Q: What is containment action after Virus is found
Ow Mun Heng
ow.mun.heng at wdc.com
Thu Apr 8 12:42:48 UTC 2004
Need some guidance. Looking through my server's shares, (SAMBA)
I noticed a number of rougue files (How to hack websites.exe etc..)
I've already moved these files to a temp directory for the time being.
I've informed the users of the server of the viruses and advised them to
perform a scan of their PCs.
I've disabled the account which was the source of infection until further
notice as well.
As I'm going through the system, I noticed that the virus has actually been
in the system for 2 days. Enough to populate to my "mirrordir" directory,
my snapshots as well as my rsync snapshots.
I've not removed these files from the backups.
(I'm thinking that - No one has access to these files and it will recover
by tomorror (for my mirrordir) and a couple of days for my snapshots to come
SO.. what are your comments?
Mun Heng, Ow /V\
H/M Engineering /( )\
Western Digital M'sia ^^-^^
DID : 03-7870 5168 The Linux Advocate
More information about the users