A larger company has now contracted the virus called Cryptolocker and trying to track the PC down has been a bit of a nightmare as no-one has owned up to opening it.
Eventually, it was found on a PC in a remote corner of the office. To track it down, I used the Share and Storage Manager present in Windows Server 2008.
By using the Share and Storage Management console and looking at the Open Files information, I could see a particular user opening and closing 6-8 files at once thereby tracking down the culprit PC.
A few things to note about this virus is that it has to encrypt every single file - which on a server with lots of data can take a LOT of time. So 12 hours later it had only completed half of the available shares.
Removed, restored and done. Finding the user in the Share and Storage manager (open files) saved me a lot of time though.
Eventually, it was found on a PC in a remote corner of the office. To track it down, I used the Share and Storage Manager present in Windows Server 2008.
By using the Share and Storage Management console and looking at the Open Files information, I could see a particular user opening and closing 6-8 files at once thereby tracking down the culprit PC.
A few things to note about this virus is that it has to encrypt every single file - which on a server with lots of data can take a LOT of time. So 12 hours later it had only completed half of the available shares.
Removed, restored and done. Finding the user in the Share and Storage manager (open files) saved me a lot of time though.
No comments:
Post a Comment