Archive for NAV

Malware Fighting Fun – IE-AV

Have spent a full day this week tracking down and getting rid of some crap one of my users got while watching videos online.  I wanted to document where I found help for this as it may help others and I don’t want to forget what I did.

The problem was that everytime my user (let’s call him John) went to the internet. . he could get a site, but if he tried to click on a second link, he was directed to a bogus website that told him he needed to install the ie-av program.  John had Norton, so I ran that and it found nothing out of the ordinary, so I then did a quick install of Ad-Aware and Spybot.  They found lots of things, but didn’t really help my problem much.  So it was off to Google and a search for IE-AV which led me to a great site where there was ample information and instructions.  NOTE:  I found the comments at the end of this blog most helpful in getting this off John’s PC.

It turns out, that all I really needed to do was uninstall the .dll files that had been dumped in the WINDOWS\System32 directory.  Now, an interesting if not disturbing sidenote is that, when I went into the \WINDOWS directory and the \System32 directory it popped up IE and the same annoying site.  For me, I had three files (g2tool.dll, gtool~1.dll and Gtool.dll) that I needed to delete, and I did have to go into Safe Mode to delete one of them.  A reboot and all was good.

I still want to rebuild that computer, as I am not at all convinced it is “clean” but for now, John is happy and thinks I do great work. . .today a Hero. . .tomorrow?  Who knows?

Advertisements

Adding a Secondary Server to Symantec Corporate Version 10

Someone mistakenly made one of our oldest, most ready-to-die servers the Secondary Server at our location a year ago, so I needed to rectify that quick this week since that server is really ready-to-die now.  I could not find any great documentation really on how you go about doing that, but was able to get it working anyway.

I logged into the Symantec System Center that installed on my main server and really did almost everything from there.  I first had to unlock my server group, and then I chose Tools -> AntiVirus Server Rollout.  I followed the wizard that came up, basically I had to choose my new server, identify the group I wanted to associate with it, and then install it on the new server.  After restarting the server it was installed on, I only had to drag and drop my clients from one server to the other.  It couldn’t have been more simple.

Based on some instructions I found, I could have also installed it from a CD, but since I don’t have those here at our location, this was the way to go for me.  I am off now to disable the old server and then uninstall Symantec from that system.