Conficker & other varients have crippled my network

Networking/Security Forums -> Viruses // Worms

Author: mieko1970 PostPosted: Wed Jul 29, 2009 1:46 am    Post subject: Conficker & other varients have crippled my network
    ----
Hello everybody !

This may be a little lengthy so i'll start from the beginning.

About 3 weeks ago my ISP shut off my connection and when i phoned in to find what the problem was the security department informed me that i was broadcasting a conficker variant.
Of course i was quite taken back as i'm pretty careful and that it punched through my firewall and security.

So i downloaded the microsoft malware removal tool and anti-virus updates disconnected all the pc's from the network and proceeded to disinfect all the pc's. All clear.... so i thought.

Last week, all my pc pretty much at the same time registered another
conficker attack. Again i cleaned them all out but this is where it get weird.

I tried to get back on to the internet and for some odd reason the DHCP
was blocked and bypassed to a Automatic Private IP which would come
up as a Class 2 IP which would be either a spam site or a blackhole server (clearly spoofed).

I ran all the tools again and nothing came up... Now it get REAL strange.

Figuring that something is buried real deep in my systems, i disconnected
them all from the network and began wiping the drives and re-installing windows.

Tried to then access the internet (both behind a router and direct modem
connection) and the same thing, DHCP was blocked and bypassed to a Automatic Private IP.

I tried different hard drives and multiple window reinstalls on all the pc's
and it's the same thing.

Tried to manually entering the current assigned IP. No result

Figuring i may be targeted by MAC Address (Since i can still use wifi on one of the laptops to access a hotspot) i proceeded to spoof the MAC addresses. No result.

Now all the PC's are fine in a closed network with all ip's being assigned
by the router but the moment it is connected to the modem the same problem begins again.

I've talked to several IT tech friends and they figure along what i'm thinking. Somehow my workstations are being targeted by MAC address
and these lowlifes are using the immediate IP subnet range to find them.

I'm figuring i have to try to get my ISP to reassign me into a whole new subnet or be forced to swap out all the motherboards and start again.

Any thoughts or suggestions would be gratefully accepted.

Mieko Smile



Networking/Security Forums -> Viruses // Worms


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group