Please follow these instructions.
Dshield has a diary item containing many third party resources, especially removal tools such as Norton Power Eraser, Stinger, MSRT etc.
One of the most critical items is to make sure that all of your computers have the MS08-067 patch installed. But even with the patch installed, machines can get reinfected.
There are several ways to identify Conficker infections remotely. For a fairly complete approach, see Sophos.
If you have full firewall logs turned on at the time of detection, this may be sufficient to find the infection on a NAT:
Your IP was observed making connections to TCP/IP IP address 216.66.15.109 (a conficker sinkhole) with a destination port 80, source port (for this detection) of 26210 at exactly 2015-02-07 20:30:03 (UTC). All of our detection systems use NTP for time synchronization, so the timestamp should be accurate within one second.
If you don't have full firewall logging, perhaps you can set up a firewall block/log of all access (any port) to IP address 216.66.15.109 and keep watch for hits.
WARNING: DO NOT simply block access to 216.66.15.109 and expect to not get listed again. There are many conficker sinkholes - some move around and even we don't know where they all are. Blocking access to just one sinkhole does not mean that you have blocked all sinkholes, so relistings are possible. You have to monitor your firewall logs, identify the infected machine, and repair them if you wish to remain delisted.
Recent versions of NMap can detect Conficker, but it's not 100% reliable at finding every infection. Nmap is available for Linux, xxxBSD, Windows and Mac. Nessus can also find Conficker infections remotely. Several other scanners are available here.
<and so on...>
