?
Solved

Conficker Infection

Posted on 2014-09-29
14
Medium Priority
?
173 Views
Last Modified: 2016-02-25
Hey guys,

We got blacklisted for SPAM, and it appears our network has the conficker room. What is the best tool we can run on all the PC's to remove it asap?
0
Comment
Question by:Cobra25
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +1
14 Comments
 
LVL 82

Accepted Solution

by:
David Johnson, CD, MVP earned 2000 total points
ID: 40350268
Sophos recommends:

    Apply the MS08-67 patch
    Disable file and print sharing
    Strengthen your password
    Turn off autorun for USB devices
    Apply a device control policy
    Finally, make sure that patches, and an effective antivirus solution and firewall are installed, running and up to date.

Sophos Virus Cleaner http://www.sophos.com/en-us/products/free-tools/conficker-removal-tool.aspx
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40350293
i ran that sophos tool, but only 1 pc came back with any virus activity. Is there any others that work better?
0
 
LVL 63

Expert Comment

by:☠ MASQ ☠
ID: 40350345
It is of course quite possible that just one machine has been infected, or that you have port blocking enabled on 445 for TCP.

If you want a second opinion on affected machines on the network try McAfee's tool as well
0
Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

 
LVL 50

Expert Comment

by:jcimarron
ID: 40350431
Cobra25--
Try the removal tool from Bit Defender
http://www.bdtools.net/
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40353496
So far scanned all pcs. No luck finding it. Any other suggestions?
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 40353512
Cobra25----
I understand that BitDefender's Conficker removal tool did not help.
A Clean Install may be the only solution.
http://www.sevenforums.com/tutorials/1649-clean-install-windows-7-a.html

A Repair Install is easier to recover from but no guarantee that malware will be removed.
http://www.sevenforums.com/tutorials/3413-repair-install.html
0
 
LVL 63

Expert Comment

by:☠ MASQ ☠
ID: 40353524
So the one PC that showed up as infected is now clean?

Are you getting any Port 445 traffic?
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40353538
I dont know which pc it is. How do I see 445 traffic?
0
 
LVL 63

Expert Comment

by:☠ MASQ ☠
ID: 40353545
You said "i ran that sophos tool, but only 1 pc came back with any virus activity. " - did you not get a hostname or IP with the Sophos tool?
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40353557
It was not conficker on that machine.
0
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 40353572
then what was it.. and why did you think it was conficker in the first place?
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 40353648
Cobra25--
You said  "So far scanned all pcs. No luck finding it"

And then you said "It was not conficker on that machine. "  But you earlier said "all pcs".

So what, precisely, is the problem at this point?
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40353658
Still getting blacklisted due to conficker...
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 40353667
Cobra25--
At least two posters have asked how you know your problem is with Conficker when you say you have used all the antimalware removers suggested.
We are only trying to help.
If nothing else works see post http:#a40353512
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Configuring Remote Assistance for use with SCCM
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question