Conficker

[Joe Statler 0]

OK I'm having problems. I'm having these pop-ups that lead to sites that offer anti-viruses and other things. I've tried avast, Hijack This, and Spyware Terminator but their still not gone. What else is out there that I can use (freeware).

[hscitpe 6]

AVG 8.0 is good

so is Spybot

[Joe Statler 0]

AVG started to f*** up on me (wouldn't delete viruses).

I'll try spybot.

[hscitpe 6]

ok

[daangelo29 5]

I'll try spybot.

Spybot used to be a very good anti-virus tool, until it began to suck, though I still use it.

If you're going to use Spybot, be sure to not install Norton and Kaspersky (Internet Security versions). The two will force you to uninstall Spybot before being installed.

Note that if you're trying to use AVG 8, be sure you don't have any other anti-virus or anti-spyware installed that works the same way as AVG 8. Also, I won't be advising you guys to use AVG Internet Security Suite in Vista or Windows 7 with User Account Control enabled.

[hscitpe 6]

I just use AVG. I never have a problem with it

[Joe Statler 0]

used them all and I still have the pop-ups.

[archer9234 20]

That usually means you've been infected with those spam viruses. I really never got them out without screwing up the Windows log in sequence. So I just did a reformat.

[Joe Statler 0]

eww, do I wanna live with it or do a Factory Settings Restore, and reinstall all my drivers and applications.

[archer9234 20]

I'd reformat. If you leave them, they just screw the whole system up.

[Joe Statler 0]

OK, see you guys in a day or two.

I just thank god I'll be getting drunk tonight.

[daangelo29 5]

Here's a very simple yet effective "Conficker Eye Chart" you can use. It will help you know if your computer has the Conficker virus (plus the variant(s) that exist in your computer). Just follow the instructions below, and more importantly the explanation in the very bottom of the page.

http://www.baylor.edu/its/security/conficker/

Reformatting would really be a good idea for those who are sure/certain/positive that their computers are infected, but I wouldn't advise it for those who are NOT sure or who don't have it at all. If I were you, I'd rather do the best way that I can to know if I do have the Conficker virus and as much as possible prevent my computer from getting infected, because like any virus getting the same virus again after removal is not unlikely. (warning for those who have a static IP address that you ARE likely to be targeted by the virus after removal or reformat)

[hscitpe 6]

I effing hate the guy that made this SOB

[Joe Statler 0]

Reformatting would really be a good idea for those who are sure/certain/positive that their computers are infected,

I didn't reformat because of that, I reformatted because of some malware that was causing pop-ups whenever I would surfed to another page (even this one). I tried different ways of removing it but none worked, so I caved in and did a reformat.

[Knight Industries 0]

the secureworks picture took a while to load but it finally got it, does that mean anything?

[daangelo29 5]

the secureworks picture took a while to load but it finally got it, does that mean anything?

Nah. It's just that the servers of the website or the website itself is slow. If you really have the Conficker virus, the other 2 above or all 3 above won't load at all.

The "Eye Chart" is about knowing which will load and which won't load. When the top row security program logos don't load, it means you have the Conficker virus (the virus blocks access to websites that offer PC security).

[Saiyaman 0]

Mega bump - Conficker is still a threat peoples.

--------------------------------------------

The brightest minds in technology and government are finding it "almost impossible" to defeat the Conficker worm, which has infected more than 5 million computers and, experts say, could be used to knock down the internet in entire countries.

The worm, first detected in November last year, spreads rapidly to computers through a flaw in the Windows operating system.

Infected machines are co-opted into a "botnet" army, which can be controlled and used by the hackers to launch unprecedented cyber attacks.

"The general agreement in the security world is that Conficker is the largest threat facing us from a cyber crime point of view ... it has proven to be extremely resilient. It's almost impossible to remove," said Rodney Joffe, a director of the Conficker Working Group formed to defeat the worm.

"The best minds in the world have not managed to crack the code behind this yet."

The scale of the threat has forced the world's largest computer security companies to join together with government around the world in an unusual alliance to pool their resources and solve the problem.

Microsoft has offered a $US250,000 ($290,000) reward for information leading to the identification of the individuals - or rogue governments - behind Conficker.

Those behind the worm can do anything they want with the infected machines including stealing users' banking details or flooding government servers to knock them offline.

"This could be used to launch the mother of all DDoS [distributed denial of service] attacks, it could be used as the basis of major financial fraud, it could be used for major spam runs," Joffe said.

"Even a small portion of the infected machines from Conficker have the ability to actually take away the usability of the internet in an entire country like Australia."

So far the international effort to find a solution has yielded few results, and the number of infected machines has remained fairly stable at 5 million. They include home, business and Government computers.

Joffe, who is also a senior technologist at US communications company Neustar, explained that the remarkable resilience was because Conficker had built-in mechanisms to prevent people from scanning their computers with anti-virus software. Even for those who wipe their computers clean and start fresh, if they back up any important data on a portable hard drive, the clean machine is reinfected when the drive is connected to the computer.

The worm also spreads automatically between computers on a network and infects machines without the user having to do anything other than switch their computers on.

"If you've been able to disinfect 99 machines out of 100 and one is still infected, it will begin to try to reinfect the others," Joffe said.

Most other botnets can be destroyed by disabling the server used to issue commands to infected machines, but with Conficker the location of this sever changes every day and state-of-the-art cryptography means it's almost impossible to crack.

Every time the security gurus feel they are on to a solution, the hackers send a new version of Conficker to the infected machines that stops them in their tracks.

"Conficker has proven to be the gold standard for botnets. It's rock solid, it's steady and it has mechanisms built in that have made it impossible for us to actually crack," Joffe said.

"As of today we have not been able to crack the cryptography behind it in order to disrupt it by authenticating ourselves as the command and control."

So far the "botnet masters" have been biding their time as the media buzz around Conficker dies down, but they have already sent malicious code to infected machines that co-opts them to send spam emails. Users of infected computers have also been conned with offers to buy fake anti-virus software.

In July, Manchester City Council in Britain was prevented from issuing hundreds of fines after Conficker knocked out parts of its IT system. The infection cost the council £1.5 million in total.

In January, the French Navy had to quarantine its computer network after it was infected with Conficker, forcing aircraft at several air bases to be grounded.

Joffe said that people who are not yet infected and have installed the latest Windows patches and anti-virus software should be safe, as long as yet another version of Conficker is not released.

But he said it was rare for people to have all the relevant patches installed on their computers, and anti-virus software would be of little use to those already infected.

"We're some ways away from being able to take any action, which is what is really concerning us," Joffe said.

Source:

http://www.smh.com.au/technology/security/...90922-fzsr.html

[Mike 214]

I can't be bothered to read all of that. But to summarise do you mean to say there are retards out there who haven't used that fabulous tool called "Windows Update" to apply the hotfix?

[archer9234 20]

Some people won't risk to update due to a prated windows copy. And don't want to deal with the genuine advantage crap. Or people are lazy for updates.

Edited September 23, 2009 by archer9234

[Mike 214]

Then that's the price they pay for being a cheapskate, can't blame that on microsoft.

[archer9234 20]

You kind of can. It's annoying hard to find a real XP cd. Also them not allowing OS discs to be packaged with your PC you buy anymore.

[daangelo29 5]

Speaking of Conficker, ALL of the PCs in our university are infected, despite being a science and technology-focused school (either they're not aware of the existence of or knowledgeable about the virus, or the virus is outsmarting them that it goes unnoticed to their PCs, or both). I'm glad I'm knowledgeable enough about how this virus works.

For Windows Vista and Win7 users, they have UAC in their side. Apparently, only those who just clicks "Continue" or "Ok" in the UAC pop-ups without reading the message in them all, or setting UAC anywhere lower than the highest setting (in Win7), or clicks the suspicious "Open folder to view files" on the "Install or Run Program" list than the other one on the "General Options" list of removable disk autoruns, will be vulnerable to viruses like Conficker. I know UAC is f*cking annoying when enabled, but it's better to be safe than sorry.

Also them not allowing OS discs to be packaged with your PC you buy anymore.

This is not always the case. There are cases when installation of Windows is optional or Windows being packaged separately so the user can choose whether to install it or not.

[Joe Statler 0]

Speaking of Conficker, ALL of the PCs in our university are infected, despite being a science and technology-focused school. I'm glad I'm knowledgeable enough about how this virus works.

It's the same at my school. It's a technology college and their wifi has been down for a week. And their still using XP on all their computers.

Oh yea, and I bought an XP Home service pack 3 OEM CD for $90 2 weeks ago at CompUSA.

Edited September 23, 2009 by Joe Statler

[daangelo29 5]

Not all countries are affected by MS's decision of canceling Windows XP's sales. Here in the PH, about 1000+ copies are still sold (the legit ones, not the pirated ones).

Just added more info in my previous post above about Conficker (for Vista/Win7 users).

[RG 1]

They sell XPs like nothing had happened here