Today one of our sites overseas was hit by the confickr Trojan. This was unforturante considering that we had been preparing for this for months and felt that we had things under control. The site admins had not followed our advice and were thus treated to a very unpleasant Monday.
Fortunately, we had already put together a doomsday kit which I ftp'ed them as soon as I got to work and got the alert as to their problem.
The kit consisted of 4 parts:
1. The latest Symantec virus definitions in a self extracting, self installing format
2. The executable for MS08-067
3. The Microsoft Malicious Software Removal Tool from February 2009
4. A reg hack to disable the autorun.inf function (a documented Confickr attack vector)
At our shop we burned a bunch of CDs for this just in case we couldn't deliver this with NS or DS. Thank goodness we haven't had to use it.