Troubleshooting Conficker Problem
Steps to scan server due to Conficker:
1. Download Microsoft® Windows® Malicious Software Removal Tool from Microsoft’s website (check the latest version of this application)
2. Copied this malicious removal tool to the affected server and run it
3. Run a full scan (at least you could find 2 affected files of Conficker) and stop the scanning
4. Disable file/printer sharing from network properties
5. Disabled port 445
– You could check it before you disable using the below command:
netstat -na | find “445” (you shall able to view lots and lots of port 445 being opened)
5. Disable port 445:
——————————
You can easily disable port 445 on your computer. To do so follow these instructions:
a. Start Registry Editor (Regedit.exe).
b. Locate the following key in the registry:
HKLM\System\CurrentControlSet\ Services\NetBT\Parameters
c. In the right-hand side of the window find an option called TransportBindName.
d. Double click that value, and then delete the default value, thus giving it a blank value.
e. Close the registry editor
——————————
6. Apply Conficker patches.
7. Restart server
8. Run windows update and apply windows to the latest patches.
The following article will guide on how to run windows updates.