cleaning up last of conficker
Posted on 2009-04-23
I had a system on the network get conficker.B. The machines that were patched and had virus software didn't catch the virus, but the infected machine was logged in with a domain admin account before anyone knew it was infected and that enabled it to add a bunch of crap on other machines on the network.
Norton deleted all of the c:\windows\randomfilename.ext as they were put on, but the virus also added over 1000 entries to c:\windows\tasks telling it to run rundll32.exe randomefilename.ext dsfhds
These would run every hour, on the hour. 20-50 each time.
Rundll32 would not exit on its own, so it consumed resources and slowed down the machines.
Now, I deleted all of those entries in that folder, and all computers except mine have stopped.
But I still get 30+ rundll32.exe every hour on the hour.
I've run housecall, norton's conficker cleaner, malwarebites, spybot, adaware and the combofix. They all say I'm clean.
Housecall actually told me to delete those scheduled tasks, so I let it... but it's still happening.
Anywhere else I can look for launched tasks?
BTW, vista ultimate, 4GB mem