Win 7 vs XP and Virus Scans...

Not a question to go into the malware section, not sure where to post this.

We got a virus at work. Way to much use of flash drives with no active antivirus. Slowly fixing this. The win xp machines are pretty easy to clean up, but the win 7 ones are a bear. I downloaded the Kasperky bootable CD from MajorGeeks. Started up the scan on a Win7 dual core machine, 4Gigs of RAM, 500GB hard drive. It scanned for 7+ days. I gave up on it. The XP machines are easy, a few hours, and they are fixed up.

And I apologize in advance, as this is a malware type post, but I can't shut down a couple of these machines to do the standard MajorGeeks logs and such. They are production machines, and will work, even when infested. They just are slow.

Just thinking out loud, but would think the XP machines would be the most vulnerable, but they don't seem to be. Any other suggestions for a bootable CD software that can scan in less than a day?

 

Is an on-line scan a viable option? http://www.eset.com/us/online-scanner/.

 

Production PC's should not even have internet access in my opinion they should only directly connected to the servers them self's only.

Yes i do agree on one thing that Xp is way easier to clean up but so is windows 7.

What have you tried so far with the windows 7.I get more issues with windows 7 then i did with Xp.

You should be able to run the production computers in safe mode and let the scans run while production is still running.

plastidust most production computers do not have internet connection but into the servers and they should not have internet at all but servers.

I would be pissed if a virus wiped out my pay check lol.

 

They are getting the infection from improper use of flash drives. I am trying to fix it. The 2 production boxes do not have internet access, but due to how the place I work does things... I can't stop stupid.

The Win 7 machine was my lunchtime MajorGeeks news machine. It got infected via flash drives.

I took our main print server home with me. Ran Avast boot scan on it, found a lot, seems to be much faster now. Now that I have some level of active anti virus on the machines, it is helping to prevent re infection. Avast catches it every time.

I have an odd work situation. Where I work, I am pretty much in charge of IT related things, and suspect the main problem was me not having active antivirus installed.

Honestly, my mistake, I am used to dealing with people who know the difference between a work computer and a home PC. But, the other division of our little bidness, I have 0 control or influence. And they accept files from email, flash drives, CD's...

I guess my goal is to sanitize the production computers, then prevent infection from the division I have no say over, all while keeping the production computers online, except for the one I have at home this long weekend.

I did not set this stuff up, just got tossed into it. Having very little say on how the other half of the company runs it's computers, that I have to network to to transfer files, will be interesting.

I am not IT, I just have to do it, cause there is nobody else. Makes for an interesting day sometimes. :-D

 

I think you should be able to shut down ports threw Bios.

 

I get the impression that you do not know what production machines are.

I don't know about FredG's case, but production machines are live machines running the latest stable version of "whatever" that is used in an environment that is non-development or testing. They could also refer to machines used by employees for their day-to-day tasks. For example, where I work we build web-based software that has online and offline components. There are testing machines, development machines, and production machines. The production machines run the code deemed fit for customers to use. Now how much sense would it make to take those off the Internet? During business hours, those machines too cannot be taken offline, or businesses will suffer downtime.

The days of optional Internet access stopped about two decades ago, so a blanket statement of keeping production machines off the Internet is silly. In some cases it is fine. In many, it is not.

 

Ports are software based, not real hardware ports. So I don't see how it would be possible unless you had a hardware based firewall built-in.

Look no further than Nvidia to see how well that DOESN'T work.

Leave the BIOS (actually, UEFI, BIOS is antiquated) to do what it does best, initializing and supporting hardware at low level. Let a hardware firewall do what it does best.

A combination solution would be mediocre at best.

 

So they are servers then, and not production machines? Kind of surprised the company didn't use a server OS for that print server with locked down permissions to prevent infections. Something to consider when XP goes EOL completely and Microsoft charges 200 bucks per license per zero day exploit patch.

 

I may be using incorrect technical terms. By 'production machines' I mean they are used for design and or rip servers. Some use Win7, some have to use XP due to the rather odd mix of old and new tech. But, if I take them down for extensive scanning and such, no signs get printed, and I don't get paid, and everyone is sad. :cry

The 'rip server', again, I may be using the wrong terms, is an old laptop running XP. The printers use the HP Videonet protocal for printing. TCP IP interferes with Vidoenet somehow, so, this one does not have internet access. So, the only way to transfer files from the design computers to the printer computer, is via flash drive, or CD. Flash drive is the easiest.

I have narrowed it down to 2 real problem computers. Both running Win 7. I have cleaned up the XP machines, and the antivirus prevents the rootkit from installing on the XP machines. Of course, the W7 machine infects the flash drive each time it saves a file...

Oh what fun! And it gets better! The other location also does design, I am sure all of their computers are infected. But, I am not welcome there. :-D The virus does not affect us much, it does slow down the laptop rip machine, but it is due to be replaced soon, with a nice dual core 4gb machine. So, it will be a backup soon.

And now I am confused. :cool

 

Ah. Yeah, wrong terms, but I get your meaning. The lack of an IT department explains the machine situation. The company is doing things all sorts of backwards. My mom did something similar. I recently convinced her to do it the right way with servers and clients. Of course, it costs a lot of money to do that. Just a simple server solutions for my mom costs ~1500.00, if you don't include my labor. That was going with Essentials 2012, which is a lot more affordable than the others.

Something that could save you the headache is to disable the usage of thumb drives. This assumes those are Pro machines, however, unless you find a 3rd party solution.

http://www.petri.co.il/disable_usb_disks_with_gpo.htm

 

What do you mean no IT? I am there. :-D Agreed it is an bass ackword setup. The main print computer has no internet, so we have to use flash drives. I have installed wireless cards and had it on the network, but that kills the videonet stuff... The plan is to actually set up a nice server for use as a rip server. They will have to actually hire someone to set that up.

Got a few ideas to try Tuesday. I left one of the W7 hard drives hooked up to an XP to see what all it can find on it.

 

The print server issue can be solved by throwing money at it. Buy a network printer with a built-in print server. It will pay for itself likely when people can stop transferring their data to flash drive, getting up, going to print server, opening it up, printing...lots of lost productivity over a year's time.

Or

http://www.newegg.com/Product/Produ...ATCH&Description=print+server&N=-1&isNodeId=1

 

I know what production machines are i was security officer for 6 years i had to maintain them.

Sorry i sick yesterday and was not thinking right.

What i meant was that yes they should have internet access but there internet Explorer and windows media player should be blocked at all times.

The only part on production machines that should have internet access is the updating system and it's production production programs.

Every thing else should be blocked or at lest have a really good built in password program that only managers know.

 

Good idea. Will have to see what protocals the UV printer supports. As far as buying stuff, I have no control over that.