Symantec’s got a pretty simple (and free) tool specifically for Conficker:
Download this file on an uninfected computer, follow the steps, and you should be okay.
Doxpara Research has release a ‘scanner’ to check for conflicker infection.
Security expert Dan Kaminsky, working with the Honeynet Project’s Tillmann Werner and Felix Leder, have discovered an easier way to detect if a machine on a network is infected by Conflicker.
Dan writes:”What we’ve found is pretty cool: Conficker actually changes what Windows looks like on the network, and this change can be detected remotely, anonymously, and very, very quickly. You can literally ask a server if it’s infected with Conficker, and it will tell you.
Navigate to the exanded directory and ‘run’ the scanner on each individual computer.
C:\ yourdesktop \scs\scs>scs.exe 192.168.31.2
[For the admins out you can use a host file for a range of IPs]
If you are unsure of how to find your IP address.
Open up command windows – – Start>run>type ‘cmd’ then type in “ipconfig /all”
[If you don’t know how to navigate in the DOS window check this out:
Update – Another way to scan:
1. Download and install Python 2.6.1: [www.python.org] [python.org]
2. Download Impacket from [oss.coresecurity.com] [coresecurity.com] (or maybe [pypi.zestsoftware.nl] [zestsoftware.nl] or some other mirror)
3. Download the scanner from [iv.cs.uni-bonn.de] [uni-bonn.de]
4. Unpack Impacket into a folder, then install Impacket from a command line with c:\python26\python setup.py install
5. Run the scanner with the command c:\python26\python scs.py [starting_ip] [ending_ip]