An effective method to clean XP, Win2k and Windows 2003 after Conflicker

Solution 1:

The issue seems to be not that the things you have tried haven't worked, it seems more likely that, after you have cleaned one machine, another infected machine on the network will infect the machine you have just cleaned. You need to do a complete clean of all systems on the network. During that time, you will have to keep the machines from re-infecting one another.

Microsoft does have a knowledge base about this, Here. If the things there don't work, you will have disconnect every machine from the network, disinfect every machine, and then hook everything back up again. Good luck.

Solution 2:

There is only one effective method to clean a compromised workstation\server\network, and that is to wipe the machine(s), reinstall Windows and restore your data. Any other method, and you will never be sure that someone else doesn't own your network.

Once you're back up and running, the most effective ways to protect your network are, in order of importance/effectiveness:

  1. Not giving users local administrator rights on their Workstations.
  2. Enforce a strong password policy
  3. Use Group Policy to manage Internet Explorer and XP Firewall on Workstations.
  4. WSUS for updates for Servers and Workstations
  5. Anti-Virus

Solution 3:

The reason it spreads is because you have not yet set the group policy as specified here. Then you can clean the machines using the Malicious Software Removal tool. While many times you do need to wipe the machine, this is not one of them (as long as this is the only issue you have). Hopefully you have also initiated some sort of WSUS or another mandatory patch management solution.