Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

How to find virus/worm/trojan on network client

I am running a network-monitoring tool that pings my switches and servers continuously. Every hour on the 35 minute, I am suddenly unable to ping several of my Windows servers and Cisco switches. The switches all appear to be functioning correctly. This happens at 8:35, 9:35, 10:35, 11:35, and yesterday at 12:35. Then everything is fine until the next morning at 8:35. DFM is not reporting errors, but I have a different issue with that because only some of my switches are not showing in DFM. I will look into this after I fix the outage issue.

Could this be a workstation infected with a trojan? How would I go about finding out which client is infected? My intrusion detection devices are not detecting anything, but the signatures are often behind the curve. Workstations all have Trend OfficeScan installed, but it is difficult to know if all the machines that are on are up to date with the pattern file, since many workstations are only turned on once in a blue moon.

Thank you in advance for any advice on how to start looking for the culprit.


Re: How to find virus/worm/trojan on network client

Ya you are right. This could be because of a Virus. Make sure that you have the latest version of antivirus software on all your workstations. Check if there is any bulk traffic coming from any LAN segment or from any PC in particular. This should be useful in identifying the problem.

CreatePlease to create content