Conflicker Worm Removed but Still account lockout

Posted on 2009-04-17
Last Modified: 2013-12-23
Hi Guru's
We had the confliker worm ..and managed to remove it and install Mcafeee and Windows patches as mentioned. Now we have a strange problem, now and then a computer shows up in the Event viewer with ID 644 and the computer name is not part of our network nor pingable.

This computer keeps locking users from AD and causes grief to us. How is this possible?...and how can we identify the source of this computer...?

Please help...b/c this is causing us downtime.....

Question by:Chemtrade
    LVL 11

    Expert Comment

    by:Abhay Pujari
    I think there is still a threat lying in your network. Shutdown all the machines. Scan servsers first in safe mode. Update them. On one by one machine in safe mode, scan and update. This sounds weired but this can work wonders.
    How many systems you have in your network?

    Author Comment

    Thanks..more than 550 this may a issue
    LVL 11

    Accepted Solution

    Yes, true. 550 is a large number but to remove worm, you have to go through this pain. There may be some other tricks, I need to search for it though. I had this problem and I spent 3 sleepless nights to resolve this. Fortunately I had only 60 machines and some 20 Laptops.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now