Conficker Virus Infection: Where did it start? [closed]

Posted on

Conficker Virus Infection: Where did it start? [closed] – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.

But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about windows, malware, , , .

I have a network-wide Conficker infestation, and we have been working on starting virus scans on all our servers and workstations. It is being erased one by one, but I was wondering if there is a good way to find out which computer it initially started out on.

Also any ideas on how to get rid of it would be appreciated… 😀

Does anyone have any ideas on how I could find that out?


Solution :

The best way to find out what computer it initially started on is to have some kind of centralized antivirus manager that includes reporting.

Since this is tagged linux as well as Windows, I’m going to share Detecting Conficker with Nmap (an oldie but goodie). While I’m at it, here’s a link to the McAfee Conficker Detection Tool ETL mentioned. Microsoft also has some anti-Conficker group policies that might help.

Also, what ETL said. There are several removal tools that might help you.

Probably an unpatched PC with USB access and no AV…

To get rid of it rapidly:

  • Run a script to keep people’s account unlocked. Otherwise they won’t be able to work. (if you are in an AD environment)
  • Then use McAfee Conficker Detection Tool (or equivalent) to find the infected machines.
  • Use Bit Defender Conficker Removal Tool to fix up the machines.

Leave a Reply

Your email address will not be published.