+ Post New Thread
Page 7 of 9 FirstFirst ... 3456789 LastLast
Results 91 to 105 of 121
Windows Thread, Annoying Virus (confick-E) in Technical; Originally Posted by mullet_man send down Microsoft Malcious Software remover as a startup script. (slows down logging in, but required) ...
  1. #91
    meastaugh1's Avatar
    Join Date
    Jul 2006
    Location
    London/Hertfordshire
    Posts
    890
    Thank Post
    69
    Thanked 85 Times in 70 Posts
    Rep Power
    32
    Quote Originally Posted by mullet_man View Post
    send down Microsoft Malcious Software remover as a startup script. (slows down logging in, but required)
    I didn't find the MS tool to be entirely effective/consisntent. We remoted into the registry of all computers to check svchost registry entry and tidied up accordingly.

  2. #92

    JJonas's Avatar
    Join Date
    Jan 2008
    Location
    North Walsham, Norfolk
    Posts
    3,106
    Thank Post
    386
    Thanked 432 Times in 320 Posts
    Rep Power
    383
    Can I apply the steps from the microsoft article to the default domain policy or is there a chance I might lock myself out.

  3. #93
    meastaugh1's Avatar
    Join Date
    Jul 2006
    Location
    London/Hertfordshire
    Posts
    890
    Thank Post
    69
    Thanked 85 Times in 70 Posts
    Rep Power
    32
    Why do you need to do that? Can't you create a new one? I think it's generally bad practice to make those sorts of changes to the DDP.

  4. #94

    Join Date
    Mar 2009
    Location
    Lancashire
    Posts
    23
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Comes back

    We do keep scanning computers and have all patches on, we are removing it dailey as you know it keeps coming back, we were thinking of going on like this untill the easter break removing it dailey just for it to come back. We were thinking of doing the full cleanup and removal during easter just becuase of the amount of work we don't need the pressure of getting it back up and running fast.

  5. #95
    mullet_man's Avatar
    Join Date
    Oct 2005
    Location
    Oldham
    Posts
    726
    Thank Post
    34
    Thanked 46 Times in 45 Posts
    Rep Power
    26
    I'd start now, rather than the holidays. Its gonna infect all machines, meaning more work.

    If you get on top of it now, you might be able to clean it up within a few days. Also follow the Sophos steps as listed in one of the pages previous.

  6. #96

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Beware if you use this approach as Confick activates on April 1st.

    Slashdot | Researchers Ponder Conficker's April Fool's Activation Date

  7. #97

    Join Date
    Mar 2009
    Location
    Lancashire
    Posts
    23
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    April 1st

    So it activates on april 1st? All this stuff its doing in the meantime I thought it was very much active :P There is another purpose behind just being annoying. We are going to try and start tackeling it right away. Just looking around for the best methods.

  8. #98

    Join Date
    Sep 2007
    Location
    North - UK
    Posts
    65
    Thank Post
    23
    Thanked 5 Times in 4 Posts
    Rep Power
    15
    Edited cause i am superstitious
    Last edited by Roopert; 23rd March 2009 at 01:43 PM.

  9. #99
    gshaw's Avatar
    Join Date
    Sep 2007
    Location
    Essex
    Posts
    2,656
    Thank Post
    164
    Thanked 220 Times in 203 Posts
    Rep Power
    67
    Sophos seems to have blocked one or two flash sticks that have had it on and one PC that got it broke anyway so taken away for rebuild. Haven't spotted anything in the registry on machines yet, WSUS protecting our admin machines and manually ran the 958644 on teaching ones but still paranoid it could be waiting somewhere!

    What did you notice in Wireshark btw, any obvious patterns?

  10. #100

    Join Date
    Jun 2007
    Location
    Lancaster
    Posts
    91
    Thank Post
    4
    Thanked 3 Times in 3 Posts
    Rep Power
    15
    Hi guys,

    could do with a bit of advice regarding this virus, our school has been infected late last week, having spent most of the weekend fighting the virus by disconnecting the network it appeared yesterday and promptly infected every pc that we had disinfected.

    We have followed the MS advice and also sophos, after recieving the virus, and viewing the enterprise console we -

    1. disconnected each device
    2.patched all pcs up MS patch then disconnected each pc from patch lead
    3.did a full sophos scan and disinfected PC (virus was caught in sophos quarantine)
    4.rebooted pc, and (after all network was clean) added each pc back to network.

    to stop the virus we have done -

    1.stopped "task scheduler" through group policy to stop "A*" schedules running
    2.disabled file and print sharing
    3. disbale usb devices and cd/dvd drives to stop virus spreading
    4.stopped autorun on PCs from removable devices

    although we have done all the above the virus appeared again yesterday

    one of many questions we would like answers for is -

    1.if we leave the virus in quarantine what implications would we have if we left it untill april easter?
    (we have already had the occasional account lockouts)

    help would be appreciated

    cheers

    phil

  11. #101
    Crispin's Avatar
    Join Date
    Dec 2008
    Location
    Essex
    Posts
    361
    Thank Post
    76
    Thanked 28 Times in 25 Posts
    Rep Power
    20
    Apologies if this has already been linked to, but here is a conficker cleaning tool provided by BitDefender, for those who can't access sophos.

    Remove Downadup - Removal tool for Downadup (known also as Conficker or Kido)

    Seems like quite a nice tool. Testing in our ICT Suites after school today, although we don't have any infected machines thankfully. Works across the network using AD so you can deploy to all PCs at once.

    cb

  12. #102

    Join Date
    Mar 2009
    Location
    Lancashire
    Posts
    23
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Network one

    Hey the network version. This tool from bit-defender is it safe running it on the server? Dont want it corrupting files as it goes through and deletes infected files. Just some guidance needed, poeple who have had the virus and have ran this tool.
    Last edited by xeroxxe; 25th March 2009 at 09:37 AM.

  13. #103
    meastaugh1's Avatar
    Join Date
    Jul 2006
    Location
    London/Hertfordshire
    Posts
    890
    Thank Post
    69
    Thanked 85 Times in 70 Posts
    Rep Power
    32
    Quote Originally Posted by xeroxxe View Post
    Hey the network version. This tool from bit-defender is it safe running it on the server? Dont want it corrupting files as it goes through and deletes infected files. Just some guidance needed, poeple who have had the virus and have ran this tool.
    It stopped the Server service (to name one) when I ran it one of my servers, so not especially safe running during normal hours, but doesn't seem to have caused any damage. I'd favour manual removal though.

  14. #104

    maniac's Avatar
    Join Date
    Feb 2007
    Location
    Kent
    Posts
    3,055
    Thank Post
    209
    Thanked 429 Times in 309 Posts
    Rep Power
    144
    For anyone interested, here's a technical analysis of how Conficker works and how it spreads.

    An Analysis of Conficker

    Mike

  15. #105

    Join Date
    Jan 2008
    Posts
    172
    Thank Post
    18
    Thanked 10 Times in 9 Posts
    Rep Power
    15
    We have had a couple of instances on conficker here. Can't remember which variant.
    As far as im aware, all machines have 958644 installed, except a couple in WSUS with no status for that update. They are probably old machines that have been removed from the network.

    In both cases of conficker appearing, it has been on a student USB stick. Sophos has caught them both immediatly and deleted the infection. It is auto set to delete any infection on workstations and on-access scanning is set to 'read' mode.

    Auto-Play is disabled via GPO

    How come so many of us are having problems, yet we seem to be fine here? If conficker does appear, it is dealt with swiftly.

    I touching wood atm as it may still all go tits up yet

    I am now about to go through my inventory to make sure AD, WSUS and Sophos are all consistant with each other.

SHARE:
+ Post New Thread
Page 7 of 9 FirstFirst ... 3456789 LastLast

Similar Threads

  1. [Video] Most Annoying Runner Ever
    By mattx in forum Jokes/Interweb Things
    Replies: 1
    Last Post: 13th January 2009, 01:51 PM
  2. Top 10 annoying technologies
    By FN-GM in forum IT News
    Replies: 14
    Last Post: 8th December 2008, 11:05 AM
  3. Annoying thing!
    By chrbb in forum Windows Vista
    Replies: 3
    Last Post: 2nd September 2008, 02:10 PM
  4. Annoying Error Message
    By firefox_2006 in forum Windows
    Replies: 7
    Last Post: 7th April 2007, 08:14 PM
  5. Bloddy annoying
    By GrumbleDook in forum Jokes/Interweb Things
    Replies: 28
    Last Post: 12th July 2006, 01:09 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •