What is the most effective means to locate Conficker contaminated PCs in firm networks from another location?

What is the most effective means from another location to locate Conficker contaminated PCs in company/ISP networks?

0
2019-05-19 00:02:32
Source Share
Answers: 5

There is a Python device called SCS that you can release from your workstation, and also you can locate it below : http://iv.cs.uni-bonn.de/wg/cs/applications/containing-conficker/

It goes in this manner on my workstation :

Usage:
scs.py <start-ip> <end-ip> | <ip-list-file>

[email protected]:~/Escritorio/scs$ python scs.py 10.180.124.50 10.180.124.80

----------------------------------
   Simple Conficker Scanner
----------------------------------
scans selected network ranges for
conficker infections
----------------------------------
Felix Leder, Tillmann Werner 2009
{leder, werner}@cs.uni-bonn.de
----------------------------------

No resp.: 10.180.124.68:445/tcp.
10.180.124.72 seems to be clean.
10.180.124.51 seems to be clean.
10.180.124.70 seems to be clean.
 10.180.124.53 seems to be clean.
10.180.124.71 seems to be clean.
 10.180.124.69 seems to be clean.
10.180.124.52 seems to be clean.
No resp.: 10.180.124.54:445/tcp.
No resp.: 10.180.124.55:445/tcp.
No resp.: 10.180.124.61:445/tcp.
No resp.: 10.180.124.56:445/tcp.
No resp.: 10.180.124.57:445/tcp.
No resp.: 10.180.124.58:445/tcp.
No resp.: 10.180.124.60:445/tcp.
No resp.: 10.180.124.67:445/tcp.
No resp.: 10.180.124.62:445/tcp.
No resp.: 10.180.124.63:445/tcp.
No resp.: 10.180.124.64:445/tcp.
No resp.: 10.180.124.65:445/tcp.
No resp.: 10.180.124.66:445/tcp.
No resp.: 10.180.124.76:445/tcp.
No resp.: 10.180.124.74:445/tcp.
No resp.: 10.180.124.75:445/tcp.
No resp.: 10.180.124.79:445/tcp.
No resp.: 10.180.124.77:445/tcp.
No resp.: 10.180.124.78:445/tcp.
No resp.: 10.180.124.80:445/tcp.
0
2019-12-02 00:45:41
Source

OpenDNS will certainly advise of PCs it assumes are contaminated. Although as splattne claimed, MSRT is more than likely the most effective alternative.

0
2019-05-21 11:02:58
Source

This web page has great deals of valuable sources, consisting of a fast aesthetic recap of whether you are contaminated ...

http://www.confickerworkinggroup.org/wiki/

0
2019-05-21 10:44:32
Source

The most recent variation of nmap has the capacity to identify all (existing) versions of Conficker by identifying the or else virtually unseen adjustments that the worm makes to the port 139 and also port 445 solutions on contaminated equipments.

This is (AFAIK) the most convenient means to do a network based check of your entire network without seeing each equipment.

0
2019-05-21 10:16:15
Source

Run Microsoft is Malicious Software Removal device . It is a stand - alone binary that serves in the elimination of widespread destructive software program, and also it can aid remove the Win32/Conficker malware family members.

You can download and install the MSRT from either of the adhering to Microsoft Web websites:

Read this Micosoft assistance write-up: Virus alert about the Win32/Conficker.B worm

UPDATE:

There is this website which you can open. It needs to offer a caution if there suggests conficker on the equipment: http://four.cs.uni-bonn.de/fileadmin/user_upload/werner/cfdetector/

I virtually neglected to state this really wonderful "aesthetic" strategy: Conficker Eye Chart (I'm not exactly sure if it will certainly operate in the future with changed variation of the infection) - I'm not exactly sure if it still functions effectively (upgrade 06/ 2009):

If you can see all 6 images in both rows of the leading table, you are either not contaminated by Conficker, or you might be making use of a proxy web server, in which instance you will certainly not have the ability to utilize this examination to make an exact resolution, given that Conficker will certainly be incapable to obstruct you from watching the AV/security websites.

Network Scanner

eEye is Free Conficker Worm Network Scanner:

The Conficker worm makes use of a selection of strike vectors to send and also receive hauls, consisting of: software program susceptabilities (as an example MS08 - 067), mobile media tools (as an example USB thumb drives and also disk drives), along with leveraging endpoint weak points (as an example weak passwords on network - made it possible for systems). The Conficker worm will certainly additionally generate remote accessibility backdoors on the system and also effort to download and install added malware to more contaminate the host.

Download and install below: http://www.eeye.com/html/downloads/other/ConfickerScanner.html

Look additionally at this source (" network scanner"): http://iv.cs.uni-bonn. de/wg/cs/applications/containing-conficker/. Look for "Network Scanner" and also, if you are running Windows:

Florian Roth has actually assembled a Windows variation which is readily available for download from his website [straight link to whiz - download ] .

0
2019-05-21 09:52:51
Source