My network has been infected with the net-worm.win32.dq or conficker worm and we are having a problem with a machine broadcasting this worm across the whole network and trying to infect other machines. We have patched all of our machines (or belive we have) with the microsoft patch and our anti virus is up to date and working, however this is still being broadcast. The problem is that I cannot trace where this broadcast is coming from, is there any tools etc...or knowledge you can share with me to help trace this broadcast?
Below is the message my machines receive when this rogue machine tries to send it...however no record is made of where it came from.
Event Type: Warning
Event Source: Anti-Virus
Event Category: None
Event ID: 0
Net-Worm.Win32.Kido.dq has been found in
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.