XP Guardian et al danger

Microsoft Windows server 2003 r2 standar...
March 8, 2010 at 11:27:23
Specs: Windows 2003 R2 Server, XP clients, 2000 clients
One of my users managed to get infected with the XP Guardian crap. I think I finally got rid of it after using SpyBot, repairing the XP installation, and deleting her user profile. However, I am wondering about its ability to infect our network. We use roaming profiles and run Windows 2003 R2 server. Is the XP Guardian dangerous to the network or is it something that just installs on the local machine? Also, how in the heck did it get past our SonicWall firewall in the first place?

See More: XP Guardian et al danger

Report •


#1
March 8, 2010 at 14:48:35
Usually gets in through java. If you are not using the newest java update versioin 6 update 18 then you are asking for the infection and failure to install microsoft updates. Most larger cooperations just will not except this as an answer. I work for a huge paper group and they think Norton's Corp. version will stop these types of infections but it will not slow it down with a port sitting there open, it can't and nothing else will either. Out IT's just ghost all the systems and at the first sign of a prob they reimage.

And it will screw up a network, change all kind of settings and eventually bring the computer to a stall. It can infect servers and routers. The router can usually just be reset. A firewall is useless against it.

Windows has a patch but it is not yet available that will help alot.


Report •

#2
March 8, 2010 at 15:30:55
So what do I do for my server?

Report •

#3
March 8, 2010 at 19:14:11
If you do not have java installed on it, windows updates are up-to-date, a good av, firewall and antispyware you should be ok. Of course no p2p's. One thing I did not mention earlier is that adobe reader can be exploited the same way as java although that has not shown up as an issue lately but it can be one so update to its newest version.

Most servers are well kept and are a median or hub and do not seem to be affected as much as a work stations or end users computer which is probably by design, it is capable of havoc given a port to infect them.


Report •

Related Solutions

#4
March 8, 2010 at 21:48:42
The server doesn't have Java (I'm almost certain) and I have Norton Corp and Spybot running on it. It is behind a SonicWall firewall (as are all our computers). Our server is used for file storage and runs a database and courseware (we are a small elementary school). Overall we are probably fairly safe. Most of our browsing is to gmail or elementary education websites. We believe the user that got infected got it from the dex on-line phone book site. I'm really concerned about it spreading from one computer to another or is that even possible without the users browsing to infected sites? I updated the Java on all my workstations tonight. I hope that was wise. Clicking the Java update notification in the tray installed version 6 update 16.

One thing, on the computer that was infected. I cleaned it with Spybot and then repaired the XP installation from the install disc. After that when logging on we got a box about installing Windows Document Viewer that prompted for a CD. Is this part of the infection and it really isn't clean? It appears here http://www.ehow.com/way_6030738_do-... that it is likely just wanting the hp printer CD or the MS Office one.

This has me so tied up in knots as I'm obviously an amateur and am the only IT person in the school.


Report •

#5
March 9, 2010 at 03:51:43
Try updating the msviewer per the instructions given by Preveen at this link, it is not part of the infection.

http://forums11.itrc.hp.com/service...


Report •

#6
March 9, 2010 at 04:52:39
Thanks! Did I do the right thing updating the Java? Will it just spread unassisted through computers?

Report •

#7
March 9, 2010 at 18:02:24
If you have any symptoms lets us know, if you killed the infection you should be ok.

Report •

#8
March 9, 2010 at 18:06:58
If you have a program that will not run after updating java you will be forced to download an older version of java, version 5 update 6 for us, then you will be setting there like a sitting duck. Hope that is not the case for you.

Report •

#9
March 12, 2010 at 21:28:36
Hellp,
XP Guardian is a rogue spyware virus. this program is a fake tool wich appears to be a security program, although it is a virus itself. to remove XP Guardian virus, follow the instructions from
http://darfuns.com/spyware-removal/...

Report •


Ask Question