Problems Detecting Conficker clean or infected

["Falkenstein, Kevin" <Kevin.Falkenstein () Level3 com>]

Good day,

I have installed your latest beta and am running it on a Windows XP system to scan some windows based servers for 
Conficker.

I get an unexpected error when I can.

Command line output:

C:\Program Files\Nmap>nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 idc1srv0001

Starting Nmap 4.85BETA5 ( http://nmap.org ) at 2009-03-31 09:48 Mountain Daylight Time
Initiating SYN Stealth Scan at 09:48
Scanning 10.1.217.250 [2 ports]
Discovered open port 139/tcp on 10.1.217.250
Discovered open port 445/tcp on 10.1.217.250
Completed SYN Stealth Scan at 09:48, 0.11s elapsed (2 total ports)
NSE: Initiating script scanning.
Initiating NSE at 09:48
Completed NSE at 09:49, 5.15s elapsed
Host 10.1.217.250 appears to be up ... good.
Interesting ports on 10.1.217.250:
PORT    STATE SERVICE
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds

Host script results:
|  smb-check-vulns:
|  MS08-067: NOT RUN
|  Conficker: ERROR: SMB: Failed to receive bytes: TIMEOUT
|_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run)

Read data files from: C:\Program Files\Nmap
Nmap done: 1 IP address (1 host up) scanned in 5.58 seconds
           Raw packets sent: 2 (88B) | Rcvd: 2 (88B)

I would expect to see conficker: Likely Clean or Likely infected.

Any advice would be greatly appreciated.

Kevin Falkenstein
Level 3 Communications
Kevin () level3 com<mailto:Kevin () level3 com>
720 888 3012


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org