Well I am an unhappy guy who has a site that has conficker on the servers, 2 AD servers and a few application and file servers.
I read the other threads about fixing and patching and I am all for nuking an infected server. I have fixed and patch individual servers, but they get reinfected almost right away. I'm doing something wrong or I just don't understand some part of this.
If I fix and patch a server (or even put a new, patched server in place) is it the Admin$ share that the virus uses to blow through? All the servers have the same password on those shares.
Most of the instructions relate to workstations, put on a strong password. But with an AD server I think that is not possible to secure.
If so, do I have to go through and take every server off-line either by pulling the plug or doing that GP method MS published, then fix/patch each server untill they are all fixed?
Like if I miss one other computer somewhere am I sunk again?
I hate to go through all that and then have the thing reinfect the servers again.