how to remove Win32/Confiker.AA worm from network computers

hello,

We have a serious issue in our company with this worm, We use Eset 32 4 antivirus server-client the problem is that for a couple of months almost every 2-3 hours the client antivirus in each ps in network catches this warm and quarantine it . Obviously it still exist somewhere in network and continue to spread all the time . My question is how it could be totaly removed from our network ?? can i do it from server eset 32 or there is any spesific tool to scan all the network and find out in which pc it exist and remove it

 

Have you carried out all instructions mentioned in this KB article to prevent Conficker from propagating over network?

 

No i didi't !! it means that i have to do it in each pc in nerwork i thouth if maybe there is any way to do it from the server to clean all the network so not to do it in each pc in my lan??

 

you can use nmap to find the rotten apples, instructions here

 

sorry if my questions is a little noob but i am a little comfused . Well we have a domain with about 100 pc in a single lan , what should i put in [targetnetwork]
?? the domain name? or i guess i put the network address like 192.168.2.0/24

 

its:

nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 192.168.2.0-24