NMAP especially checking for conficker virus which named by w32.downadup.B also
Hi All
If your customer got conficker infected, please adivce customer use this tool check the possiblly source of this virus.
to use this tools check conficker issue, then use this command line,
nmap -PN -T4 -p139,445 -n -v --script smb-check-vulns,smb-os-discovery --script-args safe=1 [targetnetworks]
If you can find log generated like below, you may find the source virus in customer side, see, Likely INFECTED....
after you got that likely infected machine download remove tool from this link, due to our remove tool may update, so better provide link to download then fix tool itself in case of it out of date
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99
Host 195.71.58.105 is up (0.00s latency).
Interesting ports on 195.71.58.105:
PORT STATE SERVICE
139/tcp open netbios-ssn
445/tcp filtered microsoft-ds
Host script results:
| smb-os-discovery: Windows 2000
| LAN Manager: Windows 2000 LAN Manager
| Name: WORKGROUP\MINSHENG-F48D33
|_ System time: 2009-08-03 15:19:29 UTC+8
| smb-check-vulns:
| MS08-067: CHECK DISABLED (remove 'safe=1' argument to run)
| Conficker: Likely INFECTED (by Conficker.C or lower)
|_ regsvc DoS: CHECK DISABLED (add '--script-args=unsafe=1' to run)
Regards
Ivan
Comments
Details missing on how to use
Details missing on how to use it.
USE MICROSOFT Latest MRT
USE MICROSOFT Latest MRT TOOL.
AND APPLY MS08-67 SECURITY PATCH .
Sandeep
Would you like to reply?
Login or Register to post your comment.