What to expect with Conficker

850 pts.
Tags:
Conficker
Viruses
Some computers that I "support" have come down with conficker and I was wondering what, if any, sort of performance or network issues I will potentially deal with until I am able to remediate the issue.
ASKED: March 26, 2009  5:38 PM
UPDATED: March 27, 2009  12:11 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

Take a look at this guidance from <a href=”http://technet.microsoft.com/en-us/security/dd452420.aspx”>Microsoft on Conficker.A and Conficker.B</a>. You need to get the ms08-067 patch rolled out as soon as you can to your machines. You can use the psexec tool from Sysinternals/Microsoft to distribute the patch if you have an administrative login on the computers.

Put the patch into a folder along with the <a href=”http://live.sysinternals.com/psexec.exe”>psexec.exe</a> tool. Create a text file called <b>computers.txt</b> listing the names of the computers you wish to push the fix to. Create a batch file called something like <b>ms08-067Push.bat</b>

(Please test before rolling this out. I may have missed a command line switch or the syntax may be incorrect) -The content of the <b>ms08-067Push.bat</b> batch file would be something like this:

<b><i>psexec.exe @”c:\documents and settings\MyUserID\desktop\pushfix\computers.txt” -i -c WindowsXP-KB958644-x86-ENU.exe </i></b>

Good luck and if there is a big outbreak on your network, break the internet connection or shutdown the machines until you get them checked. Don’t be afraid to shut things down to get them cleaned up. Then… once you do get things cleaned up and can estimate the time it took… figure out how much you could have saved and look at purchasing a good asset management system like Windows Systems Center Configuration Manager to push out patches and fixes to your devices.

Here’s a good <a href=”http://mtc.sri.com/Conficker/”>autopsy of the Conficker variants</a> and some details to show what to be concerned about.
========================
You can also expect to find accounts on a windows domain seemingly randomly locked out as a byproduct of this virus.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following