Kevin Murray (claystorm) wrote,
Kevin Murray

Who needs sleep....

I have my different things in the office setup to e-mail my phone when things happen. For example, when there is a RAID event on the server, it sends my phone an e-mail. If the SQL Server fuck's up, then I get an e-mail, and last but not least, if it finds a virus on one of my server's I get an e-mail about it. I have it setup this way so I know when major things are going down, so I can avoid major problems or at least get a jump start on issues.

We I got woken up by one of these e-mails this morning at 1:07am. So being that I am deep in sleep, I think its my alarm going off, so I wake up enough to shut it off. This is when I realize that its not 5am which is when my alarm was set to go off. So I wake up a little more to figure out its a text message. So at first I figure someone text'ed me or something, so as I check it, I realize that its a notification to "Check your PCS Mail!". Looking at the address I see its an internal CAC email address, that this is when I wake full up.

I check my PCS Mail, and it tells me "AVG Resident Shield Alert Found: W97M/Pri on SERVER". Now it has my full attention and I am well awake. So I get out of bed (mind you I have been looking at all of this from my cellphone in bed, still half asleep) and fire up my MAC MINI to research the virus. Looking at AVG's website, I see that it's a "Macro-virus written in VBA language (Visual Basic for Applications), which infects Word documents within MS Office 97, 2000, XP and 2003."

Since it's on "SERVER" which is our Windows NT Server box, I have to use my laptop running Windows XP to access it. So I fire that bad boy up and open the VPN connection to the office. I open the pcAnywhere connection to server, and log-on. I do not see any virus notifications on screen, but that may just be cus it timed out. So I open AVG (our anti-virus software), and look, and sure as shit, a freaking really old word document is found to be infected. Seeing no major wide-spread infection, I try to heal the file first, but it fails. So then I move it to the "Virus-Fault" so it can not infect anything else.

Right now I have a full-scan of the system running and am going back to bed as there is nothing I can do about it right this second, plus if it finds anything else, I will just get an e-mail on my phone. I think that AVG change one of the properties that it scans for "W97M/Pri" with, and it found it on our server. The major reason why I am not worried right now, is that the directory it was found it, is from an former controls employee who has not worked at our site in like 2 years, and I know his computer is no longer on site.

So here to not getting anymore e-mails on my cell-phone before the morning. LOL. Hey, a boy can wish right?
Tags: keyword-18, keyword-19, keyword-261
  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.