The problem of the appearance of viruses on the local network is one of the most common threats to the peace of mind of the administrator. Ideally, you need to solve three tasks - to detect already infected computers, to identify malicious applications, and, finally, to block and destroy the virus.
Instructions
Step 1
Use one or several methods to identify infected computers on the local network: - remote automatic analysis - to obtain data on running processes; - sniffer - to study traffic and identify network and mail worms and bots; - network load - to prohibit the use of dangerous ports; - creation of honeypots, or traps - to receive timely notifications of suspicious activity.
Step 2
Solve most of the tasks with the help of a specialized anti-virus program AVZ. To do this, the application must be launched from an open network folder on the server, recording by clients in the created logs and quarantine folders must be allowed, and the application itself must be launched on all computers included in the local network using the rexec tool.
Step 3
Use the ability to create custom scripts to simplify and automate the process of getting rid of malware. Create such a script to remove one or more virus files and automatically clean up the system registry entries. To do this, enter the value begin in the first line of the created document and specify the value DeleteFile viral file_name after the double "/" character in the next line. Please note that the number of files to be deleted after each delete command is limited to one, but the number of commands themselves in the same file is not regulated in any way.
Step 4
Take advantage of the intelligent cleaning of registry entries provided by the AVZ application. To do this, in the third line of the document being created, enter the value ExecuteSysClean after the double "/" character and end the file by entering the value end in the last, fourth line.
Step 5
In more complex cases, use the tools: - AVZGuard - to combat rootkits; - BootCleaner - to clear selected files from KernelMode upon system reboot.