Video Screencast Help

Some workstations on my network are infected and others are not with confliker

Created: 23 Feb 2010 • Updated: 26 Aug 2010 | 5 comments

I have 1200 workstations connected on my network.  There are at least 100 workstation that have not been patched with MS08-067.  Out of these only 5 of the workstations keep getting reinfected with the conflicker virus after using the Norton removal tool.  Software that is in use on these machines will not work if MS08-067 is installed.  They are all WinXP machines.  What I would like to know is why only these 5 keep getting reinfected and not the rest of the unpatched workstations.  They all share the same network access.

Comments 5 CommentsJump to latest comment

Vikram Kumar-SAV to SEP's picture

 Once infected then it might have dropped backdoor or rootkits on your system that remains un-detected and keeps re-infecting your system.

This is a very critical patch make sure your system are upto date with atleast windows security patches.

Once a computer is compromised it cannot be trusted because you never know what files did the threat leave behind for opening the backdoor

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Grant_Hall's picture

 I agree with Vikram. My guess is that it is not necessarily something to do with the network at all, but instead a rootkit or something else that is infecting these machines again and again. If I were you I would pull these 5 off the network clean them and then see if they get infected again. This would tell you that it is not another computer on the network. Also it could be spreading via USB so make sure one user isn't infecting just these 5 with a bad USB key.

Cheers
Grant

Please don't forget to mark your thread solved with whatever answer helped you : )

AravindKM's picture

Try by scanning all these PCs in safe mode at a time.Also keep the system restore off. You can also use downadup removal tool for scanning

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

sbertram's picture

Did you look to see if MS08-067 did install on those PCs?
Any errors come up when you installed MS08-067?

Ramji Iyyer's picture

1. Check for antivirus
2. Install SEP
3. Use Complex password for windows login
4. Delete or disable local admin accounts if not requred or do keep weak passwords.
5. Patch the system with MS08-067
6. use fixdowna.exe tool to remove downadup virus.
7. stop all open sharing.

This will stop infecting again & again

Regards...
Ramji Iyyer

Regards...
Ramji Iyyer