Conficker Infected Entire Network: How To Remove?

[ictponder]

Our entire network is infected from a stupid fucking customers USB drive. Can someone with experience with this please help me remove it?

[OBXBoost]

Do you have enterprise virus support?

[ictponder]

Only virus software we have is Avast on some of the computers. We do not have a tech department and a lot of these computers do not get updates like they should. Unfortunately the only person who can run a program or executable file is the owner as all others do not have priviledges and all websites not pertaining to the daily operation of the businesses are blocked on our domain via Internet Explorer. This is the only PC with firefox on it, which I managed to install before it was hooked to the network.

[OBXBoost]

How many workstations are we talking?

Only virus software we have is Avast on some of the computers. We do not have a tech department and a lot of these computers do not get updates like they should. Unfortunately the only person who can run a program or executable file is the owner as all others do not have priviledges and all websites not pertaining to the daily operation of the businesses are blocked on our domain via Internet Explorer. This is the only PC with firefox on it, which I managed to install before it was hooked to the network.

[sketch]

how many workstations?
are they on a domain?
how is your network infrastructure setup?

[FeaRpb]

Provide us with more information and we can help.

[ictponder]

It's on a domain, about 8 computers are infected (haven't checked the server yet). Each host is assigned address dynamically and each host has 2 mapped drives to the server, not sure if that helps. This all started after troubleshooting a customers computer using their USB drive which was apparently infected. I've managed to run Malicious Software Removal Tool from a USB drive on one computer and install Microsoft updates, fixing the problem. The other computers get infected after running removal tool before I can get the updates to download.

For those who will ask why we were troubleshooting a computer when we are getting infected ourselves..

We sell Verizon and sometimes customers can't figure out how to install the VZ Access Manager software on their PC or get drivers to work with certain phones. So we use their USB drives to copy drivers and such.

[Zaroth]

http://support.microsoft.com/kb/962007

About half way down it has all the step by step instructions for manual removal.

It is a worm, so make sure these infected computers are disconnected from your network.

Let us know how it goes.

[onyxice]

Seperation from non-infected machines is a great start, make sure to clean all temp. files per user/system. Also, never hurts to have a flash drive of your own around for tasks like that, having one you know is clean can help prevent these situations.
Have fun bro, my job practically is virus removal. haha

[GTOJOE]

I recommend an SD card with a usb card reader. This way you can copy tools/software to it then lock it to block any write access. Load up combofix and run on every pc. Only use the combo fix from the below link. There are fake ones out there.

http://www.bleepingcomputer.com/down...virus/combofix