Hello,
Work on the Plan of Action as given below for a 100% result.
Plan of Action:
1) Make sure ALL Computers are installed with Symantec EP with latest / updated with virus defintions and
2) Install MS08-67 patch download [KB 958644] on ALL computer.
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
3) Install ALL Latest Microsoft Secuirty Patches / Sevice Packs on ALL machines
4) Disable Auto play with GPO
http://support.microsoft.com/kb/953252
5) Disable Scheduled Tasks with GPO
http://support.microsoft.com/kb/310208
6) Enable Security Auditing with GPO
http://support.microsoft.com/kb/300549
7) Scan ALL the machines...
8) Enable Risk Tracer
http://www.symantec.com/docs/TECH102539
NOTE: Risk Tracer relies upon the Windows File and Printer Sharing and The SEP client Network Threat Protection (NTP) feature must be installed for Risk Tracer to function fully.
Incase, we don't have Network Threat Protection Installed on Machines, then we could try NMAP (http://insecure.org/)
NOTE 2 : *ALL means ALL client machines and server machines (make sure you don't miss any machine)
Inaddition to this, please check the Article provided below and work upon the same.
1) Best Practice for Downadup.B and Additional information on the same.
https://www-secure.symantec.com/connect/articles/best-practice-downadupb-and-additional-information-same
2) Simple steps to protect yourself from the Conficker Worm
http://www.symantec.com/docs/TECH93179
3) MS-KB on the removal process/best practice of w32.downadup.B
http://support.microsoft.com/kb/962007
4) MS08-67 patch download [KB 958644]
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
5) Security Response blog: "Downadup: Locking Itself Out"
https://forums.symantec.com/t5/blogs/blogarticlepage/blog-id/malicious_code/article-id/243
Similar Threads:
https://www-secure.symantec.com/connect/forums/w32downadupb-how-could-you-find-source-if-there-are-1k-infected
https://www-secure.symantec.com/connect/forums/w32downadupb-5
https://www-secure.symantec.com/connect/forums/account-lockdown-pertaining-domain-controller
Hope that helps!!