locked
WHS network critical warning due to Trojan/virus RRS feed

  • General discussion

  • I wanted to tell the forum about a WHS network-critical warning that, in my case, indicated a virus/Trojan infection on a client machine and may help others in a similar situation.

     

    I have been running WHS for about two months, with five desktops and laptops running both WinXP and Vista, with no issues.  WHS recently gave a network critical warning about the Vista laptop (which goes away to college with one of my daughters), saying Windows Automatic Updates were turned off.  This error message has never appeared before, and on this machine updates had always been enabled for download, but with permission required to install.

     

    As it turns out, the machine had become infected with several Trojans and viruses from the college’s network (VDundo, Lowzone, and several others) which disabled updates, blocked other security features, and caused annoying but official-looking popups which my daughter mistakenly assumed were from the college’s network.  This laptop was running Norton AntiVirus and there is apparently a serious conflict between Vista’s firewall and Norton Antivirus which partially disabled both of them and allowed the infections.  Even with the full system scan, Norton was unable to detect or prevent any of these infections.  Fortunately, the WHS warning, although indicating a totally different problem, led me to the discovery of the infection due to this bizarre behavior.

     

    Unfortunately the system was trashed, and since I could not determine when the infection had occurred, I considered all of this computer’s backups on WHS suspect and deleted them.  I also did not want to risk any more exposure of the WHS server to these infections, so I transferred the user files to an external hard drive and then re-installed Vista with the recovery disks.  I then scanned the external drive with Avast! and Counterspy before copying anything back to the laptop, which is how I was able to identify and delete the infected files, although this was after-the-fact.

     

    As a long-time (10 years plus) Norton user, I’m disappointed in this performance, but Avast seems to be an excellent replacement, operates much more reliably with both WinXP and Vista, and provides a WHS version which I will also be installing.  My general conclusion is that the WHS network monitoring is a very valuable feature and can indicate other serious problems with clients, especially if an unusual error pops up unexpectedly as it did here.

    Wednesday, June 4, 2008 11:08 PM