Oct 25, 2012 22:34
|
|
|
If it's not in your job description (and I'm guessing it's not) then you need to stop being a doormat about it. If they won't let you do it your way, then you don't do it and suggest an IT company who will. They either a) Decide your way works for them or b) hire the IT company; either result is a win for you.
|
|
#
?
Oct 26, 2012 00:19
|
|
|
|
| # ? May 14, 2024 05:08 |
|
|
Khablam posted:If it's not in your job description (and I'm guessing it's not) then you need to stop being a doormat about it. Unfortunately, it is in my job description, and I'm part of the IT company they hired. Unfortunately, the decisions are being made by my boss, who spent the day trap shooting with another client instead of working, and their boss, who owns the company I'm working at trying to clean it up. They're trying their best to avoid a complete rebuild, as they have a new server purchase planned for the end of the year, with a move from Server 03/Exchange 03 to 08 R2 (Although I'd prefer to see 2012) and Exchange 2010, so I certainly understand their desire to avoid a rebuild...but I'm the one that gets stuck actually doing the work.
|
|
#
?
Oct 26, 2012 00:46
|
|