I know that this is not news to many people ready this, but it still hits hard to read it from Microsoft: Recovery From Malware Becoming Impossible.
We have had a few systems get infected recently that needed drastic measures taken.
We run the removal tools (worked a few times), we go back to a previous backup (rarely works), or we drag the box upstairs and toss in the Windows disc.
Fortunately most important documents are stored on a server with backups and good antivirus. Nobody surfs the web on these servers and their delicate areas are protected from all but administrator.
There are a few things we do to make wiping and restoring easier.
1. We are getting pretty good at running Windows install. That includes the bench specifically set up with CRT and LCD monitors and all peripherals ready to go.
2. When a new computer is comissioned we take the cd with the motherboard drivers and computer specific software and tape it inside the computer case (the cd is in its paper holder of course). THis keeps us from having a huge stack of nearly identical CDs to dig through in the future.
3. All software setup programs (with exceptions for programs with limited usage or licenses) are stored on one server so once ethernet is running we can get right into the update process.
What other options do you use?
Ghost baby … ghost!
If you have many machines a good imaging program is a must … we’re using Symantec Ghost Enterprise Ed v9.
You also have to have hardware standardization for this to work best.
So for each PC model we support we have an image … should anything happen we can reimage a PC in about 15mins.
My Network Admin has a great post on how using Ghost http://edbuford.blogs.com/ed_buford_just_another_ge/2005/11/ghost_story.html
He needs to update it though as we’ve now using PXE boot vs. boot disks.
What anti-spyware software are you running? We’re using Webroot SpySweeper and haven’t had a malware problem since installing it 2 years ago.
Geeks for Jesus!
Jason
Two computers were hit by something nasty a while back. We had Webroot, AdAware, and Spybot S&D on it (as well as another one which I cannot remember) and nothing would come off. It was like those trick birthday candles.
Unfortunately we don’t have fully standardized PCs. Most are pretty standard, but I don’t think we have ever done a full bulk purchase of PCs. As we have increased the need for new computers a new one will be ordered. As old ones die off they are replaced. Much of the components stay standard though I believe.
How much flex is there in Ghosting? If we pull out a ghost image from that computer and it has XP SP1 (or future equivalent situation) on it we still need to do the SP2 upgrades and that takes almost as long as just installing from a straight up XP SP2 install CD.