ExchangeGroup
asked on
How to Remove Conficker virus
Hi all
I am sure everyone aware of the Conficker virus. We got our network infected yesterday with this nasty virus. Eventhough we had AVG installed, looked like some one brought this virus from their laptop.
Our office network has aroudn 40 desktops and 15 laptops and 5 servers (4virtual server and 1 physical server all running windows server 2003) running as DC, web and DB server etc..
The virus started on a desktop PC. After I noticed that I switched off all the servers first. Then I found that few PC's which had Mcafee showed the virus below
virus name at1.job Virus Type: conficker.worm.job
Virus Name: antwtllbhz.ca Virus Type: conficker.work.gen.a
Now I disconnected all the desktop and laptop Pc's from the network. Only the servers are running at the moment.
Can some one help me on
1. how to check the servers (windows server 2003) are infected, if it is how to cleanup
2. How to run the clean up on all the desktop and laptop Pc's?
I did a google search and found so many solutions but couldn't find which one really works. since this is affecting our entire network, I would like to remove this virus permanently..
Note: all the Pc's had the MS patch as well.
regards
Mat
I am sure everyone aware of the Conficker virus. We got our network infected yesterday with this nasty virus. Eventhough we had AVG installed, looked like some one brought this virus from their laptop.
Our office network has aroudn 40 desktops and 15 laptops and 5 servers (4virtual server and 1 physical server all running windows server 2003) running as DC, web and DB server etc..
The virus started on a desktop PC. After I noticed that I switched off all the servers first. Then I found that few PC's which had Mcafee showed the virus below
virus name at1.job Virus Type: conficker.worm.job
Virus Name: antwtllbhz.ca Virus Type: conficker.work.gen.a
Now I disconnected all the desktop and laptop Pc's from the network. Only the servers are running at the moment.
Can some one help me on
1. how to check the servers (windows server 2003) are infected, if it is how to cleanup
2. How to run the clean up on all the desktop and laptop Pc's?
I did a google search and found so many solutions but couldn't find which one really works. since this is affecting our entire network, I would like to remove this virus permanently..
Note: all the Pc's had the MS patch as well.
regards
Mat
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
vague_hit
oh, as far as running on all the computers at once from a central server, this is not really feasible as you really want to be scanning memory and low-level system files as well seeing as you are already infected. I know it's very time consuming but thats the way it goes sometimes! next time hopefully you are better protected.
just one more comment; before you run these removal tools, disable System Restore, to keep the worm from reinstalling on reboot. Run the tools again, before re-enabling System Restore, just as a precaution.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Vague hit
Thanks for your reply. I understand it is too late to regret, we had AVG but this virus could have been spread through USB stick. What is my concern is even though we have so many removal tools for different version of conficker, will the above tool you mentioned remove the conficker completely?
after spending so much time, we don't want to get infected again.. so just want be sure the above symantec and malware tools remove this completely..
The above tools can be run on windwso sever 2003 as well, right? As you mentioned we will be running PC by pc and sever by server.. on Monday.
Thanks for your reply. I understand it is too late to regret, we had AVG but this virus could have been spread through USB stick. What is my concern is even though we have so many removal tools for different version of conficker, will the above tool you mentioned remove the conficker completely?
after spending so much time, we don't want to get infected again.. so just want be sure the above symantec and malware tools remove this completely..
The above tools can be run on windwso sever 2003 as well, right? As you mentioned we will be running PC by pc and sever by server.. on Monday.
If you keep your computer up to date using windows update you should be able to just go to Start->Run and type in mrt.exe and press ok. This will launch Microsofts Malicious Software Removal Tool and should remove the problem.
ASKER
Hi all
I need some help on how to run remover tools on Exchange and DC server (running on one server). I read some article on excluding the mdb and .stm files...
Incase if I want to run this, Can I stop the IIS and Exchange information store and run this? at the moment exchange DB is on D drive. OR I just stop only IIS and run the scan on C drive?
I need some help on how to run remover tools on Exchange and DC server (running on one server). I read some article on excluding the mdb and .stm files...
Incase if I want to run this, Can I stop the IIS and Exchange information store and run this? at the moment exchange DB is on D drive. OR I just stop only IIS and run the scan on C drive?
At boot time press F8 and run windows in safe mode
hi there, yes the tool can be run on windows server 2003 and is for ALL versions of the conficker virus. also, malwarebytes finds and removes all instances of the virus as well. with the combination of both tools (be sure to allow malwarebytes to update when you run it too) it should eliminate all trace
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi all
We are doing the cleanups and will update you once we completed everything.
We are doing the cleanups and will update you once we completed everything.
The below question might be helpful:
https://www.experts-exchange.com/questions/24268820/April-1st-Virus.html
https://www.experts-exchange.com/questions/24268820/April-1st-Virus.html
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks all for your input.
We fixed the issue by running
1. Mcafee Stinger tool
2. Anti malware bytes and
3. updated AVG is installed
(System restore was disabled as well)
--------------------------
CB- We have done some research about the AV tools and AVG was the better option.. and we bought it as well. so need to stay with them until the contract runs out.
We fixed the issue by running
1. Mcafee Stinger tool
2. Anti malware bytes and
3. updated AVG is installed
(System restore was disabled as well)
--------------------------
CB- We have done some research about the AV tools and AVG was the better option.. and we bought it as well. so need to stay with them until the contract runs out.
I'm glad the issue is fixed! To be honest I'm a little worried that AVG allowed a virus through. A USB stick is just the new floppy disk so it should be expected that you'll be introducing them to the system.
It's one of the downsides of AVG, despite it having it's "100%" detection of known viruses, programs such as corporate McAfee and Kaspersky in particular are much better at discovering new viruses in the wild.
Still, best of luck in the future and I hope something like this doesnt happen again, or at least is not so messy to clean up :)
It's one of the downsides of AVG, despite it having it's "100%" detection of known viruses, programs such as corporate McAfee and Kaspersky in particular are much better at discovering new viruses in the wild.
Still, best of luck in the future and I hope something like this doesnt happen again, or at least is not so messy to clean up :)