Conficker Removal with MSRT

1. Symptoms to help you determine if you are infected

· Account lockout policies are being tripped

· Domain Controllers are being hammered

· Network congestion

· Sluggish Client Behavior

2. Steps to help you recover

Patch and clean – apply MS08-067 and review this info on weak passwords

· Weak Password and Lockout policy info

What you should know about strong passwords:

Password Best Practices: 

Accounts Passwords and Lockout Policies:

Account Lockout and Management Tools:

· Passgen is a tool that allows you to reset local passwords on large blocks of systems:


3. Malware Removal

1. MSRT - The updated MSRT will be live Tuesday 13 January; however you must remember that conficker breaks automatic updates, so we will need to also reference these KBs for manual download information and alternate enterprise deployment steps:

KB890830 The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows Vista, Windows Server 2003, Windows XP, or Windows 2000

KB891716 Deployment of the Microsoft Windows Malicious Software Removal Tool in an enterprise environment

2. FCS/ OneCare

3. Competitive AV

4. Manual Cleanup - This template supplies the manual cleanup steps and a script. (in a separate post)

See these blog posts for additional resources

Comments (0)

Skip to main content