Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1659 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Infected With Confiker A and D - Unable to get rid of it

ITSUAC

Hello,

We have been using Sophos Enterprise Console and Endpoint security for sometime protecting all of our domain computers. However the last few weeks we have been overrun by the Confiker-A and Confiker-D Viruses. Sophos is picking them up and saying its cleaned them but they keep coming back on the same machines and even appearing on new machines. We have followed all of microsofts instructions and the pcs have the hotfix KB958644 and also tried differet wways of removing the virus but it is still bein persistent. Has anyone had the same problem and if so how can we get rid of it once and for all?

Many Thanks

James

:2815


This thread was automatically locked due to age.
Parents
  • 0

    Hi James,

    Thanks for posting on the forums. Have you tried the following two articles:

    http://www.sophos.com/support/knowledgebase/article/51169.html

    http://www.sophos.com/support/knowledgebase/article/61259.html

    The first describes how Conficker works, spreads, the best scanning options and how to remove it from the network. The second article shows various methods to track the source of the infection.

    I can guarantee that there'll be unprotected* machines on your network that the running and executing the Conficker virus and therefore allowing it to spread

    Note that the patch is extremely important, without it, the virus will be able to inject straight into the memory space of svchost.exe

    I hope this helps,

    Andy

    * examples of unprotected machines = Sophos not installed, the on-access not set to on-read, or disabled, the machine is out of date, etc

    :2818
Reply
  • 0

    Hi James,

    Thanks for posting on the forums. Have you tried the following two articles:

    http://www.sophos.com/support/knowledgebase/article/51169.html

    http://www.sophos.com/support/knowledgebase/article/61259.html

    The first describes how Conficker works, spreads, the best scanning options and how to remove it from the network. The second article shows various methods to track the source of the infection.

    I can guarantee that there'll be unprotected* machines on your network that the running and executing the Conficker virus and therefore allowing it to spread

    Note that the patch is extremely important, without it, the virus will be able to inject straight into the memory space of svchost.exe

    I hope this helps,

    Andy

    * examples of unprotected machines = Sophos not installed, the on-access not set to on-read, or disabled, the machine is out of date, etc

    :2818
Children
No Data
Unfiltered HTML