I just registered to thanks you and to let you know this above fix the issue in our servers. Another solution is to install SP2 - this fix the problem as well, but your solution is for far the best practice.
Let me tell you this solution is not provided by Microsoft in any KB... I spend hours and hours in the internet, forums, friends, colleagues, etc and the only fix was the SP2.
But this post save my day. I add the permissions and the dhcp client service is now working in a sec... nice!!!
FYI i fix with this 10 servers running from DC, DNS, DHCP, Exchange, SQL, BES, etc in Vmware !!! cool!
Thanks to you I finish my maintenance very quick today saturday!
Bobson... No matter if you servers already have the SP2... Re-Installing SP2 is another fix for this as well.....
From 15 servers i fixed a couple with the SP2 reinstall and the remaining with your solution... :)
Thanks Troy to share the solution! very nice.
Thanks for asking. We stopped the conflicker virus (all the versions) with Mcafee 8.5 w the last signature, the required patchs / updates from Microsoft and MRT (last version). MRT has been a very good resource to stop the worm.
CSA Cisco has been important to keep the network secured with cero hour viruses but we do not have CSA in all servers.
We even had servers without AV (Exchange, SQL and backup server) but conflicker has just demostrated you need to protect ALL servers. At this time all our servers are running an AV package.
We have very good security (IDS, Forescout, ASA , GPOS, auditing, etc) but all this is not always enough. Working well with shares, strong password, user permissions and a central AV policy is highly important. Highly importance is to keep servers and workstations with the last service pack and critical updates from MS.
Having a network with multiple offices is always a problem to stop this kind of viruses... always need advanced tools to track and determine and close the perimeter of the atack. Our security guy was working hard to stop this.
Now we have more tighten security in place, we was able to stop the virus but the worm make some damage at certain point (like this dhcp service issue) and the worm disabled the Mcafee AV as well in some servers.
In this last case, the MRT works great and we was able to clean the infected machine or server. An snapshot comparison shows this "compromised" server do not need to be re-installed because the MRT was able to clean the server 100% and actually the risk is inexistent.
I added new rules to our Adaptive Security Appliance and we are monitoring traffic at layer 2/3 with the Forescout.
We have extra backups and new Vmware snapshots just to be protected if new variants appears on the globe.... :)
MCP, MCSA, MCSE, MCTS
A+, CST, HPSAN, HPCZ
Bookmarks