In a large network with hundreds, even Thousands of machines, it can be really hard to find this particular workstation. The Virus Alert message Anyway just points at the target file for the infection, which virus that was found, and what has been done to the file. Originally there is a need for some extra information to solve this problem.
One way of solving the problem is to use an external tool to monitor a file that is likely to be infected. To Avoid too many changes on any of the original servers it may be a good idea to set up a new test machine in the network, create an open share on this machine, and place a copy of the. Exe files here. In the case Pinfi we know that. Exe files are Good targets to infect, and we calc.exe copy the files from the \ Windows directory to the new file share. The calc.exe file is now a "temple" for the infector.
Before we connect the "temple" machine to the network, we need to install a "sniffer" program. We think Ethereal is a good alternative, but programs like Sniffer Pro and Etherpeek will do as well, but Ethereal can be downloaded free of charge. It contains a lot of functionality, so in this paper we will only cover Functions relevant to solve this particular Scenario.
Langganan:
Posting Komentar (Atom)
Tidak ada komentar:
Posting Komentar