Another conflicker variant force us to behave like paranoid. Any tool that might help us to detect it get more attention, specially when it’s free

Detect from Windows machine :

Download detector from Florian Roth, click here.

Save and extract to any folder, I choose C.

Make sure to run it from comman line :

C:\scs2-win32>scs2.exe 172.88.1.95  172.88.1.100

Simple Conficker Scanner v2 — (C) Felix Leder, Tillmann Werner 2009
Compiled for Win32 environments by Florian Roth

[INFECTED] 172.88.1.96: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be infected by Conficker B or C.
Done

Detect from Linux machine ( I use Ubuntu 9.04 server) :

# apt-get install python-impacket

# wget http://iv.cs.uni-bonn.de/uploads/media/scs2.zip

# unzip scs2.zip

# cd scs2

# ./scs2.py 172.88.1.1 172.88.1.50

Simple Conficker Scanner v2 — (C) Felix Leder, Tillmann Werner 2009

[UNKNOWN]  172.88.1.10: No response from port 445/tcp.
[UNKNOWN]  172.88.1.14: No response from port 445/tcp.
[UNKNOWN]  172.88.1.8: No response from port 445/tcp.
[UNKNOWN]  172.88.1.5: No response from port 445/tcp.
[UNKNOWN]  172.88.1.9: No response from port 445/tcp.
[CLEAN]    172.88.1.43: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.25: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[UNKNOWN]  172.88.1.50: No response from port 445/tcp.[CLEAN]    172.88.1.22: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.23: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.

[CLEAN]    172.88.1.34: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.29: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.28: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[INFECTED] 172.88.1.47: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be infected by Conficker B or C.
[CLEAN]    172.88.1.48: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.38: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.42: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.27: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[UNKNOWN]  172.88.1.1: No response from port 445/tcp.
[UNKNOWN]  172.88.1.4: No response from port 445/tcp.
[UNKNOWN]  172.88.1.6: No response from port 445/tcp.
[UNKNOWN]  172.88.1.7: No response from port 445/tcp.
[UNKNOWN]  172.88.1.11: No response from port 445/tcp.
[UNKNOWN]  172.88.1.12: No response from port 445/tcp.
[UNKNOWN]  172.88.1.13: No response from port 445/tcp.
[UNKNOWN]  172.88.1.16: No response from port 445/tcp.
[UNKNOWN]  172.88.1.17: No response from port 445/tcp.
[UNKNOWN]  172.88.1.18: No response from port 445/tcp.
[UNKNOWN]  172.88.1.19: No response from port 445/tcp.
[UNKNOWN]  172.88.1.20: No response from port 445/tcp.
[UNKNOWN]  172.88.1.21: No response from port 445/tcp.
[UNKNOWN]  172.88.1.26: No response from port 445/tcp.
[UNKNOWN]  172.88.1.30: No response from port 445/tcp.
[UNKNOWN]  172.88.1.31: No response from port 445/tcp.
[UNKNOWN]  172.88.1.32: No response from port 445/tcp.
[UNKNOWN]  172.88.1.33: No response from port 445/tcp.
[UNKNOWN]  172.88.1.35: No response from port 445/tcp.
[UNKNOWN]  172.88.1.36: No response from port 445/tcp.
[UNKNOWN]  172.88.1.37: No response from port 445/tcp.
[UNKNOWN]  172.88.1.39: No response from port 445/tcp.
[UNKNOWN]  172.88.1.40: No response from port 445/tcp.
[UNKNOWN]  172.88.1.41: No response from port 445/tcp.
[UNKNOWN]  172.88.1.44: No response from port 445/tcp.
[UNKNOWN]  172.88.1.45: No response from port 445/tcp.
[UNKNOWN]  172.88.1.46: No response from port 445/tcp.
[UNKNOWN]  172.88.1.49: No response from port 445/tcp.

Detect using FreeBSD machine :

# cd /usr/ports/net/py-impacket && make install

# wget http://iv.cs.uni-bonn.de/uploads/media/scs2.zip

# unzip scs2.zip &&  cd scs2

# python scs2.py 172.88.1.90 172.88.1.100
WARNING: Crypto package not found. Some features will fail.

Simple Conficker Scanner v2 — (C) Felix Leder, Tillmann Werner 2009

[CLEAN]    172.88.1.90: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[UNKNOWN]  172.88.1.100: No response from port 445/tcp.
[INFECTED] 172.88.1.96: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be infected by Conficker B or C.
[UNKNOWN]  172.88.1.92: No response from port 445/tcp.
[UNKNOWN]  172.88.1.91: No response from port 445/tcp.
[UNKNOWN]  172.88.1.93: No response from port 445/tcp.
[UNKNOWN]  172.88.1.94: No response from port 445/tcp.
[UNKNOWN]  172.88.1.95: No response from port 445/tcp.
[UNKNOWN]  172.88.1.97: No response from port 445/tcp.
[UNKNOWN]  172.88.1.98: No response from port 445/tcp.
[UNKNOWN]  172.88.1.99: No response from port 445/tcp.
Done
#

Time to patch those infected machine.

• scs2-win32
• scs2 exe
• scs2 py
• conflicker port
• scs2 zip
• detect conflicker
• simple conficker scanner v2
• how to detect conflicker
• conflicker ports
• scs2 win32
• conflicker 445
• scs2-win32 zip
• detect conficker in lan
• no response from port 445/tcp
• scs2 py windows
• conflicker tcp port
• scs2 crypto package
• scs2 exe florian roth
• conficker scs2 exe
• conflicker scanner
• conflicer port
• conflicker detect on lan
• scs2
• detecting conflicker LAN
• how to run scs2 py
• how to clean an infected lan line
• port conflicker
• windows 2000 lan manager
• detect conflicker lan
• python scs2 py
• scs2 uni-
• scs2 windows
• port 445 conflicker
• how to activate python script scs2 py
• scs2 conficker
• port 445 conficker
• no response from port 445
• LAN scanner which finds conflicker
• how to detect infected virus on lan
• port of conflicker
• download scs2 windows
• /scs2 py
• detect conficker lan
• scan server contre conflicker
• scs2 conflicker
• detect
• detecting conficker on lan
• detect conflicker on lan
• how can i find w32/conflicker infected machine
• python script scs2 py