How to detect, kill and prevent conficker on a network?

Discussion in 'malware problems & news' started by hankach, Apr 15, 2009.

Thread Status:
Not open for further replies.
  1. hankach

    hankach Registered Member

    Joined:
    Nov 22, 2004
    Posts:
    61
    Hello everybody,

    After being infected i tried using the enigma conficker remover tool, which first cleaned my system, the problem is that after i got connected to a computer on the network or maybe having used a flash disk, the worm reappeared again on my computer as well as on other network computers and had regenerated under different (xxx.exe)

    After the cleaning, my browsers are not connecting to internet no more , how can i fix that please?

    What are the softwares to use in order to clean all network computers and prevent recent trojans and worms in the future, despite the use of spybot,super antispyware,NAV etc..

    I appreciate very much your help to solve this problem .Thank you
     
  2. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,910
    Location:
    U.S.A.
  3. hankach

    hankach Registered Member

    Joined:
    Nov 22, 2004
    Posts:
    61
    i will check that and revert , what about the internet connection i cant connect to the internet should it work after using the tool?
     
  4. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,910
    Location:
    U.S.A.
    hankach, the fact that conficker replicated itself could mean you still have it somewhere in the Network. Run the tool. If the Internet connection is still not there, please give more details about browsers, OS, your network, etc., so someone with that expertise can reply.
     
  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    I'll address only the third item: prevention.

    Patch your systems.
    Use basic firewall.
    Don't let users execute random crap on their machines.
    Optionally disable autorun feature on removable drives.

    Mrk
     
  6. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Sound Advice.

    Time for users to realize that on the networks they are walking thru some bad neighborhoods along the way, and all it takes is a some real threat hurled your way to make you change your paths to a more safe and less aggressive one.
     
  7. hankach

    hankach Registered Member

    Joined:
    Nov 22, 2004
    Posts:
    61
    Guys thank you all for your concern and advices!

    The connection worked after cleaning using Windows malicious removal tool.

    Can anyone please advice if it's normal to have 8 svchost.exe running in my processes by System,Local service and network service?? cause i've read somewhere it could be caused by conficker, if so how to fix it ?

    Thank you again !
     
  8. EsoxLucius

    EsoxLucius Registered Member

    Joined:
    Oct 27, 2006
    Posts:
    125
    Location:
    Bucharest, Romania
    It's not courtesy to me it's courtesy to BitDefender, I'm just bringing some news and tools when necessary.

    @hankach

    Did you use the network tool from bitdefender or something else? The fact the connection isn't available could also occur because of this tool. After cleaning you should always restart, even if you don't have conficker infections. :ninja:
     
  9. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,910
    Location:
    U.S.A.
    And that's why I gave you the credit! :) Thank you for sharing knowledge.
     
  10. hankach

    hankach Registered Member

    Joined:
    Nov 22, 2004
    Posts:
    61
    How can i fix the 8 svchost.exe running in my processes by System,Local service and network service ?

    Should i post a new thread subject ?

    I appreciate your help on that!
     
  11. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,910
    Location:
    U.S.A.
    hankach, just because you have 8 svchost.exe's running, does not mean they are nefarious in any way. I have 9 running in my PC at the moment and they are all legit.

    Using Process Explorer, you'll be able to see the relationship of each individual svchost to a service in your PC.

    This article: What is svchost.exe And Why Is It Running? might aid you in understanding what they are all about. Hope this helps.
     
  12. hankach

    hankach Registered Member

    Joined:
    Nov 22, 2004
    Posts:
    61
    I thought it worth to worry about , thank you much for your assistance!
     
  13. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,910
    Location:
    U.S.A.
    hankach, you are welcome! Keep using Process Explorer to check on those svchosts from time to time. Take care.
     
Loading...
Thread Status:
Not open for further replies.