***
-Original Message-
From: Marc Maiffret [mailto:m...@marcmaiffret.com]
Sent: Saturday, November 21, 2009 20:44
To: NT System Admin Issues
Subject: Re: Conficker Help!
http://www.eeye.com/Downloads/Security-Tools/Conficker-Worm-Scanning-Utility.aspx
-Marc Maiffret
www.marcmaiffret.com
On Fri
http://www.eeye.com/Downloads/Security-Tools/Conficker-Worm-Scanning-Utility.aspx
-Marc Maiffret
www.marcmaiffret.com
On Fri, Nov 20, 2009 at 5:33 AM, Kelsey, John jckel...@drmc.org wrote:
Looks like we're getting hit the Conficker this morning. Sophos is
reporting several hundred 'conficker
Looks like we're getting hit the Conficker this morning. Sophos is
reporting several hundred 'conficker detected/cleaned' messages, so at
least its catching it...BUThow do I determine the source of the
infection? Something I can look for with wireshark or something?
Apparently there are some
Disable all autoplay functions, via GPO or script if you can
Check using WSUS or MBSA to see that the patch is installed for the
vulnerability Conficker exploits on all your machines
Make sure you don't have any rogue devices showing up in DHCP scopes
These might do you for starters
2009/11/20
Look for multiple bad password attempts coming from the same source.
From: Kelsey, John [mailto:jckel...@drmc.org]
Sent: Friday, November 20, 2009 8:34 AM
To: NT System Admin Issues
Subject: Conficker Help!
Looks like we're getting hit the Conficker
of it, then reboot
each one. A real pain on the servers.
From: Kelsey, John [mailto:jckel...@drmc.org]
Sent: Friday, November 20, 2009 8:34 AM
To: NT System Admin Issues
Subject: Conficker Help!
Looks like we're getting hit the Conficker this morning. Sophos is
reporting several hundred 'conficker
infections, but we had to run
fseasyclean on all the machine and servers to get rid of it, then reboot
each one. A real pain on the servers.
*From:* Kelsey, John [mailto:jckel...@drmc.org]
*Sent:* Friday, November 20, 2009 8:34 AM
*To:* NT System Admin Issues
*Subject:* Conficker Help!
Looks
What whitelist app are you using ?
Erik Goldoff
IT Consultant
Systems, Networks, Security
_
From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Friday, November 20, 2009 8:49 AM
To: NT System Admin Issues
Subject: Re: Conficker Help!
Ouch. I love my application
: Kelsey, John [mailto:jckel...@drmc.org]
Sent: Friday, November 20, 2009 7:34 AM
To: NT System Admin Issues
Subject: Conficker Help!
Looks like we're getting hit the Conficker this morning. Sophos is reporting
several hundred 'conficker detected/cleaned' messages, so at least its catching
:* James Rankin [mailto:kz2...@googlemail.com]
*Sent:* Friday, November 20, 2009 8:49 AM
*To:* NT System Admin Issues
*Subject:* Re: Conficker Help!
Ouch. I love my application whitelists.
2009/11/20 Steve Kelsay kels...@sctax.org
We go hit with it two weeks ago despite being fully patched
PC tried to
use a bad password. I was able to determine alot from checking 1) bad password
attempts 2) McAfee logs.
- Original Message -
From: Mayo, Bill
To: NT System Admin Issues
Sent: Friday, November 20, 2009 8:41 AM
Subject: RE: Conficker Help!
Look for multiple bad
System Admin Issues
Subject: Re: Conficker Help!
That's what I did with my Conficker hit earlier this year. Also, in spite of
the fact it looked as though everyone was infected and popping up virus alerts
we really only had one infected laptop. McAfee (not my choice to run) was
popping up alerts
, November 20, 2009 2:33 PM
To: NT System Admin Issues
Subject: RE: Conficker Help!
Go grab the trial version of NetWrix Account lockout Examiner:
http://www.netwrix.com blockedhttp://www.netwrix.com
It will monitor your domain controllers and look for lockout's and
report what machine there coming
/ActiveDirectory/FindAllLocked-OutAccounts.html
From: Greg Olson [mailto:gol...@markettools.com]
Sent: Friday, November 20, 2009 2:33 PM
To: NT System Admin Issues
Subject: RE: Conficker Help!
Go grab the trial version of NetWrix Account lockout Examiner:
http://www.netwrix.com
System Admin Issues
Subject: RE: Conficker Help!
Go grab the trial version of NetWrix Account lockout Examiner:
http://www.netwrix.com
It will monitor your domain controllers and look for lockout’s and report
what machine there coming from.
From: Orland, Kathleen
15 matches
Mail list logo