+ Post New Thread
Results 1 to 7 of 7
Windows Thread, any ideas? in Technical; I have come in this morning after not a good monday to find all hell breaking loose! My log on ...
  1. #1
    neon's Avatar
    Join Date
    Apr 2009
    Location
    Market Harborough
    Posts
    222
    Thank Post
    7
    Thanked 22 Times in 20 Posts
    Rep Power
    14

    any ideas?

    I have come in this morning after not a good monday to find all hell breaking loose!

    My log on scripts dont work is the main one, we have had a new photocopier with account tracking, the nice people at konica came and set it up, however since this my logon script is causing a error (please see attached) also looks like the conflicker virus has come back as people cannot get to the server and some can? am i right in thinking the conflicker virus is a DoS attack? does anyone have a definate way to get rid of it? have e-mailed and rang symantec but they tell me tp consult the website... useless.

  2. #2
    danrhodes's Avatar
    Join Date
    Sep 2008
    Location
    Wath Upon Dearne
    Posts
    1,513
    Thank Post
    157
    Thanked 181 Times in 150 Posts
    Rep Power
    68
    Only way to really erradicate would be to re-ghost I'd say if it keeps coming back. You don't want that flying around your network.

    D

  3. #3
    neon's Avatar
    Join Date
    Apr 2009
    Location
    Market Harborough
    Posts
    222
    Thank Post
    7
    Thanked 22 Times in 20 Posts
    Rep Power
    14
    sorry forgot to attach error :S
    Attached Images Attached Images

  4. #4

    Join Date
    Nov 2008
    Posts
    41
    Thank Post
    8
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by neon View Post
    looks like the conflicker virus has come back ... does anyone have a definate way to get rid of it? have e-mailed and rang symantec but they tell me tp consult the website... useless.
    In the short run, download KKiller (a Kaspersky tool) to kill off conficker on each workstation. Funnily enough, it's much better than Kaspersky AV itself. I run it as a scheduled task on my Windows servers and use it to disinfect workstations.

    Another thing you can do is block conficker's command-and-control by looking in your server logs for URLs like this one:

    http://221.7.91.31/search?q=227

    and blocking them. I use a rule in my squid config to do this: I'm sure other proxies will do the same. It looks a bit like a Google search URL with the ?q= part but it only ever uses IP addresses, so the rule blocks those with search?q=nnn appended.

    HTH, good luck.

    (Another thing I meant to say: download Microsoft Security Essentials and schedule updates with this tool if you're not using WSUS:

    http://lifehacker.com/5406683/mse-up...windows-update

    Long-winded but works better than the commercial AV imo.)

    --
    Simon
    Last edited by m0nty; 16th March 2010 at 11:04 AM.

  5. #5

    Join Date
    Jan 2010
    Location
    North Yorkshire
    Posts
    77
    Thank Post
    0
    Thanked 16 Times in 14 Posts
    Rep Power
    16
    Quote Originally Posted by m0nty View Post
    (Another thing I meant to say: download Microsoft Security Essentials and schedule updates with this tool if you're not using WSUS:

    MSE Update Utility Keeps Security Up to Date Without Windows Update - Microsoft security essentials - Lifehacker

    Long-winded but works better than the commercial AV imo.)

    --
    Simon
    As far as I understand it MSE is for home use only, not schools. So be careful where you use it.

  6. #6

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,156
    Thank Post
    116
    Thanked 529 Times in 452 Posts
    Blog Entries
    2
    Rep Power
    124
    Quote Originally Posted by neon View Post
    sorry forgot to attach error :S
    Looks like you're trying to unmap a drive which isn't currently mapped.

    The "tidy" way to fix that is to enumerate network drives and only unmap if they're not already mapped. The way to get it working now is to stick "on error resume next" before the unmap section - the error will happen but no-one will see and this buys you time to fix things properly.

    The other thing to do is to make sure your login scripts run with cscript (rather than wscript which is what you are using)

    the benefit of this is that error messages etc are not done in message boxes (which confuse users and need "OK" clicking) but just written to the console (where users will ignore them but everything will just work :-))

  7. #7
    jahbulon's Avatar
    Join Date
    Dec 2008
    Location
    England
    Posts
    31
    Thank Post
    6
    Thanked 2 Times in 2 Posts
    Rep Power
    12
    There are lots of conficker threads on this site already- worth your time checking.

    We got hit with it Jan '09- took down everything e.g. because of its constant attacks on the administrator account eventually everyone's accounts got disabled automatically by the AD.

    Besides all of the problems it causes the single all-conquering best thing to do is to update your images and implement a mass reimaging plan. We had our staff told that the internet would be out of use for a couple of weeks, ofc this is in the most dire of situations.

    If you can catch it in isolated areas- then disconnect those machines, sort them out while windows updating all the non-infected. This whole experience has caused me to use WSUS much more regularly!

    We haven't had a take down of any sorts for over a year now Good luck.

SHARE:
+ Post New Thread

Similar Threads

  1. old pc ideas
    By mossj in forum General Chat
    Replies: 12
    Last Post: 23rd April 2009, 08:44 AM
  2. Ideas please
    By salan in forum Windows
    Replies: 2
    Last Post: 9th September 2008, 12:10 PM
  3. Any ideas?
    By Edu-IT in forum Windows
    Replies: 9
    Last Post: 23rd November 2007, 05:38 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •