Mark Minasi's Reader Forum
Mark Minasi's Reader Forum
Home | Profile | Register | Active Topics | Active Polls | Members | Search | FAQ | Minasi Forum RSS Feed
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 OTHER HALP! Linux, Hardware, and Anything Else
 Viruses, worms, and spyware advice
 conficker on AD servers...oh my		  New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

boggs
Seasoned But Casual Onlooker

USA
25 Posts
Status: offline
Posted - 05/05/2009 :  02:41:15 AM  Show Profile  Reply with Quote
Well I am an unhappy guy who has a site that has conficker on the servers, 2 AD servers and a few application and file servers.

I read the other threads about fixing and patching and I am all for nuking an infected server. I have fixed and patch individual servers, but they get reinfected almost right away. I'm doing something wrong or I just don't understand some part of this.

If I fix and patch a server (or even put a new, patched server in place) is it the Admin$ share that the virus uses to blow through? All the servers have the same password on those shares.

Most of the instructions relate to workstations, put on a strong password. But with an AD server I think that is not possible to secure.

If so, do I have to go through and take every server off-line either by pulling the plug or doing that GP method MS published, then fix/patch each server untill they are all fixed?

Like if I miss one other computer somewhere am I sunk again?

I hate to go through all that and then have the thing reinfect the servers again.

Is there a step by step for servers and AD?

don2007
Honorable But Hopeless Addict

1973 Posts
Status: offline
Posted - 05/05/2009 :  10:42:46 AM  Show Profile  Reply with Quote
There have been a few threads on Conficker. Everyone here will tell you to format the drive & reinstall. Personally, I would like to see a Hijack This log, if you don't mind posting it.

Dyslexic people untie.
Go to Top of Page

boggs
Seasoned But Casual Onlooker

USA
25 Posts
Status: offline
Posted - 05/05/2009 :  11:06:13 AM  Show Profile  Reply with Quote
I am fine with the burn down and re-install. What I guess I need to know is:

On an AD domain, can I burn down and re-install a server, patch it to the gills and put it back in place and then do the next one, without getting infected?

Or do I need to shut them all down and do every instance of an infected server and do them all at once?
Go to Top of Page

don2007
Honorable But Hopeless Addict

1973 Posts
Status: offline
Posted - 05/05/2009 :  11:41:31 AM  Show Profile  Reply with Quote
I wouldn't put the first server back on the network with the other one still connected.
Dyslexic people untie.
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Mark Minasi's Reader Forum © 2002-2011 Mark Minasi Go To Top Of Page
This page was generated in 0.09 seconds. Snitz Forums 2000