analyze infected network by conficker ?

Viewing 5 reply threads
  • Author
    Posts
    • #4408
      nubie
      Participant

      Hi, need advise please, there is conficker on my network althought all pc now
      is clean there is some question i need to ask, if i plug the new pc/unpatched pc(XP) on network in some unknown time the AV will give warned about the conficker, so i just try to run wireshark on the new pc/unpatched and sometime
      i got the random packet source to dest and different port but in a random time to.

      Could anyone give me some advise about what the next step i should do cause i had block some pc which try to connect to conficker server i had seen
      the activity from my log router.

      Thanks a lot.  🙂

      Regards,
      Nubie

    • #27756
      Anonymous
      Participant

      I just want to double check with you to make sure that I understand correctly. You have cleaned ALL of the machines on your network and the Conficker traffic is coming from outside of your network. And you saw the traffic on your router?

      Let me know if this is correct. Thanks!

      john

    • #27757
      nubie
      Participant

      Yes, that’s correct johnfellers, but when i check using wireshark on unpatched new pc
      to sniff packet on network it got warned AV but the source is come from pc on network, on wireshark when i right click some packet and follow tcp stream the av
      pop up and warned about conficker.

      Thank’s a lot for your reply and i’m very hope for your advise please.  🙂

      Regards,
      Nubie

    • #27758
      timmedin
      Participant

      Then it sounds like there is still an infected machine on your network

    • #27759
      nubie
      Participant

      Yes, i’ve been thinking like that too however when i checked again that machine there is no conficker found, is that possible for the new pc unpatched being the gateway for conficker to other machine on network cause on the packet i’ve seen on wireshark sometime the new pc unpatched being the source to destination some machine on network(patched) ?.

      Thank’s a lot for your reply timmedin.  🙂

      Regards,
      Nubie

    • #27760
      timmedin
      Participant

      Could be, but that doesn’t seem likely.

Viewing 5 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?