how to remove Win32/Confiker.AA worm from network computers

Discussion in 'ESET NOD32 Antivirus' started by chriskaza81, Jun 2, 2011.

Thread Status:
Not open for further replies.
  1. chriskaza81

    chriskaza81 Registered Member

    Joined:
    Jun 2, 2011
    Posts:
    3
    hello,

    We have a serious issue in our company with this worm, We use Eset 32 4 antivirus server-client the problem is that for a couple of months almost every 2-3 hours the client antivirus in each ps in network catches this warm and quarantine it . Obviously it still exist somewhere in network and continue to spread all the time . My question is how it could be totaly removed from our network ?? can i do it from server eset 32 or there is any spesific tool to scan all the network and find out in which pc it exist and remove ito_O
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Have you carried out all instructions mentioned in this KB article to prevent Conficker from propagating over network?
     
  3. chriskaza81

    chriskaza81 Registered Member

    Joined:
    Jun 2, 2011
    Posts:
    3
    No i didi't !! it means that i have to do it in each pc in nerworko_O i thouth if maybe there is any way to do it from the server to clean all the network so not to do it in each pc in my lan??
     
  4. nonoise

    nonoise Registered Member

    Joined:
    Jun 6, 2008
    Posts:
    322
    you can use nmap to find the rotten apples, instructions here
     
  5. chriskaza81

    chriskaza81 Registered Member

    Joined:
    Jun 2, 2011
    Posts:
    3
    sorry if my questions is a little noob but i am a little comfused . Well we have a domain with about 100 pc in a single lan , what should i put in [targetnetwork]
    ?? the domain name? or i guess i put the network address like 192.168.2.0/24
     
    Last edited: Jun 3, 2011
  6. nonoise

    nonoise Registered Member

    Joined:
    Jun 6, 2008
    Posts:
    322
    its:

    nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 192.168.2.0-24
     
Thread Status:
Not open for further replies.