We help IT Professionals succeed at work.

Run worm removal tool over network (pc's & servers)

janhoedt
janhoedt asked
on
455 Views
Last Modified: 2012-08-13
Hi,

We found a worm on a server which was not detected by the virusscanner (net-worm.win32.kido). There is a tool of Symantec to remove it. How can we launch it to all pc's/servers in the network without having a tool (SCCM or other) to do so?
Comment
Watch Question

Neil RussellTechnical Development Lead

Commented:
Firstly, if you have a work on your network that was not detected, the first thing I would be doing is isolating ALL machines from the network until they are cleaned.

How big is your network? How many PC's/servers?

Author

Commented:
With psexec I can run the scan remotely but it doesn't show any output.
The worm generates an x-file in c:\windows\system32 so it would be good to scan for this file over the domain.
Neil RussellTechnical Development Lead

Commented:
Worms spread over network connections. Are you 100% certain that you have now taken ALL the correct precautions to STOP this worm from spreading over your network?
Removing it from one machine and leaving it connected to the network with lots of other infected machines is not generally a good idea.

Confliker is great at reinfectinbg and you can spend days chasing your tail around trying to get rid of it.

Are ALL your computers uptodate with ALL windows updates?

Read HERE

Author

Commented:
In theory you are right, practically it is not possible to ask all users to disconnect. It 's just not possible. Please let's not discuss that.

I only want to know how to run a worm-remover tool with pstools en generating logfiles on remote share.

Author

Commented:
Note: yes, all pc's have updated virusscanners but apparently not all detect the virus correctly. Yes, we should speak to the vendor, we are working on it, but it doesn't help us know.

Author

Commented:
Note: this is what I found but it did not work:

---
I had the same issue and had to tell PSEXEC to run as an admin user on the remote machine:

psexec \\serverIP -u DOMAINNAME\username -p PaSsWoRd ipconfig /all > c:\output.log
---
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Neil RussellTechnical Development Lead

Commented:
As I said earlier and has been asserted by Russell_Venable you NEED to issolate these machines from the network. Confliker is not just a simple little infection like a pimple on the end of your nose.

I have been to sites that have been TRYING to clear a confliker infection for over a week to help them out ALL BECAUSE they did not listen to the advice of disconecting.

You can ask for expert advice OR you can ask for advise on how to do things your own way and then next week come back and ask for the expert advise again.....
I was serious too. If your still having problems with this virus I will take my time to help out. I know how it works.  I also have a few tools that scan for infected machines. Helps in isolating certain variants of this malware. I believe the conficker working group site is still up as well.

They have a site that allows you to test if you have it.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.