کد:
http://msmvps.com/blogs/harrywaldron/archive/2009/01/27/conficker-cleaning-tips-for-corporate-users.aspx
Conficker - Cleaning Tips for Corporate Users
HOW TO CLEAN CONFICKER INFECTIONS IN THE CORPORATE ENVIRONMENT
1.
Research the malware threat thoroughly. Determine how it attacks systems and the best approach for cleaning. Check several sources to learn as much as possible prior to cleaning.
Conficker will actually apply the MS08-067 patch in MEMORY ONLY, so the best way to find infected PC/Servers is to look for high port 445 activity with a sniffer
2. Corporately, and even for home users it's always a good practice to
SHUT DOWN the infected system, unplug it from the network, and stop using it completely.
3. Instead, work with the system while it is off the network. It's recommend to
burn a CD or DVD from a clean non-infected source or use a lab environment that's isolated from main network. Cleaning tools that can be used include
MS08-067 patch and
multiple standalone cleaners (F-Secure, MSRT, other tools). A CD is safer than USB due to the AUTORUN risks.
4. Bring the system back online after it's isolated from the main network. Then
use up-to-date Anti-Virus software to scan for additional malware. If the AV Product doesn't offer good rootkit detection capabilities consider downloading F-Secure's Blacklight RK detector or other similar tools. Anti-Spyware and other malware detection products should be run to ensure the system is as clean as possible.
5.
If you find additional malware, evaluate it thoroughly. While a Conficker infection alone can be cleaned without the need to rebuild the system, additional malware infections received while the system was infected need to be evaluated in terms or damages and how successfully they can be cleaned. In some cases, it may be beneficial to rebuild
6. After cleaning Conficker,
install the MS08-067 patch before returning the PC or Server online.
7. After installing the MS08-067 patch, it's critical to
REBOOT the system, so that the patch becomes operational prior to bringing the PC or server back to the network environment.
8. Finally, if you have
weak passwords, open network shares, or the AUTORUN issues with removable media - it's important to strengthen these areas to prevent future attacks. Otherwise, Conficker or other malware could continue to reinfect vulnerable servers/PCs until the root cause is properly addressed.
9.
Log all infected servers and workstations that were cleaned for future reference
10.
Re-evaluate the formally infected systems periodically to ensure their defenses are holding up. Use network sniffers, IDS, AV software and other tools to carefully monitor inbound and outbound traffic
----------------------------------------------------------------------------------------------------------------------------------------------
کد:
http://www.microsoft.com/security/malwareremove/default.aspx
Malicious Software Removal Tool
The Microsoft Windows Malicious Software Removal Tool checks computers running Windows 7, Windows Vista, Windows XP, Windows 2000, and Windows Server 2003 for infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom—and helps remove any infection found.
When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed.
Microsoft releases an updated version of this tool on the second Tuesday of each month, and as needed to respond to security incidents. The tool is available from
Microsoft Update, Windows Update and the
Microsoft Download Center.
Note The version of the tool delivered by Microsoft Update and Windows Update runs in the background and then reports if an infection is found. To run this tool more than once a month, use the version on this Web page or install the version that is available in the Download Center.
Because computers can appear to function normally when infected, it's a good idea to run this tool regularly even if your computer seems to be fine. You should also use
up-to-date antivirus software to help protect your computer from other malicious software.
To download the latest version of this tool, visit the
Microsoft Download Center.
You can also perform an online scan of your computer using the Windows Live safety scanner.
Get a Free Safety Scan
To scan your computer for malicious and potentially unwanted software from a Web site, click:
Windows Live safety scanner.
Windows Live safety scanner is an online service that you can use for free spyware removal. Use it to scan your computer to help protect, clean, and keep your computer running at its best. Use the free scan to check for and remove viruses, spyware, and other potentially malicious software and to find vulnerabilities or shortcomings in your Internet security.
Protect Your PC
To help protect your computer against a wide variety of security threats, see
Protect your PC.
Download
کد:
http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
--------------------------------------------------------------------------------------------------------------------------------------
McAfee Conficker Remove Tool
http://vil.nai.com/vil/conficker_sti....I.N.G.E.R.exe