Hi....

Lot of machines on my office windows network are infected with the

w32.lovgate.R@mm

virus..Now the problem is, this virus remains on the network and keeps on infecting machines that are connected to the network....so suppose if I clean a machine completely, even then the virus infects that machine again...what can be done to control the viral infection given that I have around 100 machines to clean ??

This virus uses 'winpopup' and sends messages from one machine to another which is something like

'Message from abc to xyz'

Virus found!......blah blah blah

I really need some urgent help on this one as the number of infected machines on the network is increasing slowly but steadily which is driving me nuts.....

Thanks..

--amit

disconnect every machine then clean them, and make sure theres a good firewall in place so it wont come back thru the Internet (if you have a connection, if you don't them its time to start putting restrictions up so people cant infect the machine)

A quick look at viruslist.com and I see it's a nasty type of virus.. files everywhere..
http://www.viruslist.com/eng/viruslist.html?id=1666084

Because you may be dealing with ntfs partitions, you can't rely on GPL tools.
I suggest you make a clean XP machine, install an antivirus programme that can clean mailbox/pst files and clean each hard drive in turn in the clean XP machine. After a while you will have 2 clean machines to check with, then 4, then 8 etc
You can't afford to have a pc start before being cleaned unfortunately..

After each one is cleaned, make a boot disk that will remove the registry entries and consider installing antivirus software everywhere, esp the mail server.
Force ALL mail traffic through a mail server that will check/clean everything.
Unfortunately, you now are part of the world wide problem of spreading viruses from your network, so anything you can do to stop them leaving is a step in the right direction.

I hope you get some sleep over the next few days. Good luck.

Thanks for the sugesstions friends....but u should also see that there are 100 machines and recommended solution - scan each and every hard drive from the newly created xp machine ? looks difficult becos there are so many users and they have so much data that if I were to back up the data and then clean their systems, it would take weeks which is not desirable....I cannot also disconnect them from the network for too long as they need to share files and printers over the network frequently...My antivirus detects the virus, isnt able to clean it, so quarantines the file, or sometimes it deletes the file......but users keep on getting the 'winpopup' messages or messages from the antivirus......

I searched google and found lot of tools to clean this virus, but I would wanna ask if someone knows of a utility which will fully clean this virus in one go...

is there anything else that I can do to clean the virus fast?

Thanks and Regards,

--amit

I've been down this road several times..
Several times now I have spent a weekend with 2 other people stripping and cleaning.

It all comes down to disabling the virus in every machine..
But you need to have everybody off the network or they will get re-infected as they come back on..
Turn off the hubs/switches if necessary..

So you could first try the boot disk and the registry mods as described on the viruslist.com website to see if the virus is stopped from starting... and delete the known virus files..

Here is what has to be done.. find the removal tool for the virus, download all the patchs and hotfixes to bring windows up-to-date, get the virus definitions needed to detect the virus.

Put all that crap on a cd and hit each machine one by one pulling it off the network, clean the virus.. patch it up.. put it back on the network.. and move to the next machine.

This is about the only way you can go about taking care of all the machines.