[itdiscuss] virus - unauthorized email sending

Bobby Stewart bStewart at brentwoodbaptist.com
Thu May 15 12:09:44 EDT 2008 

I agree to this practice as well. We maintain images of our standard systems. Any sign of suspicious behavior and the system is refreshed. 

This has some implications with the method we purchase Microsoft licensing for our systems. If you are not purchasing Microsoft licenses through an Open License arrangement such as their charity licensing, the legality of doing this is questionable. Check your particular licensing arrangement to be sure what options you have.

Note: The last time I reviewed our licensing options I found that it is not permissible to replicate images based on the OEM licensed version of the Microsoft Windows OS. However, it is permissible to create an image based on the media from an Open License purchase (Open License purchases for the Windows client OS can only be for system upgrades, not for systems that were purchased without an OS) and use that image for any system that has a valid license for that version of the OS (it doesn't matter whether it was licensed by the OEM or as an Open License upgrade purchase as long as it is the same version of the OS). Feel free to correct this statement.

Once in a while I'll take the time to attempt a repair on a system. I find that this helps me understand the ramifications of an infection. Even when I do this type of repair I perform a refresh because I've seen too many systems that have been cleaned have their badware ressurected. Doing this exercise also reminds me why I don't generally waste my time doing this exercise!

By-the-way, there are a lot of ways to replicate images but I have found that for us the disk copy units from Logicube along with our image creation process gives us an extremely fast method of delivering a rehabilitated system to a user. See their replication units at www.logicube.com 

Bobby

-----Original Message-----
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org] On Behalf Of Allen Madding
Sent: Thursday, May 15, 2008 9:48 AM
To: IT Discussion Forum
Subject: Re: [itdiscuss] virus - unauthorized email sending

Over the years I developed a general policy for these situations. If you start working on a virus/Trojan/malware problem, you start the clock. Once the clock shows two hours of work with no resolution, you stop, backup data, and reimage the system.

 
Allen Madding



-----Original Message-----
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org] On Behalf Of Justin Moore
Sent: Thursday, May 15, 2008 10:38 AM
To: IT Discussion Forum
Subject: Re: [itdiscuss] virus - unauthorized email sending

Not to be the bearer of bad news, but most of the time, it's a whole lot easier to just backup your data and wipe the box. Not only is it usually faster than spending hours or sometimes even DAYS trying to find what it is and clean it up, you also have the benefit of KNOWING that it's gone.

Typically, if I've worked for an hour using HiJackThis and AdAware/Spybot/etc and still haven't cleaned the system, I make the decision to just flatten it.

--
Justin Moore
Chief Tech Guru
Crestview Baptist Church
www.crestviewbaptistnc.org

_______________________________________________
it discuss mailing list: discuss at itdiscuss.org Mailing List: http://itdiscuss.org/discuss Web Discussion Board: http://itdiscuss.org/discuss-forum
Wiki: http://itdiscuss.org/wiki
Internet Relay Chat: irc://irc.freenode.net/citrt

--- Scanned by the Xcentric Email Security system (http://www.xcentricgroup.com) ---

_______________________________________________
it discuss mailing list: discuss at itdiscuss.org Mailing List: http://itdiscuss.org/discuss Web Discussion Board: http://itdiscuss.org/discuss-forum
Wiki: http://itdiscuss.org/wiki
Internet Relay Chat: irc://irc.freenode.net/citrt

More information about the discuss mailing list