Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 183
  • Last Modified:

Conficker Infection

Hey guys,

We got blacklisted for SPAM, and it appears our network has the conficker room. What is the best tool we can run on all the PC's to remove it asap?
0
Cobra25
Asked:
Cobra25
  • 5
  • 4
  • 3
  • +1
1 Solution
 
David Johnson, CD, MVPOwnerCommented:
Sophos recommends:

    Apply the MS08-67 patch
    Disable file and print sharing
    Strengthen your password
    Turn off autorun for USB devices
    Apply a device control policy
    Finally, make sure that patches, and an effective antivirus solution and firewall are installed, running and up to date.

Sophos Virus Cleaner http://www.sophos.com/en-us/products/free-tools/conficker-removal-tool.aspx
0
 
Cobra25Author Commented:
i ran that sophos tool, but only 1 pc came back with any virus activity. Is there any others that work better?
0
 
☠ MASQ ☠Commented:
It is of course quite possible that just one machine has been infected, or that you have port blocking enabled on 445 for TCP.

If you want a second opinion on affected machines on the network try McAfee's tool as well
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
jcimarronCommented:
Cobra25--
Try the removal tool from Bit Defender
http://www.bdtools.net/
0
 
Cobra25Author Commented:
So far scanned all pcs. No luck finding it. Any other suggestions?
0
 
jcimarronCommented:
Cobra25----
I understand that BitDefender's Conficker removal tool did not help.
A Clean Install may be the only solution.
http://www.sevenforums.com/tutorials/1649-clean-install-windows-7-a.html

A Repair Install is easier to recover from but no guarantee that malware will be removed.
http://www.sevenforums.com/tutorials/3413-repair-install.html
0
 
☠ MASQ ☠Commented:
So the one PC that showed up as infected is now clean?

Are you getting any Port 445 traffic?
0
 
Cobra25Author Commented:
I dont know which pc it is. How do I see 445 traffic?
0
 
☠ MASQ ☠Commented:
You said "i ran that sophos tool, but only 1 pc came back with any virus activity. " - did you not get a hostname or IP with the Sophos tool?
0
 
Cobra25Author Commented:
It was not conficker on that machine.
0
 
David Johnson, CD, MVPOwnerCommented:
then what was it.. and why did you think it was conficker in the first place?
0
 
jcimarronCommented:
Cobra25--
You said  "So far scanned all pcs. No luck finding it"

And then you said "It was not conficker on that machine. "  But you earlier said "all pcs".

So what, precisely, is the problem at this point?
0
 
Cobra25Author Commented:
Still getting blacklisted due to conficker...
0
 
jcimarronCommented:
Cobra25--
At least two posters have asked how you know your problem is with Conficker when you say you have used all the antimalware removers suggested.
We are only trying to help.
If nothing else works see post http:#a40353512
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 5
  • 4
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now