Conficker.C

[ryuclan]

sound like you got worm/malware that interrupt your internet. I got worm once, whenever I search for PC games it's direct me to porn, the ads turn to porn, hell! I'm afraid to use that laptop again and format it.

Edit: Fixed!!!

I got Avira but it didn't find any worms just one peice of Malware that I promptly deleted. It still does it though, but only on yahoo, and when I click picture links.

[Enjoii]

For those still unsure of whether they are infected;

http://www.confickerworkinggroup.org/infec...cfeyechart.html

[philster_12]

was not an april fools joke, the whole point of it being on april 1 was for people to believe it was a joke.

Actually, from what I've heard, the person/group who made this malware possibly live in a country which doesn't celebrate the holiday. Though, that was just CNN, so carry on.

right now those guys are probably in eastern europe - CNN

[javi13]

Yay for me, no anti virus and no viruses.

[Gouveia]

Meh. You are all a bunch of pussies.

 

I'm running with no protection on a XP SP1, only on porn and warez sites.

 

No Conficker untill now.

Being afraid and not using the computer wouldn't necessarily make some one a pussy. It's a some what founded fear, although I had huge doubts anything would happen, as nothing did.

 

But to run Windows with no AV... that's just stupid. Especially if you visit porn and warez sites. I'd bet everything that you've got at least 10 infections on that computer. While they may not be severe, they're there.

 

It was a test computer that we set up. Still, I think that poor contries (like Brazil) weren't really aimed by Conficker, it didn't get any infection AT ALL.

 

Only a Trojan, but it was succesfully deleted.

[Slamman]

I just read an indepth article on Conficker C, the experts are said to respect the unknown programmers because this Worm is not like things we've seen before, it can randomly be called upon hundreds of computers at a time, and given instruction to carry out a task, mainly motivated by greed...the goal could be to run stolen social security numbers to obtain funds, the effect to those using The Net and a system effected, is log jamming.

 

Not only that, Conficker can be used as a delivery system for any type of Malware. It's first order of business is to shut down MS updating, and can effect several Anti Virus tools update systems as well. You MUST continually update BEFORE you get the worm, but it's stated that some removal tools are in place. You should realize you have it simply by finding Update of your Operating System is disabled and won't work effectively, if at all.

 

Make note, this is aimed at Windows, not MacIntosh, so Apples will not be effected.

[ayushisrocking]

Yay for me, no anti virus and no viruses.

I don't think that the 'yay' applies for you, since you're not on the safe side by not installing a good Anti-Virus like Avast/Kraspersky/McAffee

 

Correct my wrong spellings

[philster_12]

I just read an indepth article on Conficker C, the experts are said to respect the unknown programmers because this Worm is not like things we've seen before, it can randomly be called upon hundreds of computers at a time, and given instruction to carry out a task, mainly motivated by greed...the goal could be to run stolen social security numbers to obtain funds, the effect to those using The Net and a system effected, is log jamming.

 

Not only that, Conficker can be used as a delivery system for any type of Malware. It's first order of business is to shut down MS updating, and can effect several Anti Virus tools update systems as well. You MUST continually update BEFORE you get the worm, but it's stated that some removal tools are in place. You should realize you have it simply by finding Update of your Operating System is disabled and won't work effectively, if at all.

 

Make note, this is aimed at Windows, not MacIntosh, so Apples will not be effected.

nope, days ago i watch CNN and they said , "Conficker C is Hard Coded that even Macintosh can be infected.

 

Although your right it is aimed for Windows

[javi13]

 

Yay for me, no anti virus and no viruses.

I don't think that the 'yay' applies for you, since you're not on the safe side by not installing a good Anti-Virus like Avast/Kaspersky/McAffee

 

Correct my wrong spellings

Common sense is the best anti virus. 2 years with no AV and no viruses (I scanned with one once, then decided to not use it for longer than the trial.)

Fixed spelling mistakes

[Slamman]

I just read an indepth article on Conficker C, the experts are said to respect the unknown programmers because this Worm is not like things we've seen before, it can randomly be called upon hundreds of computers at a time, and given instruction to carry out a task, mainly motivated by greed...the goal could be to run stolen social security numbers to obtain funds, the effect to those using The Net and a system effected, is log jamming.

 

Not only that, Conficker can be used as a delivery system for any type of Malware. It's first order of business is to shut down MS updating, and can effect several Anti Virus tools update systems as well. You MUST continually update BEFORE you get the worm, but it's stated that some removal tools are in place. You should realize you have it simply by finding Update of your Operating System is disabled and won't work effectively, if at all.

 

Make note, this is aimed at Windows, not MacIntosh, so Apples will not be effected.

nope, days ago i watch CNN and they said , "Conficker C is Hard Coded that even Macintosh can be infected.

 

Although your right it is aimed for Windows

The experts quote (not mine, mind you....) was "The tallest Nail gets POUNDED, and Microsofts' OS is the Tallest Nail!"

 

So, I didn't see Apple's OS getting any credence in the matter... But it's safe to say, updating is the KEY to avoiding this one, I do it often, more then once a week, but I worry about my folks so I told them some background based on that article.. The threat is still with us and it's very real.

[SWEETSAPRIK]

 

But it's safe to say, updating is the KEY to avoiding this one, I do it often, more then once a week, but I worry about my folks so I told them some background based on that article..

 

Updating AV (and other security) software is even more important for you than it is for others, seeing as patches are only released for the Windows' versions that haven't reached "end of life".

[Slamman]

Sweets, I'm using XP, dontcha worry bout me, now, ya hear?!? hahaha

[ayushisrocking]

Hello..

At times, i can't see images, randomly, i have Avast Antivirus fully updated (4.8 Home edition).... and MANY MANY TImes, it happens that if i open a webpage, a blank, white page appears with the following written on top

"Error 503 service Unavailable from <IP ADDRESS>"

 

is it bcoz of Conf*cker.C?

Edited April 7, 2009 by ayushisrocking

[copperwire93]

From McAfee Website regarding Win32/Conficker

What is the Conficker worm?

 

Conficker.C is the most recent variant of the Conficker worm. Exposure to Conficker.C is limited to systems that are still infected with the earlier variants, Conficker.A and Conficker.B, which operate by exploiting the MS08-067 vulnerability in Microsoft Windows Server Service. If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. Conficker combats efforts at eradication by creating scheduled tasks and/or using autorun.inf files to reactivate itself.

 

McAfee has identified thousands of binaries that carry the Conficker payload. Depending on the specific variant, the worm may spread via LAN, WAN, web, or removable drives, and by exploiting weak passwords. Conficker disables several important system services and security products, and downloads arbitrary files. Computers infected with the worm become part of an “army” of compromised computers and could be used to launch attacks on websites, distribute spam, host phishing websites, or carry out other malicious activities.

How to tell if your system is infected

 

Symptoms of Conficker infection include the following:

 

* Access to security-related sites is blocked

* Users are locked out of the directory

* Traffic is sent through port 445 on non-Directory Service (DS) servers

* Access to admininistrator shared drives is denied

* Autorun.inf files are placed in the recycled directory, or trash bin

 

If you got it, there's already a way how to remove it provided by popular Anti Virus website. Also I suggest you scan with Microsoft Malicious Removal Tool, can be downloaded at Microsoft Website

[Slamman]

Additional steps would be to remove the Windows ability to share control over Networks, unless you are on a LAN that is LOCAL, you know the other computer systems and who are on them, then sharing files and centralized hardware is important for business reasons, but on the WWW, better safe then sorry. Windows' Services are often left unchecked and running in default, which is why again, novices send this stuff propagating.

[Saggy]

Additional steps would be to remove the Windows ability to share control over Networks, unless you are on a LAN that is LOCAL, you know the other computer systems and who are on them, then sharing files and centralized hardware is important for business reasons, but on the WWW, better safe then sorry. Windows' Services are often left unchecked and running in default, which is why again, novices send this stuff propagating.

Honestly it really has more to do with the lack of using a firewall in the case of Windows File sharing vulnerabilities.

 

As far as I know, there's no one that would really risk using NetBios over the internet outside of their own LAN. It doesn't offer any encryption, and in fact it sends passwords out in plain-text. I mean, in all reality, FTP is just as insecure in that respect, it's just why would people adopt a proprietary vulnerable technology for web transfer over an old established one?

 

 

To put it in other words, people should already have a firewall blocking access to and from the internet on port 445 ( as well as 139 for that matter ) whether that be a firewall on their router/modem or a software firewall on the computer itself. Really the only people infected through this avenue are people that neglected the need for a firewall in the first place.

 

In a situation like this a hardware firewall like a router would definitely be the better option. I'm not sure what sort of LAN with Windows File sharing would exist without a router ( seriously, you're not using peer-to-peer networking or anything right? ) anyway, so users should have the ability to secure ports 139 and 445.

 

[ayushisrocking]

Hello..

At times, i can't see images, randomly, i have Avast Antivirus fully updated (4.8 Home edition).... and MANY MANY TImes, it happens that if i open a webpage, a blank, white page appears with the following written on top

"Error 503 service Unavailable from <IP ADDRESS>"

 

is it bcoz of Conf*cker.C?

 

no replies?

[leik oh em jeez!]

Everyone is going to blame EVERY computer problem on Conficker for the next year, aren't they?

[copperwire93]

 

 

no replies? 

Did you read all of my post? I gave you some symptoms and a way on how to fix your prob(the last paragraph). Your problem is not because of Conficker. I don't think conficker attack Asia, the school laptop I always use only have AVG free, and no attack of this worm so far.

Edited April 8, 2009 by copperwire93

[Enjoii]

 

I don't think conficker attack Asia, the school laptop I always use only have AVG free, and no attack of this worm so far.

Your laptop not being infected is not a sign that Conficker is not attacking computers used in Asia. As far as I know it has no set target, other than any computer it can get into.

[Slamman]

The threat is outside the USA as hinted at with the idea that April Fools Day holds no bearing on it's origin. Also noted I use the same GriSoft protection, which is going from 7.5 to 8.5 now, so make sure you upgrade...it's still free!

[ryuclan]

Everyone is going to blame EVERY computer problem on Conficker for the next year, aren't they?

It's the next big thing my friend. Get with the times. I see either a Mad tv spoof or a Southpark ep coming from this.

[Slamman]

Nah, I think it seemed like it due to those uninitiated asking, as they did, but there are constant updates going on for all sorts of new Malware. I uploaded the new AVG/Grisoft AntiVirus Freeware, it's version 8.5 alright, it clocks in at 60.13MB!! Took over 30 minutes to upload, then it sorts out any previous version when it installs.

 

The settings made during launch say to scan the OS every day, or hour, and update daily, something like that, VERY frequently. I spaced it out a bit more reasonably

Edited April 9, 2009 by Slamman

[SWEETSAPRIK]

Just thought this could be useful for anyone who has it, or thinks they do. Even though they probably don't.

 

http://www.nowpublic.com/tech-biz/conficke...nd-removal-tool

 

[ryuclan]

 

including a self-destruct script, for hit-it-and-quit-it functionality.

lol What?

 

 

Anyway I wonder what the guy who created this is waiting for. I bet like a year from now it'll activate and nobody will know what the hell is happening.

[SWEETSAPRIK]

 

including a self-destruct script, for hit-it-and-quit-it functionality.

lol What?

Meaning that it connects, creates a file, but when it's done it completely removes any trace that it did so.

 

A better explanation of exactly what it's doing.

http://blog.trendmicro.com/downadconficker...ant-in-the-mix/

 

[Slamman]

Wow, lots happening in Tech news I feel, at least that I picked up on, CBS news JUST did a story on this the other day, they advised most of what we've gone over, but that it's not an Apple issue for Mac owners, however, it could be as mentioned, above

 

The thing they added is another diversion for infected persons to get around Confiker is to download the latest MS's protection software to a thumb drive USB (update via another computer, obviously, and insert the USB to the infected computer, from where it will run Updates without issue! Interesting.

[poopskin]

Funny how a infection vector can also be a method of delivering a cure.

[Slamman]

My experience has solely been to click Win Update via the OS Start Menu, so as far as getting File'ized to USB form, I'm not aware how that works, but via an AntiVirus site, it's not too hard to do.

[El Zilcho]

Does it say you can't use your toolbar? Like when you load up the computer, does the screen remain blank? And you have to use task manager to open windows? Because I'm suffering those sypntoms and if that's Conficker, I'm screwed.