Worm.Tenga.A - nasty little virus old school style. I'm currently dealing with this baby right now in one of my schools' networks. It infects PE exe's (any windows file with an exe extension basically) and it moves fast. It also moves across networks using public shares via the windows IPC$ browsing feature. Here are the steps for dealing with a virus breakout like this on a network.
- Shut down the network. Unplug all the machines from the network. You don't have much time cause this thing moves really quick. Especially if you have apps that run off of a network drive, Like many schools do.
- Work in segments. Take a section of the network at a time. Don't plug any machines back in until you've verified they are clean. This is very important. It takes roughly about 30 seconds for this thing to find an open share and move there.
- Educate your users. That virus may try to come back. It may have moved to a thumb drive, email attachment, burned CD, Floppy drive, or any number of other removable media sources, and you might not know. Make sure they understand the risk to the data on their network if they don't scan every file they run on the computer from one of those sources.