Win32\conficker.aa

Discussion in 'ESET NOD32 Antivirus' started by rkhodjaev, Jan 8, 2009.

Thread Status:
Not open for further replies.
  1. rkhodjaev

    rkhodjaev Registered Member

    Joined:
    Jan 8, 2009
    Posts:
    5
    Hi All!
    I have a big problem in my network.My servers have viruses - Win32\Conficker.AA and i dont know how to delete them.My domain's users' become lockout out (i did it in GPO,that in 5 wrong typing password,user have to lockout).All my network Share folders and network softwares dont work.User's cant log in domain (in their pcs)....
    I have official NOD 3.6.50,nod finds,but doesnt delete the file.I see wrong file in this path windows\system32\gfgsdf.dll,but cant delete.I used about 3-4 Antivirus Softwares,i scanned servers on Safe Mode,but it doesnt work.So how should i delete these viruses from my servers and clients.

    P.S. + i downloaded WindowsServer2003-KB958644-x86-ENU.exe from microsoft.com,all share folders work.But viruses still alive and make connections,coz of these users' accounts bloking.....

    Can u give me some advices?
     
  2. DameSlap

    DameSlap Registered Member

    Joined:
    Jul 20, 2004
    Posts:
    10
    Location:
    SouthWest UK
    Hate to say it Rk but right now, I'm not convinced there is an answer to this one.

    We've been working on this (in a huge organisation) for three days now. It's everywhere and our machines all had MS08-067 and latest McAfee updates before it arrived. Lot's of bods been working directly with McAfee and there is a rumour of an update on Monday that will finally sort this out, but we've been promised that for the two previous updates.

    If your requirement is personal / not too critical, you could try the free cleansing tool available from F-Secure (http://www.f-secure.com/v-descs/worm_w32_downadup_al.shtml) but it comes with lots of caveats to warn that it may wreck your system, so we can't afford to use it on production servers.

    Best o' luck
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    V3 / v4 should now be able to remove Conficker. When found in memory, you should be prompted to restart the computer so that the worm can be cleaned out completely.
     
  4. rkhodjaev

    rkhodjaev Registered Member

    Joined:
    Jan 8, 2009
    Posts:
    5
    DameSlap
    Marcos
    THANKS,buddies!
    Now i know many things about this virus,it gives me hopes,that i can clean many things,i downloaded and now scaning with this tool "fsmrt.exe"
    Nod,hasnt donwload yet,my version is 3.0.650. and i have new database signature - 3756.
    By the way,i have to clean then install MS08-067 or before that,i have to install? should i do everythings without network connections?
     
  5. rkhodjaev

    rkhodjaev Registered Member

    Joined:
    Jan 8, 2009
    Posts:
    5
    i found this ,and it works now
    I will let you know about result! I hope i can delete virus' from my netwotk computers!
     
    Last edited by a moderator: Jan 12, 2009
  6. kiwi_nz

    kiwi_nz Registered Member

    Joined:
    Oct 19, 2008
    Posts:
    1
    Yes, we have the conficker.a problem here across out network.
    Have tried fsmrt.exe and FixDownadup.exe with no success.
    Have v3.0.672 with 3757 20090111 updates.

    Have servers with services stopping and other random popups on client PC's.

    Has anyone seen a fix or repair for this as yeto_O?

    thanks

    Bruce
     
  7. rkhodjaev

    rkhodjaev Registered Member

    Joined:
    Jan 8, 2009
    Posts:
    5
    kiwi_nz
    try to use BitDefender from here!
    which services do u mean? Do u know which services use - System Restore on Windows Server 2003? I mean how to disable this procces(to stop Stop System Restore).
     
  8. Aca

    Aca Registered Member

    Joined:
    Sep 19, 2007
    Posts:
    3
    One of me clients have Win32\conficker.E

    He installed MS08-67 patch and cleaned computes from safe mod.
    He said that that did the trick.
     
  9. rkhodjaev

    rkhodjaev Registered Member

    Joined:
    Jan 8, 2009
    Posts:
    5
    Aca
    Yeah,it works but not for W2k and w2k3.+ sometimes this virus appers on XP too.So how to delete them from w2k and w2k3,and why some times appers on XP?Does anybody know?
     
  10. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    What I know for sure is, almost all the infections are of Windows XP machines. So not "sometimes on XP too" as stated by you. :rolleyes:
     
  11. Rmuffler

    Rmuffler Former Eset Moderator

    Joined:
    Jun 26, 2008
    Posts:
    995
    Location:
    San Diego, CA USA
Thread Status:
Not open for further replies.