Announcement

Collapse
No announcement yet.

Conficker Virus

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Conficker Virus

    Hello ,

    We are using SBS 2000 and Winxp and Windows2k in clients . Now in clients system i found win32.confi virus ..now i have installed latest updates , scan full system ..remove virus ..install patch of microsoft ...now for a time being the vulnaribility stops and then again it starts attecking on my server ...

    Its basically lock down the account on server so that next time user can not login .....now i clean up the all the system and check but it comes once again ..so has anyone face this issue ever ...and what are steps to clean it ...

    please help ....

  • #2
    Re: Conficker Virus

    Have you tried looking at google? There are a plethora of Conficker removal tools.

    http://www.google.co.uk/search?q=con...ient=firefox-a

    Comment


    • #3
      Re: Conficker Virus

      I suggest reading the Symantec advice here......

      http://service1.symantec.com/SUPPORT...09033012483648

      Pay attention to disabling removable USB Hard Drives such as USB Pens etc.

      Then where necesaary using the available download here....

      http://www.symantec.com/security_res...011316-0247-99

      Its no easy ride, your gonna feel a bit of pain, for a day or two.....

      Good Luck....
      MCP 2003, XP, MCP Exchange 2003, Sonicwall CSSA, ITIL V3

      Comment


      • #4
        Re: Conficker Virus

        Hi ,

        Thanks for nice support ..i have download and run the tool on all the systems , run microsoft ms08-067 patch ...

        Also run the microsoft malicious software removal tool on all PC even though the on server some of the accounts are getting locked after some interval e.g 1 Hour or 30 Min ...

        Even also applied settings in GPO as per given by microsoft http://support.microsoft.com/kb/962007

        eventhough ..the problem still persists ..can any one please help me to resolve ..as my CEO's accounts got locked 50 times a day and now i think i will be fired from my position if problem still persists to him ...

        so please please help me ...

        Thanks ..

        Comment


        • #5
          Re: Conficker Virus

          What anti virus system are you running and are the definitions up to date?

          Thinking furtrher along.....If you are successfully removing the virus you muct be getting reinfected somehow.....
          Make sure autorun is disbaled for pen drives etc, thats the most likely source of reinfection. Do your users use usb / pen drives?

          Did you follow the instructions here http://www.symantec.com/security_res...011316-0247-99 accurately?

          We had an infection on one of our networks with the excact symtoms you are experiencing, but resolved it using symantecs advice.
          Don't take any shortcuts.....follow the advice.....
          Last edited by fergie; 21st July 2009, 14:43.
          MCP 2003, XP, MCP Exchange 2003, Sonicwall CSSA, ITIL V3

          Comment


          • #6
            Re: Conficker Virus

            Is this on ONE computer or MANY?

            If one, give the user a new one, recover files if needed / possible, and then format the sucker.
            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: Conficker Virus

              Hi ,

              I have tried all settings ...not skipped any steps ..but still some of the accounts in my AD is locked automatically ...including my CEO ...

              I do have a 35 systems in my office and 1 SBS 2000 Server so ..formatting would be quite time consuming for me ...

              can you please suggest any other solution ....please help ...

              Comment


              • #8
                Re: Conficker Virus

                I hear you ok, and I am considering your problem, and will post later, but you forgot to answer my question on your anti virus. What do you use and are the definitions up to date?
                MCP 2003, XP, MCP Exchange 2003, Sonicwall CSSA, ITIL V3

                Comment


                • #9
                  Re: Conficker Virus

                  Hi ,

                  We do have AVG 8.5 antivirus with latest update installed ...i have also scan and remove all the infections install patch , make registry settings ...everything eventhough some of the some of the accounts in my AD are still automatically blocked ...I have even remove default sharing NET SHARE C$ /delete
                  NET SHARE D$ /delete
                  NET SHARE admin$ /delete
                  and ask user to implement 15 charecters long stron password even though there accounts are locked ...

                  why so ...also in system log there is no entries are coming that someone's account is locked and what may the reason ...i got really tired from conficker ..please help me ...

                  Thanks ...

                  Comment


                  • #10
                    Re: Conficker Virus

                    Hi ,

                    Where can i found the account locked log files entries ...in system log and security audit log no entries are coming ...so is there any tool available from which i can trace that what may the reason why the accounts are get locked ...

                    Please help ...

                    Thanks

                    Comment


                    • #11
                      Re: Conficker Virus

                      Good work on the shares.....

                      Have you installed MS Patch KB958644? If not you need to do this.
                      Please note this will disconnect any shared drives that will need re shared.

                      Then run the Symantec removal tool on your server.

                      After that run a Full AVG system Scan. Hopefully that will take care of your server.

                      For your workstations either install XP SP3 or install the patch.
                      MCP 2003, XP, MCP Exchange 2003, Sonicwall CSSA, ITIL V3

                      Comment


                      • #12
                        Re: Conficker Virus

                        Originally posted by nehanda View Post
                        Hi ,

                        Where can i found the account locked log files entries ...in system log and security audit log no entries are coming ...so is there any tool available from which i can trace that what may the reason why the accounts are get locked ...

                        Please help ...

                        Thanks
                        You can run a script to find out which accounts are locked out....Let me know if you wantit. I dont see the point though, this is what conflicker does. They'll keep locking out until you get it resolved.
                        MCP 2003, XP, MCP Exchange 2003, Sonicwall CSSA, ITIL V3

                        Comment


                        • #13
                          Re: Conficker Virus

                          Hi ,

                          I have try to download the patch MS Patch KB958644 but it tooks me to the patch http://www.microsoft.com/technet/sec.../MS08-067.mspx

                          which i have already installed ..also one more thing i have notice that the users who are using win xp ( SP3 installed ) and windows vista users only facing the issue and their account are get locked on AD..not w2k professional users are having and only ..i have also run the same process which you have described on all clients and server ..even though the account is get locked ...

                          so what may be the reason ...behind this ...please help ...

                          Thanks ...

                          Comment


                          • #14
                            Re: Conficker Virus

                            Ok, do you then run the Symantec removal tool?
                            Then what does the report from a full AVG scan say?

                            You can check for sure whether or not the KB is installed on your server by going to Add / Remove programs and selecting the tickbox Show Updates.

                            If none of this works, you gonna have to go back to your original document....http://support.microsoft.com/kb/962007

                            Pay attention to and make sure you have the GPO settings right.
                            Also run the Run the Malicious Software Removal tool
                            Follow the steps on - Manual steps to remove the Conficker.b variant

                            And finally run through the section on "Verify that the system is clean", you will get there, just be patient and persistent.
                            Last edited by fergie; 22nd July 2009, 15:16. Reason: Updated
                            MCP 2003, XP, MCP Exchange 2003, Sonicwall CSSA, ITIL V3

                            Comment


                            • #15
                              Re: Conficker Virus

                              Hi ,

                              I have disable all the network sharing and run symantec tool but it says there is no conficker process found on server ...also i do have a exchange server SBS 2000 so how do i run Malicious software removal tool on my server directly ...as its not having the option to give exception for M: drive ....is there some way ...


                              Also i have install that MS patch on server and its showing me in add/remove program list ...

                              on client i have run it but got msg that no process / infection found ...


                              Please help ...

                              Thanks ...

                              Comment

                              Working...
                              X