My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Back to the news list

Dr.Web AV-Desk helped detect epidemics in school network

October 12, 2009

Russian schools have been provided with anti-virus software under the “Education” national priority project since 2008. Alas, the infection level in school networks remains rather high. Doctor Web engineers deploying the Dr.Web anti-virus service software in schools face the problem on daily basis. However, once Dr.Web anti-virus is installed and launched, the situation changes dramatically.

The free deployment program for schools in the Novosibirsk region has started on June 26, 2009. with Dr.Web AV-Desk providing anti-virus software featuring Parental control on school machines in the region.

With the parental control Dr.Web not only protects systems from malware but also blocks access to unwanted web-sites and helps avoiding contact with cyber-criminals making usage of Internet in classes more productive and completely safe.

Dr.Web anti-virus in action

A secondary school in a Russian town of Berdsk also joined the deployment program and it was the school’s network where the virus incident occurred.

It began when Doctor Web’s engineers working with the Dr.Web AV-Desk console detected a surge of viral activity in the school network. In three days the SpIDer Guard resident monitor neutralized around four hundred samples of malware. A subsequent analysis revealed that all programs were spread over the network from one workstation.

Doctor Web’s support engineers arrived at the site. The computer found to be the source of infection was completely unprotected. The system was compromised by Win32.HLLW.Shadow.based (aka Conficker). Outbound malicious traffic spread infection on all computers included in the domain to turn them into botnet zombies. Sites of many anti-virus vendors including and couldn’t be accessed from the compromised machine to ensure that curing software wouldn’t be downloaded onto the computer.

The malicious program had an administrator’s privileges so SpIDer Guard could only take out infected files as a process attempted to execute them. Consequently, an administrator password of the unprotected machine was also compromised. Attempting to change the password only reset it. Doctor Web support engineers had to change the password encryption algorithm in the domain and set stricter security rules.

When the infection in the compromised system was neutralized, there were still other computers in the domain to be cured. The new product from Doctor Web, its networking anti-virus utility Dr.Web CureNet! providing centralized scanning and curing, helped engineers to tackle the aftermath of the incident. Two hundred and seven infected objects were found during scanning of all workstations and servers. The threat was neutralized successfully.

Here the Dr.Web anti-virus service helped to detect the source of infection even though no Dr.Web software was installed on the compromised machine. The problem may have remained unsolved for a long time if the infection source wasn’t discovered promptly. Centralized monitoring of viral activities enabled support engineers to quickly track down the malware and neutralize it. In its turn Dr.Web CureNet! plaid its part in the final network clean-up performed on workstations and server without installation of the software on target machines.

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.

Other comments