puzzling conficker worm issue
Hello,
I have several windows 2003 svc pack 2 systems with latest patches including ms08-067. I tried running symantec D.exe, MS malicious tool and ran scan from MS online. Conficker is not detected at all, but I keep getting the AT1, AT2,,,,, jobs droped into
my scheduler which results in many runddl32.exe processes. If Conficker is not on systems, how do you suppose this is happening?
tx in advance!
Jack
May 24th, 2012 10:51am
Run
http://www.sophos.com/en-us/products/free-tools/conficker-removal-tool.aspx
If it find nothing then it's another problem.MCP | MCTS 70-236: Exchange Server 2007, Configuring
Free Windows Admin Tool Kit Click here and download it now
May 24th, 2012 10:17pm
Run
http://www.sophos.com/en-us/products/free-tools/conficker-removal-tool.aspx
If it find nothing then it's another problem.MCP | MCTS 70-236: Exchange Server 2007, Configuring
May 24th, 2012 10:25pm
Hi Jack,
Thank you for the post.
Please ensure KB958644 installed on your server and read KB962007 to know virus conficker more details. I suggest you run Microsoft Safety Scanner scan your system with server disable NIC connection.
http://support.microsoft.com/kb/958644
http://support.microsoft.com/kb/962007
http://www.microsoft.com/security/scanner/en-us/default.aspx
If there are more inquiries on this issue, please feel free to let us know.
RegardsRick Tan
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
May 25th, 2012 12:54am
Hi Jack,
Thank you for the post.
Please ensure KB958644 installed on your server and read KB962007 to know virus conficker more details. I suggest you run Microsoft Safety Scanner scan your system with server disable NIC connection.
http://support.microsoft.com/kb/958644
http://support.microsoft.com/kb/962007
http://www.microsoft.com/security/scanner/en-us/default.aspx
If there are more inquiries on this issue, please feel free to let us know.
RegardsRick Tan
TechNet Community Support
May 25th, 2012 1:03am
Hi,
I ran the Sophos tool and it came back clean and did apply the 958644 patch and ran the MS security scanner with no virus found. did not apply all steps in 962007 yet, as checking that it wont present issues in the environment first.
1 - SEP still catching/deleting downadup.b
2 - Same exact time as 1, there is a new task inserted into scheduled tasks.
Plx let me know if other thougths on this.
tx
Free Windows Admin Tool Kit Click here and download it now
June 8th, 2012 12:21pm
Try suggestions from following articles
Stop Conficker from spreading by using Group Policy
http://www.symantec.com/connect/articles/stop-conficker-spreading-using-group-policy
Prevent Conficker/Downadup From Bothering You
http://savemybutt.com/prevent-confickerdownadup-bothering/Press any key... What the ... Where's any key ?
This posting is provided "AS IS" with no warranties or guarantees and confers no rights.
About Me ?
June 8th, 2012 12:40pm