Of Adaware and LinkSys Routers, and real fun

Of Adaware and SpyBot and LinkSys routers

A few of you Guys like Newt and WhitPhil and others that also do this professionally will relate to this little adventure.

This is about Adware 6.0 but first a little preface.

As many of you may or may not know I am a professional Sr. Systems Analyst/Administrator. I handle my own office of about 80 workstations running Windows 2000 server and mostly win98 workstations and a few 2k and Xp Pros. Our clients are basically set up the same.

Additionally I have 62 clients in 6 states that run our software for Public Housing agencies. These range in size from 5-6 W/S to 100 or more W/S. I remotely admin their systems most of the time with sporadic required visits when there is an emergency or severe HW or SW problem that can not be done remotely. We use a combo of PcAnyWhere (phasing out) 2K terminal services and Citrix for this support.

All of these we installed both the HW and S/W.

One of these agencies months ago requested that we upgrade their entire system of about 25 stations including a new server.

I had to decline because our schedule at the time could not meet their deadline.

So they bid it out. I told them I would come and setup our software when the vendor had the system complete.

Again I told them my schedule was tight and only call me when it was totally finished.

They said it was, but it wasn’t. Went there a little over a week ago for 2 days. The contractor that installed the system was still there. Nothing worked connections dropped. I told them on the first station I went to that it was too slow something is wrong. Yes they said we are working on it.

Not wanting to get involved I just told the contractor who was in over his head to correct this station or that station. That is until I did my thing on a few and went back and it was all gone. Connection that is!

I finally said to the contractor all right already, what the he** is going on, do you mind if I look in.

No they said!

One look at the Switch and I was ready to leave. Hardly anyone was using the system because of the upgrade but the Switch light looked like a Graphic equalizer doing Acid rock! High activity "Collision City "!

I asked if they had tested all wiring,â€yesâ€. I had them unplug everything and plug back 1 at a time. Any 2 connections and wham Acid Rock.

I am now really ready to go home!

I told them they had some bad NIC’s or bad cabling or Viri.

No they say cable ok, NIC’s ok Viri no do that! Now I am going home!

But I stayed a little longer decided to check for Viri.

So finally I go to a station to download a Norton update. Program expired, I just wanna go home! So I decide I will go for Stinger and PQRemove. 1.5 MB Cable. D/L started at 110K (windows say 1 minute at 110K) 20 seconds later (10 minutes at 25K) after a minute down to a speedy 512 byte! Download will complete tomorrow. Smile!

After I had them connect their laptop straight to the Cable modem we ruled out the ISP. Speed blazing. Back to Router, speed is slow!

So I finally use a week or two old copy of Stinger. Code Red, and get this, Yaha too! Newt what will this do to a LAN?

Finally on that trip I just left telling them to get a Virus scanner and get updated and clean the entire system with the switch off. And to call me when it was really finished and fixed.

Last Thursday back again. Network speed blazes Internet same slow dog. Helped them with this, called Ciso and Adelphia both no help. Finally at my suggestion we went to Staples and bought a little old LinkSys Router and replaced the Big old Cisco, BOOM. DSL reports, Toast and another speed test all hit from 1.3mb to 850K. Called Cisco back (now they let me call) I say are you gonna let little ole Linksys kick your Butt.

They tell us different things to do and try, and finally telnet in and try themselves to no avail. They think it is a bad router at first until I tell them we have a remote office with 10 computers with the same router doing the same perhaps we have 2 bad new routers. Hee hee hee!

They were going to check on something and call back but didn’t.

So now we still had a few computers that would not connect properly (these also where Viri began). These just happened to be a few of the best of the old computers that had not been replaced with new.

They had installed Norton Corporate edition. I updated and ran again, clean! I install SpyBot update and run, of course it was loaded. But here is the meat of this letter Adaware finds W32.Netspree.Worm using PSEXEC. Norton, up to date Stinger and PQRemove and SpyBot did not catch it but Adaware did!

As I cleaned the others I noticed a few other times when I ran Adaware after SpyBot as I always do that it did find things that SpyBot missed!

Bottom line for those in doubt, use them both!

Believe me it was not as much fun as it sounds! Now I am headed back tomorrow to finish up details. At least the big problems are fixed.

Mike

 

The above article by mflynn just strengthens what I have said for years.

" There is no single piece of software that will do or catch everything. "

Yes Mike. It does pay to to run more than one Spyware or AV program.

I also do run both S[ybot and Adaware. Every once in awhile one will catch something that the other does not.

Even as much as I trust Norton I still do an online AV check at least once a Month using Housecall. At least once that has paid off also.

BillyBob

 

Mike - if code red sneaked in there, stuff just wasn't configured right.

Was it that new flavor?

 

No it was the old Code Red but a newer YaHa!

But Newt the new Norton cleaned this. Problem their virus programs untill this were all out of date by a year or 2.

I wasn't so surprised about these 2 as as was about Adaware finding the W32.Netspree.Worm using PSEXEC when all the rest missed it.

I thought the new Norton had already become disabled so I put the Eicar test virus on this machine and it found it!

I checked the Norton site, it knows about and is supposed to find this virus, unless this was a newer version that knows how to hide from Norton.

Mike

 

man, what a story!

i don't do this stuff for a living but i still enjoyed what you posted, and the fact that nav missed a nasty was not lost on me (a big norton supporter). <g>

the multi-layered approach to security keeps popping back up as the best wtg...



mark

 

http://securityresponse.symantec.com/avcenter/venc/data/w32.netspree.worm.html
W32.Netspree.Worm
Category1
Discovered on: January 22, 2003

W32.Netspree.Worm is a worm that spreads over the network shares that are protected with trivial passwords.[/QUOTE]

Also sounds like some serious security training is in order, to enforce complex passwords.

About Adaware and Spybot S&D finding or not finding W32.Netspree.Worm or the files that the worm creates, I wouldn't expect that of an adware/spyware detection program. I would say that virus/trojan/worm detection is the job of an antivirus or anti-trojan program.

 

O yeah

Management is coming down on the users and they will be trained and I am placing special restrictions.

On the Virus, yes that is my point. You would not expect a Spy/Adware program to find it over a High perf dedicated virus scanner but Adaware did in fact when the others did not!

But now both SpyBot and Adaware to state that they do check for some of these things and this incident proved that.

I just did not expect it to out do the big boys!

Mike