Our network got hit with the latest variant of lovegate, because a few of our brightest users chose to cancel the virus update "because it just slows everything down so much".

I've never seen anything like this, servers that are protected are having their network shares filled with 105kb files.... we lost 20 gigs on one server because 10 to 15 of these tiny virus executables were being thrown into every folder on the server. The servers due to the delicate nature of our data here are set to clean... so the files are benign but cleaning them has become unbearable.

1 user turned into 5 into 10 into, 1 out of 5 pc's on our network became infested, and most of these users where only 1 or 2 dat updates behind.

The amount of files this thing generates is really unbelievable and the way in which it does it is really amazing. It uses password files to gain access to shares that arent' open to everyone... feeding common names and passwords until it gains access if it can... then the file distribution begins.

Needless to say my overtime has gone through the roof... and we still have no clear handle on the virus attack. We used tools provided from mcaffee but we're still cleaning files and trying to track down all the culprits... This is really insane.

/me goes to make sure the virus signatures are updated on his servers....

They were dated the 7th... which is good, but I'm getting even more recent ones now...

Yeah... make sure your users are updated too... thats what screwed us...

Also... most of this stuff only affected us by creating an enormous amout of data to clean. However if someone is stupid enough to click one of the .exe's... he he.. lets just say one of our PM's sent over 8000 emails out... replys to everyone in her inbox.

Yeah... make sure your users are updated too... thats what screwed us...

Yup. Sent the group email just seconds after making that last post...

lets just say one of our PM's sent over 8000 emails out...

Main reason why I hate Outlook so much.

We used tools provided from mcaffee but we're still cleaning files and trying to track down all the culprits... This is really insane.

Are you using mcaffee as your main antivirus?

All the networks I've setup antivirus on use Symantec Enterprise, the users aren't given access to turn the client or the updates off.

Unfortunately we just fix whats broken someone else in their infinate wisdom buys the software we use virus scan 4.51

Oh, Lovegate. I thought that said Lovelace, and was wondering why there was a frown for the icon.

Oops.

Unfortunately we just fix whats broken someone else in their infinate wisdom buys the software we use virus scan 4.51

oh well, job security eh?