Skip to comments.Holes in the machine
Posted on 03/16/2009 10:25:20 AM PDT by JoeProBono
The Conficker worm will be active again on 1 April, according to an analysis of its most recent variant, Conficker.C, by the net security firm CA. This malicious piece of software, also known as Downup, Downadup and Kido, spreads among computers running most variants of the Windows operating system and turns them into nodes on a multi-million member "botnet" of zombie computers that can be controlled remotely by the worm's as yet unidentified authors. Since it first appeared in October 2008 it has apparently infected more than 15 million computers around the internet, though even that number is no more than an educated guess because the worm works very hard to disguise its presence on a PC. The worm turns Conficker spreads through a security vulnerability in the Windows Server Service that allows a carefully written program to persuade the attacked computer to run malicious code instead of the Microsoft-written software. Once installed it turns off Windows Automatic Update and stops you using the Windows Security Centre. It disables a range of internal services that could be used by anti-malware programs, blocks access to a number of anti-virus websites and even resets and deletes system restore points so you can't go back to an uninfected installation of your operating system.
(Excerpt) Read more at news.bbc.co.uk ...
I've seen it. Nasty piece of software. I helped quite a few people recover from it.
“I helped quite a few people recover from it.”
If you didn't format the machine and install from read-only media, you probably didn't help them all that much.
Industry best practice is to format and re-install:
One of the reasons I surf only using a cheap spare IBM laptop with absolutely no personal data - not even email.
I keep a list of all permissable processes, keep my anti-spyware going and never less than medium security.
If this is the same thing I recently fought in January, I think I got this as a Trojan horse from freeware. I am not a computer geek but until this attack I was able to remove prior viruses.
This thing was really nasty, it opened my lap top to all sorts of other viruses and it was like playing wack-a-mole. Get rid of one and two more spring up.
It changed so many things and managed redirecting in ways that I could not figure out, I figured I would never be certain of its removal so I opted for a reformat and reinstall.
Even then I am still afraid the thing can figure out how to restore itself somehow from the reformatted hard drive.
Yup. Had to do complete re-installs. I recovered what data of theirs I could, but most of it couldn't be recovered (backed up reliably to DVD/CD).
They were devastated to say the least.
So much for "trying very hard to hide its presence."
It seems to me that any malware which shuts down services or otherwise changes the normal behavior of your computer would be very easily noticed. It may be difficult to remove, but that isn't what the author wrote.
Chalk one up to poor journalism, even in the UK.
Wasn't there a Sci Fic movie about Worms ...on other planets..?
What's the trick? I haven't had to clean any users of this one yet, but I'm sure the day is coming.
I recently found one that I couldn't remove and had to just reload the workstation. I don't like losing. >:-(
One of the reasons I switched to Linux based systems....
I had this one too... had to reimage. I fought with it for a week, finally gave up. I’m a sysadmin and... I don’t like losing either.
<Embarassing Admission> Mine was my own workstation. Turns out the corporate anti-virus wasn't updating and hadn't done so for over a year. (Maintaining the company's A/V system isn't within my circle of responsibility, but I wish it was...)</Embarassing Admission>
Afterward, I made @$%# sure the bleeping thing updated, and added Defender on top of it.
OK, I too have an embarrassing admission. I downloaded something, a game, that I knew was probably a bad idea, clicked on something with a .exe that I knew I shouldn’t have clicked on, and got something I didn’t bargain for.
This was like, last October. The critical patches had recently been released, but I hadn’t installed them on my home computer yet. Once this thing was in place, there was no way TO install them. We are completely dependent on Windows Update. There is no way to manually download patches or receive them on media. Kinda sucks, when you consider that we now know it can be disabled.
on msdn network you can manually d/l patches.
you can install through mublinder on windows xp.
Step 1: Never let casual users run under an Admin account.
Step 2: If you use an Admin account (as I do), use a password, and make sure the real Admin account has a password, too.
Step 3: Yeah, an AV helps, but I use AVG 8.5 Free, and some will still get through. I find SpyBot's TeaTimer helps alot.
Step 4: Do your own registry backups.
I'm not dependent on it at all. In fact, I don't use it.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.