How to detect, kill and prevent conficker on a network?

[hankach]

Hello everybody,

After being infected i tried using the enigma conficker remover tool, which first cleaned my system, the problem is that after i got connected to a computer on the network or maybe having used a flash disk, the worm reappeared again on my computer as well as on other network computers and had regenerated under different (xxx.exe)

After the cleaning, my browsers are not connecting to internet no more , how can i fix that please?

What are the softwares to use in order to clean all network computers and prevent recent trojans and worms in the future, despite the use of spybot,super antispyware,NAV etc..

I appreciate very much your help to solve this problem .Thank you

[JRViejo]

hankach, perhaps you want to check out this Network Removal Tool, courtesy of EsoxLucius.

Also, read How to use the removal tools for Network administrators (scroll down the page a bit). Keep us posted.

[hankach]

i will check that and revert , what about the internet connection i cant connect to the internet should it work after using the tool?

[JRViejo]

hankach, the fact that conficker replicated itself could mean you still have it somewhere in the Network. Run the tool. If the Internet connection is still not there, please give more details about browsers, OS, your network, etc., so someone with that expertise can reply.

[Mrkvonic]

I'll address only the third item: prevention.

Patch your systems.
Use basic firewall.
Don't let users execute random crap on their machines.
Optionally disable autorun feature on removable drives.

Mrk

[EASTER]

Sound Advice.

Time for users to realize that on the networks they are walking thru some bad neighborhoods along the way, and all it takes is a some real threat hurled your way to make you change your paths to a more safe and less aggressive one.

[hankach]

Guys thank you all for your concern and advices!

The connection worked after cleaning using Windows malicious removal tool.

Can anyone please advice if it's normal to have 8 svchost.exe running in my processes by System,Local service and network service?? cause i've read somewhere it could be caused by conficker, if so how to fix it ?

Thank you again !

[EsoxLucius]

Quote:

Originally Posted by JRViejo

hankach, perhaps you want to check out this Network Removal Tool, courtesy of EsoxLucius.

Also, read How to use the removal tools for Network administrators (scroll down the page a bit). Keep us posted.

It's not courtesy to me it's courtesy to BitDefender, I'm just bringing some news and tools when necessary.

@hankach

Did you use the network tool from bitdefender or something else? The fact the connection isn't available could also occur because of this tool. After cleaning you should always restart, even if you don't have conficker infections.

[JRViejo]

Quote:

Originally Posted by EsoxLucius

It's not courtesy to me it's courtesy to BitDefender, I'm just bringing some news and tools when necessary.

And that's why I gave you the credit! Thank you for sharing knowledge.

[hankach]

How can i fix the 8 svchost.exe running in my processes by System,Local service and network service ?

Should i post a new thread subject ?

I appreciate your help on that!

[JRViejo]

hankach, just because you have 8 svchost.exe's running, does not mean they are nefarious in any way. I have 9 running in my PC at the moment and they are all legit.

Using Process Explorer, you'll be able to see the relationship of each individual svchost to a service in your PC.

This article: What is svchost.exe And Why Is It Running? might aid you in understanding what they are all about. Hope this helps.

[hankach]

I thought it worth to worry about , thank you much for your assistance!

[JRViejo]

hankach, you are welcome! Keep using Process Explorer to check on those svchosts from time to time. Take care.