Read the SANS link and break up your response in to steps in order to deal with the problem in a calm and rational way.
One possible way of dealing with a Conficker outbreak in a Windows active directory (AD) domain follow the SANS steps.
You (as the security person) have been alerted of that there's a problem.
In Conficker's case, AD user accounts have started locking out large numbers.
First thing to do is find a machine causing the problem and examine it.
Looking in Domain Controllers event logs will show which machine(s) is causing the accounts to be locked out.
Once you've examined the machine and determined the problem, Conficker in this case, you need to work out what Conficker does and how it works in order to stop it. Then the why, who and how the machine got infected.
For example: Was it patched? Did it have a working AV did the attack come from USB or another machine.
You need to make the call on how to deal with the problem and get management involved. Do you go in hard and locking down the network and blocking internet access or do you quietly clean up the mess in the background? Conficker is well written, so infected machines aren't crashing and the AD locks can be scripted to be unlocked to minimise the down time effects on the staff.
Lets say you got a number of machines without out patches and no antivirus across the network and Conficker infected one of those machine from a USB drive. Scanning for infected or machines open to infection would give you a list of machines to fix and let you know how many machines are possible problems.
Quick fixes could be using group policy to turn on Xp's firewall and block port TCP 445, or force out the patches, AV and reboot machines. Searching for machines with AT1.job file and deleting that file will also slow up Conficker.
If you have a network with modern switches, drop all the infected machines on to a special VLAN that has no access to the rest of the network and fix them as and when you have time.
Someone needs to talk to the staff and tell them in non-geek terms what the problem is and how not to make it worst (e.g. ban use of USB sticks while clean up the network)
Clean up all the infected systems and ensure all the other computers in the network are protected from possible infection. Find any infected USB drives and clean/remove them.
Check everything is okay and staff can work normally again.
Step Six—Lessons Learned
Write up what happened and put it in to a time line of events and actions. Work out what you could have done better and how this could have been avoided. You may suggest regular patching is a good idea, as is restricting the use of USB drives by certain staff.