Solved

Conficker Infection

Posted on 2014-09-29
14
169 Views
Last Modified: 2016-02-25
Hey guys,

We got blacklisted for SPAM, and it appears our network has the conficker room. What is the best tool we can run on all the PC's to remove it asap?
0
Comment
Question by:Cobra25
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +1
14 Comments
 
LVL 80

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 40350268
Sophos recommends:

    Apply the MS08-67 patch
    Disable file and print sharing
    Strengthen your password
    Turn off autorun for USB devices
    Apply a device control policy
    Finally, make sure that patches, and an effective antivirus solution and firewall are installed, running and up to date.

Sophos Virus Cleaner http://www.sophos.com/en-us/products/free-tools/conficker-removal-tool.aspx
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40350293
i ran that sophos tool, but only 1 pc came back with any virus activity. Is there any others that work better?
0
 
LVL 62

Expert Comment

by:☠ MASQ ☠
ID: 40350345
It is of course quite possible that just one machine has been infected, or that you have port blocking enabled on 445 for TCP.

If you want a second opinion on affected machines on the network try McAfee's tool as well
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 50

Expert Comment

by:jcimarron
ID: 40350431
Cobra25--
Try the removal tool from Bit Defender
http://www.bdtools.net/
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40353496
So far scanned all pcs. No luck finding it. Any other suggestions?
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 40353512
Cobra25----
I understand that BitDefender's Conficker removal tool did not help.
A Clean Install may be the only solution.
http://www.sevenforums.com/tutorials/1649-clean-install-windows-7-a.html

A Repair Install is easier to recover from but no guarantee that malware will be removed.
http://www.sevenforums.com/tutorials/3413-repair-install.html
0
 
LVL 62

Expert Comment

by:☠ MASQ ☠
ID: 40353524
So the one PC that showed up as infected is now clean?

Are you getting any Port 445 traffic?
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40353538
I dont know which pc it is. How do I see 445 traffic?
0
 
LVL 62

Expert Comment

by:☠ MASQ ☠
ID: 40353545
You said "i ran that sophos tool, but only 1 pc came back with any virus activity. " - did you not get a hostname or IP with the Sophos tool?
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40353557
It was not conficker on that machine.
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 40353572
then what was it.. and why did you think it was conficker in the first place?
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 40353648
Cobra25--
You said  "So far scanned all pcs. No luck finding it"

And then you said "It was not conficker on that machine. "  But you earlier said "all pcs".

So what, precisely, is the problem at this point?
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40353658
Still getting blacklisted due to conficker...
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 40353667
Cobra25--
At least two posters have asked how you know your problem is with Conficker when you say you have used all the antimalware removers suggested.
We are only trying to help.
If nothing else works see post http:#a40353512
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VPN Server Configuration in windows 7 7 41
Disable SSL 3 6 34
Network adapter failed to start 5 38
system default settings 4 25
When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question