Conficker worm striking on April 1st! Read This!

Status
Please reply by conversation.

FTABman0

SatelliteGuys Pro
Original poster
May 13, 2006
818
1
Lat 39.2°N WV Lo 81.5°W
Seeing only one other post about this from POKE on 03-13-2009 on the Computer and Electronic Gadget Zone, and The FTA Shack is about off topics that are non technical free to air things, here is a post way off subject but people need to see in the FTA Discussions of the forums!

I got this in a email this morning from a fellow FTA neighbor. Did not know that this was going around and the first time I heard of it! I thought I would post this for us guys that do not know about it or have the time to browse all the forums here at the Satellite Guys! Face it, there is a lot of stuff here to look at and all people need to be aware of this virus!


The Conficker Worm
virus.gif



Worried about the Conficker worm striking on April 1st? A few simple steps can protect you.

Target: All users of Windows XP and Windows Vista.
Microsoft has a recommended Patch for all Windows Users CLICK HERE!
Microsoft® Windows® Malicious Software Removal Tool (KB890830)


Watch This CBS Story! Got Me Updating Things! A Must Watch!!
Watch CBS correspondent Leslie Stahl talk to Steve Trilling, Symantec VP Security Technology & Response, on 60 Minutes about the impact of the Conficker worm.



What does the Conficker worm do?
We don’t know the purpose of the Conficker worm. Today the worm has created an infrastructure that the creators of the worm can use to remotely install software on infected machines.

What will that software do?
We don’t know. Most likely the worm will be used to create a botnet that will be rented out to criminals who want to send SPAM, steal IDs and direct users to online scams and phishing sites.

The Conficker worm mostly spreads across networks. If it finds a vulnerable computer, it turns off the automatic backup service, deletes previous restore points, disables many security services, blocks access to a number of security web sites and opens infected machines to receive additional programs from the malware’s creator. The worm then tries to spread itself to other computers on the same network.

How does the worm infect a computer?
The Downadup worm tries to take advantage of a problem with Windows (a vulnerability) called MS08-067 to quietly install itself. Users who automatically receive updates from Microsoft are already protected from this. The worm also tries to spread by copying itself into shared folders on networks and by infecting USB devices such as memory sticks.

Who is at risk?
Users whose computers are not configured to receive patches and updates from Microsoft and who are not running an up to date antivirus product are most at risk. Users who do not have a genuine version of Windows from Microsoft are most at risk since pirated system usually cannot get Microsoft updates and patches.


YOU COULD BE INFECTED!! :mad:

This was the email sent to me today about this! The article is through my local paper online The Parkersburg News!

Here is the article:



Computer worm “Conficker worm “evolves Wednesday



By JOLENE CRAIG
POSTED: March 31, 2009

PARKERSBURG - When the fast-moving Conficker computer worm evolves Wednesday, it is not expected to leave a trail of destruction as other viruses have, local computer experts said.

"I have been looking at (the virus) for a while and it's interesting," said Mike Ayers, lead technician with Allied Fittro Computer Services on Murdoch Avenue. "It's not doing anything but building its own little network."
The Conficker worm has been a scourge of the Internet since it was released in October and has since infected at least three million personal computers.
On April Fools' Day, the infected machines will become more aggressive about receiving updates from millions of online sources, Ayers said. When this happens, the worm's creators will be able to trigger the program to send spam, spread more infections, clog networks with traffic or bring down Web sites.
"Really, nobody knows what will happen," said Wayne Hunter, manager of Best One Computers in Marietta.

From a technical standpoint, this could wreak havoc to private and even government computers, but researchers who have been tracking the worm indicate the new evolution of Conficker will come and go without a fuss.
Researchers said the April 1 programming change is partly symbolic- an April Fools' Day tweaking of Conficker's pursuers, who for now have been able to prevent the worm from doing significant damage.
"It's been quietly spreading without any sign of infecting the computers it inhabits with big problems," Ayers said. "I don't think it's going to totally shut down the computers."

What will happen to infected computers on Wednesday is that they will no longer be able to receive Windows or Microsoft updates, Ayers said. Hunter said infected machines might have trouble connecting to certain Web sites or even just connecting to the Internet.

People who have regularly updated their computer's operating system and anti-virus programs should be safe from Conficker, Ayers and Hunter said.
The Associated Press contributed to this article.

Thought it would be a great thing to pass along! Tomorrow guys it may Run A Muck! Don’t be caught out there wagging and wondering where your bank account money went!

B-Man
 
Last edited:
I'm thunkin its an April fools joke but just in case I may set the date back on on putters by a few days to stop this monster.
 
A fix was found yesterday so that IT departments can find the infected machines on the network and get those pc's off line for a cleaning
 
Symantec Corporation Removal Tool

I just found this removal tool from Symantec Corporation and information on how to remove it so it does not come back in Windows! Would highly recommend the Microsoft patches in the first post though, they close the door on the variant of the worm in all forms! I am running it on all machines now!

Download the tool and run it after you click and read on 3 Removal instructions!

This tool when ran will tell you if you have the worm or not! Remove it if you do!

But you have to follow the instructions on how to disable your System Restore in Windows and Turn Off Shared Folders First!

Don’t be afraid to read the instructions!


Symantec Corporation quick link jumps:
1. Summery
2, Technical Details About the Worm
3. Removal Tool By Symantec Corporation


Tool to reset shell\open\command registry keys
As part of their routine, many worms and Trojans make changes to the registry. Some of them change one or more of the shell\open\command keys. If these keys are changed, the worm or Trojan will run each time that you run certain files.

For example, if the \exefile\shell\open\command key is changed, the threat will run each time that you run any .exe file. This may also stop you from running the Registry Editor to try to fix this.

They may also change a registry value so that you cannot run the Registry Editor at all.

Tool above fixes that and it is trusted as of all files here in this post from Microsoft or Symantec Corporation.



You might be surprised you have the darn thing!

Hope this helps everyone!!

Scanning all my machines now!!

B-Man
 
Last edited:
I think the truth speaks clearest

I think the truth speaks clearest...

April 1st - What Will Really Happen? - dshield
Feeling Conflicted about Conficker? - dshield
Locate Conficker infected hosts with a network scan! - dshield
These links are from the guys from the "Internet Security Center"

I personally think that the media is just having fun yanking everyone about, stirring up Fear, Uncertainty and Doubt.

Yes and one of the easier solutions is just use linux, even if all you're doing is web surfing on it.

If your really that worried, pull whatever plug you have to the internet and don't go near the computer or the internet for the next 2 days. Wait and see folks. Can't be much worse than "Code Red", Blaster, or Welchia worms before Conflicker. Those flat out jammed/overloaded networks. The Internet hardly worked for close to a week each round.
 
The internet seems fairly fast today on alltel wireless.
Running linux mint 6 on desktop.

:up running Linux!!

I wish all my audio sound edit software ran on something else besides Windows! Windows seems to be like the E* and hackers, Windows needs to secure its software!

Holes in your network, router and lazy security practices allows stupid computer hackers to get in but we had help from Microsoft this time with a security flaw in MS08-067 vulnerability in the Windows Server service. :mad:

I too had no issues today and not heard much more about the Conficker worm.
Iceberg mentioned he got the update on March 10th; but the thing about this worm is that it was in the wild October 2008 last year before the patches came out!

It does not hurt to get the removal tool from Post # 4 and run it like you have the worm to remove it; it will run and tell you if you have it or not, get rid of it if you do.

Better safe than sorry!


FTABman0_Avitar.gif
 
no virus, thank goodness because I cannot do any updates that require a reboot since this PC is about to die. I literally have to put it in the freezer to get it to boot. I only can put it in standby or else......
 
no virus, thank goodness because I cannot do any updates that require a reboot since this PC is about to die. I literally have to put it in the freezer to get it to boot. I only can put it in standby or else......



Freezer to get it to boot?? It's not a Toshiba Satellite is it? Got one like that!

My My! Sounds like you could you could use a new one! :)

FTABman0_Avitar.gif
 
FTABmanO

Check out OSDisc.com for Ubuntu Studio, or 64 Studio, I think they run directly from cd or dvd, and are
geared for sound, and graphics, and such.

Bob
 
FTABmanO

Check out OSDisc.com for Ubuntu Studio, or 64 Studio, I think they run directly from cd or dvd, and are
geared for sound, and graphics, and such.

Bob

Thanks Bob, I will check that out! I use Adobe Audition for my studio end for final cuts I do for stations here for my Advertising Agency business. New to the Mac this year and learning that. Hard to get off Windows since you had it back in the Windows 3.1 days.

Thanks for that before we get too much off topic!

I will get a look at it, thanks :up

Kevin

FTABman0_Avitar.gif
 
Freezer to get it to boot?? It's not a Toshiba Satellite is it? Got one like that!

My My! Sounds like you could you could use a new one! :)

FTABman0_Avitar.gif

It's a HP/Compaq TC1100, known issue and only a mainboard replacement will fix it :(

I am changing to a new one when it comes out(already preordered it), it runs a version of linux but will not be coming out till late spring/summer: Always Innovating: Introducing the Touch Book

It has a 10-15 hr battery life :) Just trying to keep this POS running a little longer...
 
Another "earth shattering computer virus" overblown by the hysterical media. I'm a computer tech specialist. I did not find a single occurrence, did not hear of a single occurrence nor have any of my associates. Frankly, anyone running a computer in this day and age without adequate anti-spyware, anti-virus, and real (not "hardware") firewall protection is foolish to say the least.
 
Just a couple of quick notes for anyone doing battle with this little gem.

1) If you are running XP - make sure that the system restore is off. If you fee strongly that you can't live without it, turn it back on after your system is verifiably clean.

2) download a copy of ATF-Cleaner and CCleaner and run both to get rid of anything hanging out in the temp areas of the file system.

3) If you can't run any of the removal tools on your system (spybot, super anti spyware, Microsoft malicious software removal tool, Malware bytes, etc.) - Try to rename the program exe file. Then run the renamed exe.

4) If you KNOW what you are doing. download a copy of hijackthis (now owned by pctools) and cleanup up any entries that you KNOW are detrimental. This can be a very dangerous tool. Use it with caution.

5) No matter how much you hate Microsoft, apply all the critical updated from Microsoft. They are intended to patch holes that are found in the OS that are exploited by others.

6) Make sure that you have a working anti-virus program and that it is up to date. There are several free anti-virus programs available. If you cant afford one of the name brand programs, by all means, get one of the free ones. Avast is a very good free application. I actually prefer it over Mcafee and symantec.
 
Status
Please reply by conversation.

Getting back into FTA

Which HD receiver?

Users Who Are Viewing This Thread (Total: 0, Members: 0, Guests: 0)

Who Read This Thread (Total Members: 1)