I posted a few weeks ago but have done some further work/consideration
about this issue.

I've just taken on a new client whose network has been left in pretty
bad shape by their previous IT support provider. They have
approximately 11 XP workstations and 1 SBS 2003 DC.

To sum up the state they're in:

- No server or workstation Windows Updates installed for a very long
time (still on XP SP2)
- AVG Personal Edition on all workstations, AVG SBS on the server but
expired May 2010.
- No logon passwords needed/very poor passwords on workstations
- Conficker virus infection on all computers.

The previous IT firm seemed to give up on the client once they knew
they had a Conficker infection.


I want to rid them of the Conficker virus first of all. My plan of
attack is as follows:-

One workstation at a time:

1. Format the workstation. Reinstall Windows.
2. Install all available Windows Updates.
3. Install business class anti-virus software
4. Implement additional protection to prevent reinfection (see below)
5. Ensure complex logon password
6. Join the workstation back into the domain and configure for the
user.

By doing this I'm hoping to gradually one workstation at a time
eradicate the virus from the network and prevent reinfection once the
workstation is re-introduced to the network. Additionally doing one at
a time to prevent mass downtime.

The advice I would appreciate from you guys is:

1. I want to PREVENT re-infection. This is crucial. As well as updates
and AV software I plan on doing the following:

- Complex local admin password
- Block Autorun

Is there anything else I can do on the workstation before
reintroducing it to the network to PREVENT reinfection?

2. Is this the most effective method of removing the virus from the
whole network?




Thanks in advance.