I got amail from my ISP that there is spyware being caused by conficker, This is a critical problem and needs to be addresses immediately. Kindly let me know what to do to cease the situation quickly.
Thanks
Alternatives:
- Call ISP, work with them.
- Hire specialist, if that is over your head.
- Wipe all computers, reinstall.
Do NOT:
- Post on random forum, call and complain to your pizza delivery service etc.
Simply said: you are wrong here. Mikrotik, at best, is your router company. They dont deal with network protection, fixing your infected computers etc.
I think you are wrong too. This forum is a community where each member can support, give hints and help others. He’s not asking mikrotik’s support to help him, but want’s other peoples thoughts. Conficker is a well known worm that causing TCP SYN flood and spamming.
oceanic1:
You can simply call infected machine’s user by telephone and offer him some good antivirus. Or block him on a router, so he’ll contact your support to assistance anyway. To catch infected user’s IP you can monitor internet traffic by wireshark for suspicious traffic. Dns and nbns lookup for suspicious addresses like “zcvzzx.com”, “crackmailerz.cn” and etc are virus activity too.
You can try to create firewall filter rule to limit tcp packets with tcp flag “syn” to, let’s say 10-20 pps (per user) max and make it low priority. Syn packets are relatively rare. That will decrease flooding your ISP.
PS: But I think this thread is in incorrect forum section.