i used this as my scanner (latest (beta) version of nmap with the script they list) http://seclists.org/nmap-dev/2009/q1/0869.html
what i did: using Nmap (4.85BETA5) C:\program files\nmap\nmap.exe -sC --script=smb-check-vulns --script-args=safe=1 -p445 -d -PN -n -T4 --min-hostgroup 256 --min-parallelism 64 -oA conficker_scan 10.0.0.0/16 > nmap-scan.txt i then searched nmap-scan.txt for the word infected. -BenN On Tue, Mar 31, 2009 at 7:05 PM, Jon D <rekcahp...@gmail.com> wrote: > Can you access the remote share on said computers? > I've noticed on computers with their firewall setup wrong(blocking > sharing) that it would read as incomplete. > > The tool did find 1 computer on my network that was missing 20+ > patches. Not sure what happened there..... > > > Jon > > . > > > > On Tue, Mar 31, 2009 at 10:00 PM, Chyka, Robert <bch...@medaille.edu> > wrote: > > I tried to scan some subnets and it says incomplete scan or something. > Some machines can be scanned but most can't. What would be stopping the > scan? > > > > -----Original Message----- > > From: "Marc Maiffret" <m...@marcmaiffret.com> > > To: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com> > > Sent: 3/31/09 9:39 PM > > Subject: Free Conficker Scanner > > > > A lot of you have been emailing me off list asking if eEye was going to > make > > a free Conficker scanner like they normally have done in the past for > major > > issues etc... > > > > They have in fact created one and it is completely for free and will > detect > > both vulnerabilities that Conficker uses and also systems infected with > > Conficker. I would check for new versions as they will be making tweaks > and > > improvements as they receive feedback. > > > > http://www.eeye.com/html/downloads/other/ConfickerScanner.html > > > > Feel free to cross post and forward this email to other IT types that are > > looking for a tool to help identity Conficker and related. > > > > -Marc Maiffret > > www.marcmaiffret.com > > > > P.S. > > If you are looking to be proactive and find this and more: > > http://www.eeye.com/html/products/retina/index.html > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~