• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Conficker - downadup issues

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Viruses // Worms

View previous topic :: View next topic  
Author Message
OCKBA
Just Arrived
Just Arrived


Joined: 29 Mar 2009
Posts: 0


Offline

PostPosted: Sun Mar 29, 2009 11:42 am    Post subject: Conficker - downadup issues Reply with quote

Hello everybody,

I got the conficker worm inside my organization.
symantic worm definition is :
W32.Downadup.a and we got got infected also with .B

what is the issue that the server pop an alert messge informing us
that the worm detected, until now we coludn't trace the source.

Is it possible that the worm propagate when the user turn on his PC.
Question

Is there any trace tools.

I did download the removal tool from both symantec and windows.
I also downloaded the patch form windows.

what is the cure???
Back to top
View user's profile Send private message
ebrola
Just Arrived
Just Arrived


Joined: 17 Oct 2007
Posts: 0
Location: Jacksonville, Fl

Offline

PostPosted: Tue Mar 31, 2009 3:19 pm    Post subject: Reply with quote

I have dealt with infections like this before. It was like we were chasing our tails with the thing. BUT...there is a cure and it is a simple but a time consuming one.

First...download the tools and burn several copies to cds. This will allow you to clean several machines at once and the virus cant spread itself to the cd. This of course should be burned on a clean machine that is not on that site.

Second...unjack every machine/server in the network. if you dont do this you will be chasing your tail...and I assure you only dogs enjoy that.

Third...clean every machine and server with every tool you can find for it and then have the local AV run a full system scan on the local machine. This will ensure every machine is clean as you go.

Forth...when all is clean (we did it twice just to make sure) then jack the the network back together. At this point we ran another clean sweep on every machine just to be sure.

The one we were cleaning was a virus that had come in via an email that the users claimed they didnt open (yea...right) and would get cleaned on the local machine but would have already emailed itself to the entire company address book on boot up.

I hope this helps and good luck!!
Back to top
View user's profile Send private message
malwaresupport
Just Arrived
Just Arrived


Joined: 01 Apr 2009
Posts: 0


Offline

PostPosted: Wed Apr 01, 2009 6:01 pm    Post subject: Well engineered Reply with quote

Yes it is always possible, but chances are not looking good for anyone being able to trace this threat. This worm is well engineered to not be traced.
Back to top
View user's profile Send private message
ryansutton
Trusted SF Member
Trusted SF Member


Joined: 25 Aug 2004
Posts: 67
Location: San Francisco, California

Offline

PostPosted: Thu Apr 02, 2009 6:13 pm    Post subject: Re: Conficker - downadup issues Reply with quote

OCKBA wrote:

Is there any trace tools.


A honeypot inside of a DMZ would be useful as you could monitor for connection and activity trends. Once infected run procmon, ethereal etc.
Back to top
View user's profile Send private message
Godsp3ed
Just Arrived
Just Arrived


Joined: 23 Apr 2009
Posts: 0
Location: Universe

Offline

PostPosted: Sat Apr 25, 2009 5:46 am    Post subject: Reply with quote

follow the instructions in the 2nd post from the link below..

http://www.security-forums.com/viewtopic.php?t=56117&sid=61ea36628319847460f0e309050a2c57
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Viruses // Worms All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register