It feels like months since I last blogged, but I’ve just been rushed off my feet, It all started on 16 May 2010, when I lost remote access to a client site, that weekend, I was supposed to be completing an SQL database upgrade. It had to be postponed because I couldn’t contact the site remotely via two different technologies, I suspected that there had been a catastrophic failure.
I received a telephone call on the way to the site on Monday 17th at 8.30am, it was apparent that something was seriosuly wrong.
Five minutes on-site, I discovered that the whole site had been infected with the W32/Conficker.worm, the client was running Sophos Anti-virus, but what made it worse that many of the Windows XP Workstations were not patched with MS08-67, many servers and workstations were infected across the site, and because it was found that some workstations were connected to both networks, both networks were infected. (so if you are reading this, and you’ve not run Windows/Microsoft Update for a while, do it today! – Backup first, and usual disclaimer applies!)
I was just getting the infection under control on one network, when one of the Domain Controllers failed on the other network with a disk corruption fault, which took me a day to recover the server, but the Active Directory Database was corrupted beyond repair and recovery, the Vertias IDR didn’t work, and I had to forceably evict the failed domain controller from the network.
This is what the passenger footwell of my car lo0ked like after two weeks…..
Note to self: Must go on a detox!