• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Conficker & other varients have crippled my network

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Viruses // Worms

View previous topic :: View next topic  
Author Message
mieko1970
Just Arrived
Just Arrived


Joined: 29 Jul 2009
Posts: 0


Offline

PostPosted: Wed Jul 29, 2009 1:46 am    Post subject: Conficker & other varients have crippled my network Reply with quote

Hello everybody !

This may be a little lengthy so i'll start from the beginning.

About 3 weeks ago my ISP shut off my connection and when i phoned in to find what the problem was the security department informed me that i was broadcasting a conficker variant.
Of course i was quite taken back as i'm pretty careful and that it punched through my firewall and security.

So i downloaded the microsoft malware removal tool and anti-virus updates disconnected all the pc's from the network and proceeded to disinfect all the pc's. All clear.... so i thought.

Last week, all my pc pretty much at the same time registered another
conficker attack. Again i cleaned them all out but this is where it get weird.

I tried to get back on to the internet and for some odd reason the DHCP
was blocked and bypassed to a Automatic Private IP which would come
up as a Class 2 IP which would be either a spam site or a blackhole server (clearly spoofed).

I ran all the tools again and nothing came up... Now it get REAL strange.

Figuring that something is buried real deep in my systems, i disconnected
them all from the network and began wiping the drives and re-installing windows.

Tried to then access the internet (both behind a router and direct modem
connection) and the same thing, DHCP was blocked and bypassed to a Automatic Private IP.

I tried different hard drives and multiple window reinstalls on all the pc's
and it's the same thing.

Tried to manually entering the current assigned IP. No result

Figuring i may be targeted by MAC Address (Since i can still use wifi on one of the laptops to access a hotspot) i proceeded to spoof the MAC addresses. No result.

Now all the PC's are fine in a closed network with all ip's being assigned
by the router but the moment it is connected to the modem the same problem begins again.

I've talked to several IT tech friends and they figure along what i'm thinking. Somehow my workstations are being targeted by MAC address
and these lowlifes are using the immediate IP subnet range to find them.

I'm figuring i have to try to get my ISP to reassign me into a whole new subnet or be forced to swap out all the motherboards and start again.

Any thoughts or suggestions would be gratefully accepted.

Mieko Smile
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Viruses // Worms All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register