Provided is a link to a scanner that should detect the presence of the Conficker worm. It comes from a link I trust so I believe it is safe to run on your networks. The tool can scan all the active computers on your network for the worm.
FYI: here is the link threads http://isc.sans.org/diary.html?storyid=6097 http://honeynet.org/node/388 --- Start by downloading http://www.doxpara.com/scs.zip (This is a link from the honeynet.org/node/388 page) to a windows workstation. Once downloaded extract the files. The extracted SCS folder contains another SCS folder. Move the second folder to the root of the C:\ drive so all the files are in C:\SCS Open up a 'Command' prompt type 'c:' type 'cd \scs' Scan the local machine first by typing: 'scanner localhost' The results will show in the window when complete. -- To scan the network, type: 'scs start-ip end-ip >>scslog.txt' where start-ip is the lowest IP address you want to scan (10.147.0.1) end-ip is the highest IP address you want to scan (10.147.0.254) The results will be saved to c:\scs\scslog.txt -- Note: When running 'scs.exe' it takes a long time to scan unassigned IP addresses. I would recommend that if you have a subnet mask of 255.255.0.0 that you run the program several times on ranges that you know have computers. Check your DHCP server and verify the high and low IP addresses that are currently assigned to get your starting place. I would also run against server IP addresses. If you run the program several times change the 'scslog.txt' filename to a unique name for every scan. Another note: When using the redirect '>>' all output that would typically show on the screen is redirected to the text file. Once you launch the 'scs' command the screen will not show anything. When the program is done the c:\ prompt will return. --- Open the scslog.txt file with notepad to see the results of the scan. The responses should be no response - IP address IP Address appears to be clean IP address seems to be infected by Conficker Good Luck _____________________________________________________________________ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Your are asked to notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Prairie Lakes Area Education Agency. Prairie Lakes Area Education Agency accepts no liability for any damage caused by any virus transmitted by this email. - _____________________________________________________________________ Scott Fosseen - Systems Engineer - Prairie Lakes AEA - http://www.aea8.k12.ia.us/tech _____________________________________________________________________ I may not have gone where I intended to go, but I think I have ended up where I intended to be. - Douglas Adams _____________________________________________________________________ --- [This E-mail scanned for viruses by Declude Virus on the server aea8.k12.ia.us] --------------------------------------------------------- Archived messages from this list can be found at: http://www.mail-archive.com/info-tech@aea8.k12.ia.us/ ---------------------------------------------------------
