Solved

Conficker Infection

Posted on 2014-09-29
14
170 Views
Last Modified: 2016-02-25
Hey guys,

We got blacklisted for SPAM, and it appears our network has the conficker room. What is the best tool we can run on all the PC's to remove it asap?
0
Comment
Question by:Cobra25
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +1
14 Comments
 
LVL 81

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 40350268
Sophos recommends:

    Apply the MS08-67 patch
    Disable file and print sharing
    Strengthen your password
    Turn off autorun for USB devices
    Apply a device control policy
    Finally, make sure that patches, and an effective antivirus solution and firewall are installed, running and up to date.

Sophos Virus Cleaner http://www.sophos.com/en-us/products/free-tools/conficker-removal-tool.aspx
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40350293
i ran that sophos tool, but only 1 pc came back with any virus activity. Is there any others that work better?
0
 
LVL 62

Expert Comment

by:☠ MASQ ☠
ID: 40350345
It is of course quite possible that just one machine has been infected, or that you have port blocking enabled on 445 for TCP.

If you want a second opinion on affected machines on the network try McAfee's tool as well
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 
LVL 50

Expert Comment

by:jcimarron
ID: 40350431
Cobra25--
Try the removal tool from Bit Defender
http://www.bdtools.net/
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40353496
So far scanned all pcs. No luck finding it. Any other suggestions?
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 40353512
Cobra25----
I understand that BitDefender's Conficker removal tool did not help.
A Clean Install may be the only solution.
http://www.sevenforums.com/tutorials/1649-clean-install-windows-7-a.html

A Repair Install is easier to recover from but no guarantee that malware will be removed.
http://www.sevenforums.com/tutorials/3413-repair-install.html
0
 
LVL 62

Expert Comment

by:☠ MASQ ☠
ID: 40353524
So the one PC that showed up as infected is now clean?

Are you getting any Port 445 traffic?
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40353538
I dont know which pc it is. How do I see 445 traffic?
0
 
LVL 62

Expert Comment

by:☠ MASQ ☠
ID: 40353545
You said "i ran that sophos tool, but only 1 pc came back with any virus activity. " - did you not get a hostname or IP with the Sophos tool?
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40353557
It was not conficker on that machine.
0
 
LVL 81

Expert Comment

by:David Johnson, CD, MVP
ID: 40353572
then what was it.. and why did you think it was conficker in the first place?
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 40353648
Cobra25--
You said  "So far scanned all pcs. No luck finding it"

And then you said "It was not conficker on that machine. "  But you earlier said "all pcs".

So what, precisely, is the problem at this point?
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40353658
Still getting blacklisted due to conficker...
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 40353667
Cobra25--
At least two posters have asked how you know your problem is with Conficker when you say you have used all the antimalware removers suggested.
We are only trying to help.
If nothing else works see post http:#a40353512
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question