Troubleshooting Conficker Problem

Steps to scan server due to conficker:
========================================


1. Download Microsoft® Windows® Malicious Software Removal Tool from microsoft website (check the latest version of this application)
2. Copied this malicious removal tool to affected server and run it
3. Run full scan (at least you could find 2 affected files of conficker) and stop the scanning
4. Disable file/printer sharing from network properties
5. Disabled port 445
- You could check it before you disable using below command:
netstat -na | find "445" (you shall able to view lots and lots of port 445 being opened)
5. Disable port 445:
------------------------------
You can easily disable port 445 on your computer. To do so follow these instructions:


a. Start Registry Editor (Regedit.exe).
b. Locate the following key in the registry:

HKLM\System\CurrentControlSet\ Services\NetBT\Parameters

c. In the right-hand side of the window find an option called TransportBindName.
d. Double click that value, and then delete the default value, thus giving it a blank value.
e. Close the registry editor
------------------------------
6. Apply conficker patches.
7. Restart server
8. Run windows update and apply windows to latest patches.

Add Feedback