|
Learned this from my computer tech guy! -fast-moving Conficker computer worm
|
My friend who works for a very high tech company that tests out the latest high speed and future speed phone company---one of the employee got infected. From there, it infected all the computers.
after trouble shooting, resintalling OS on all their puters and server. They are still having problems. this is pretty big. The biggest thing is to update all the security patches if one is using MicroSoft. click here to check for security updates and download patches although no one is sure how exactly it works. I would suggest a few protocols: 1) do not download or view any attachments starting fro March 31-April 2nd. Even from someone you know. Especially if someone just sent you a LINK to somewhere. 2) try not to browse anywhere that you are not familiar with. Try not to click on anything/links that you are not sure of. watch out for those fake links. 3) the past couple of versions of the worm will try to make you buy things by scaring you into thinking that your puter has been infected. if you get that pop up. Immediately get away from that site. Run your anti-virus and anti-spyware. although the only recourse might end up just reinstalling your OS. 4) if you haven't done so yet, back up everything. 5) update all your anti-virus and anti-spyware EVERYDAY. ~~~~~~~~~~~~~~~~~~~~ supplementary article to this worm from CNN ~~~~~~~~~~~~~~~~~~~~ |
We have been contacted by Avast...
They say as long as all updates are accurate, risk is very low. They also say the risk is higher if you have NOT done the SP3 for Windows. I am going to turn off our two computers Mar 31 PM. Just in case. |
The fast-moving Conficker computer worm, a scourge of the Internet that has infected at least 3 million PCs, is set to spring to life in a new way on Wednesday -- April Fools' Day.
http://www.snopes.com/computer/virus/conficker.asp http://www.technologyreview.com/wire/22364/?a=f Am I at risk of having the Conficker worm? Most antivirus software could detect and block the Conficker worm, so if you have updated antivirus software on your computer, you are at a much lower risk of being infected by the Conficker worm. If you or your network administrator have not installed the latest security updates from Microsoft and your antivirus provider, and if you have file-sharing turned on, the Conficker worm could allow remote code execution. Remote code execution allows an attacker to take control of your computer and use it for malicious purposes. http://www.microsoft.com/protect/com...conficker.mspx |
I would add caution that while MicroSoft is very sure of its patch files will block the worm. That it is still only 98% fool proof.
The truth is with April Fools worm (the 3rd version), nobody really knows what it is going to be like until April Fool's day. but the best defense it to make sure everything is updated and don't visit sites unknown, download files unknown, turn off all file sharings, turn off remote access. those that use file sharing sites such as limewire would be very susceptible to attacks. fastest way to check to see if your remote access is on: right click on MY COMPUTER>>>> Properties>>> click on REMOTE Tab>>> make sure the check is OFF and always click on "APPLY" the anti-virus/spyware can detect the first two versions. But the third version is what will happen on April 1st. And it is still an unknown. *while the worm is classified as a "virus" it is more than that. Malware, spyware, greyware, rogueware can be added to this particular worm. That is why nobody truly has a TOTAL defense against it. |
Other names for it and more info-
[ + Alias: # W32.Downadup.C [Symantec] # Trojan.Win32.Pakes.ngs [Kaspersky Lab] # W32/Confick-G [Sophos] # Worm:Win32/Conficker.D [Microsoft] # Worm.Win32.Conficker [Ikarus] # Win32/Conficker.worm.88064 [AhnLab] * Summary of the findings: What's been found Capability to block security-related software by modifying firewall settings and by disabling security services, such as Windows Update, Norton Autoprotect, Kaspersky Anti-Virus, etc. Contains characteristics of an identified security risk. ] http://www.threatexpert.com/report.a...3303a68368e116 |
[If you’ve got it on your machine, only way you might know is if your computer suddenly accesses one of several popular sites like Ask.com, Baidu, Facebook, Google, Imageshack.us, rapidshare.com, W3.org, or Yahoo!. This is how the worm tests for Internet connectivity. (SecurityProNews)]
http://businessmirror.com.ph/adverti...n-april-1.html |
more at Cnet.com -
http://news.cnet.com/8301-1009_3-102...CmoreStories.0 |
Well, what would we do without Jo?
The bottom line? Should we disable the auto function? We do all the updates, so that should be covered. Should I close Evernote? this has been giving me trouble this week. It runs on my bottom tray/panel. I am getting the feeling this should be closed. |
Quote:
If anyone has had internet problems "fixed" by making phone calls and them doing a "test"..yep..they are remotely going into your computer. :o I just had to unclick mine again. |
Thanks Muwah! I too, just went in and took care of the remote access.
You are a jean-you-us! |
Thanks Moi....
We just did our laptop and this one. The laptop had two choices..which was confusing. So we unclicked both. :confused: It is newer than this machine. |
Thanks Moi! I unclicked mine.
|
OK....chicken little me is running away from worm! I will PRAY for all our PC's to survive, I will pray for each one of us to get thru the next week without....sobbing....all you GREAT people! See ya'll next week, If I can stay away! Doubtful.....
How CRUEL to do this to everyones lifes! Like there isn't enough stress out there already! as my Daughter would say...Fiddlestix & poppycok! I would say Much more than that,,but I'm a lady..I would say those words that come flying out of ones mouth AFTER they SLAM their toe! lolol...sorry, just amusing myself..Peace! |
I'm on my Linux OS laptop right now and don't have anything important on it.
I don't know if this problem would even affect a linux based computer haven't searched on that, cause I can just wipe and reinstall if needed. On my desktop - I am updating xp from Microsoft my zone alarm Internet Security suite - changed settings to deep scan and changed a few things to a higher level for awhile. you might consider changing any settings to a higher level of security if you are comfortable doing it. possibly turn off computer or lock down Internet when not using it. you could also turn off your modem when not in use. one problem with having 2 computers at the same desk is I keep typing or grabbing the wrong mouse or keyboard LOL. |
you're welcome, ladies. :)
~~~~~~~~~~~~~~~~~ I am a bit worked up about this particular worm because it has wreaked havoc with some of the folks' puters that I've been trouble shooting. and when it hit my high tech friend, I knew I had better take an even deeper look at it... the main purpose of this worm IS to make money. It wants your puter to WORK and be on line. So it really doesn't disable you. What it wants to do, is to steal all your personal information and all your passwords. That's the scary part. maybe this would also be a good time to discuss on what IF our puters are infected by this worm. ~~~~~~~~~~ if we all made sure that everything is up to date and we still get this bug. The very first thing to do is to DISCONNECT your puter from the internet. Unplug it from the modem or turn off your wi-fi provided that your anti-virus/spywares are up to date. Run the anti-virus scanner first, then the anti-spyware. restart. Run them again. Some of the anti-spyware might have to be run in the safe mode if you are not able to get it all in one shot. the other thing to remember is that this worm can embed itself and grow. Catching it the first time or even the second time might not mean that it's gone. (and we also have to remember there are many variants of this worm. A, B, B++ and the eventual "C" (or variant 3) I would run it at least three times with at least once in safe mode. ~~~~~~~~~~ this website provided by MS has the latest variant removal. It is free. I would download it to the desktop and keep it there. (and NOT wait until you're infected for you might not be able to download it) And if one was to get the infection. Run all your anti-virus and spyware first. Then run this tool. Go to the site and click on download. Don't click on "Run" but click on "SAVE" save it to a location where you can find it. (I prefer to save it to my desktop) *one thing to remember, this does NOT catch all the variants of the worm. But it'll help catch those that your anti-virus/spy doesn't catch but still might NOT catch all of it. And it is ONLY a supplement. ~~~~~~~~~~ After you're sure your puter is cleaned up. Change ALL your passwords. This worm is a mirror and a keystroke tracker. meaning that if you go to your bank site. The hacker can see exactly what you're seeing. And whatever you type in, the hacker can track your keystroke. Even back space. So, the best bet is to change the passwords. (After you're sure that you are NOT infected) Now, you may ask, even if I just got it a minute ago? The problem is, at the time of detection, it might have been in your puter for a period of time. And let's say you were trying to log in to your bank account around that time. It could've gotten those keystrokes by then. Although unlikely, always better safe than sorry. the other thing to be aware of is if you are on a network in your home. Check to see if other computers are infected as well. ~~~~~~~~~~~ if all else fails or if you think you did catch all of it but your puter is still infected. It might be that you have to reformat. Unfortunately, just from what I've trouble shooted and from what my friend told me. The % is high for reformatting.... so backing the files would be my hortatory opinion/advice. :) ~~~~~~~~~ if anyone gets really bored and want to read up on the tech aspects of the previous versions and what they suspect in the new version. click here.... but be forewarned, it's tech talk and you might fall asleep reading it. LOL stay safe, everyone. :) |
ugg -
I've been updating, scanning , tweaking and cleaning my desktop all day and tomorrow I go work on my parents pc... at least they have a lot less stuff on theirs since I just built it in January. I'll scan more in the morning with malwarebytes and then do a full back up. Moi, thanks for the details and all the help:cool: My Zone Alarm has settings to lock down the internet access to all programs so I have that set up after 10 minutes of no use it locks it. But I will be turning off the dsl modem too when we aren't using it. |
Jo, how do you set the internet to go down after so many minutes? Twinks heard it is safe for Vista users but I think I'll still stay off on the 1st.
|
Our IT guy at work said that the basic security advice is to update windows, keep you AV on and updated.
Only computers user that should concerned should be the ones already infected and have already part of the botnet. For the rest of us not infected, keep windows fully patched and updated and do the same with your antivirus security software. We do access our work computers remotely and he is going to shut that down for 2 days to be on the safe side. The conflictor bot net may be more of a publicity media event than anything else - as far as most home users are concerned. http://news.cnet.com/faq-conficker-t...t-expect-boom/ But just to be sure, I use McAfee and I'm going to lock down my firewall before I go to work because I leave my computer on all the time. |
going to share few last thoughts on this subject and then retire from this thread. LOL
~~~~~~~~~~ 1) There are many school of thoughts on this. Do a search and we're going to find 100 different opinions about this worm. is it more hype than threat? Probably, maybe is it more threat than hype? Probably, maybe one thing most experts DO agree on, is that the NEWEST version, IS unpredictable. based on that alone. I would caution that any of the "experts" that says: "oh, as long as you're this and that, you'll be OK" (how would they KNOW, for SURE??) 2) with that said, it doesn't mean we should be frightened to the point that we are afraid to get on the internet. I think we all should exercise caution and common sense when we surf the net and read our emails. Of course, that's not fool proof. 3) updating anti-virus/spywares and updating patches are really important. Not just because of this worm but we should do it regularly anyways. ~~~~~~~ personally, I think there is way more hype than the actual threat. But I might end up eating my words. But we all need to be careful and cautious. Because NONE of us want our passwords and money to be stolen. NONE of us. I don't want to be a statistic it is always hard for me when I read something to the effect of : "But statistically, only 5% will get infected" WHO'd want to be in THAT 5%?????? ~~~~~~~~~ I've read and heard the debate about Vista being "safe" I personally don't know. I would say this, update the Vista and don't get too complacent. There are contrary statements out there about Vista. We have to remember ONE major thing. This worm was created because OF mircosoft's patch problems... MICROSOFT.... notice that it doesn't affect Mac or Linux... what are Microsoft Products?? Vista and XP and 2000 and....... ~~~~~~~~~ off my soapbox...I hope no one gets infected and you all stay safe... |
Thanks for the tips Moi. I'm updating our work computers that run XP. Doing an early backup today for March 31st and April 1st. Our server isn't connected to the internet but our workstations are. We have a hardware firewall named "The Troll" used for internet access. I'm doing all this extra stuff just in case.
|
Firewall Question
I have McAfee virus protection. There is a "Lockdown Firewall"
option that states it "instantly blocks all inbound and outbound network traffic between your computer and the Internet. It stops all remote connections from accessing your computer and blocks all programs on your computer from accessing the Internet." There is a button to click on for "lockdown". Should I activate this? If I do how do I deactivate it once the threat has passed? I don't want to do anything that's going to be hard to reverse. :confused: |
good job on being pro-active, wizzy. :D
~~~~~~~~~ kitty, lockdown means it'll block all the in coming and out going traffic. The only advantages to that is if you never shut down your computer (that you leave it in sleep mode) and if you were trouble shooting your computer and you don't want to be interfered by additional internet bugs while you're trouble shooting it. it is the equivalent of unplugging your puter or your modem. But most people don't like to do that. So this program was created for those that want to just "unplug" it via their puter rather than plugging and unplugging if you turn off your computer. You don't have to worry. If you let your puter fall asleep vs. shutting it off. You might want to just consider unplugging the modem(or just the ethernet wire that is connected to your puter) vs going through this feature. I am not familiar with McAfee's firewall lockdown feature but I suspect it's the same as others. It might give you more trouble than the virus itself. :p good question though. *note. If you LOCK it down. You won't be able to access the internet (if you are able to, then the lockdown is NOT doing it's job.) |
Thank you, Moi! :)
I told my boys I'm shutting the computer down tonight and leaving if off all day tomorrow. You'd have thought I told them that pizza was no longer available! :p |
Quote:
Sandy if you have a internet security suite program - or maybe the regular ones or firewall ones have it too... there in the program in one of the sections should be something about locking internet or locking the firewall.. If you don't have one of those you can always download a free trial most are 30 days. here's a top 10 with reviews - http://internet-security-suite-revie...enreviews.com/ or cnet.com listings and downloads - http://download.cnet.com/windows/int...torsRating+asc |
Quote:
Also if I right click on the task bar icon for ZA - that lets me lock or unlock access. |
:eek:
I ran the full scan. Took about 3 hours. It found and removed Win32.Zhelatin.a also known as Win32/nuwar.A (McAfee) The AVG virus scan did not pick this up. (I had run that last night after loggin goff the internet.)Don't know how long it's been there. I had McAfee on this computer up until 2 weeks ago. Running the scan is worth it. |
Rumor has it that turning off your computer for the whole day only delays it being active to the next time you turn it on.
If you have your Windows updates done, your antivirus up to date, and scanned, and a good anti spyware program like Superanitspyware.com (FREE) up and scanned, you are in good shape. Its April 1 today. Can you go to Microsoft.com? Can you go to Nortons.com? If so, its a 99% chance you DONT have the worm. The worm prevents you from reaching either of these two sites. |
I'm fine. I went to microsoft first thing. If it was the conficker worm (which what I had wasn't listed as one of the names), then the scan got rid of it.
All of my programs are updated daily. I have to check too many links here on NT not to keep them updated. I sure hope that rumor isn't true. I took the modem away from my husband. I know he hasn't kept the gym's computer up to par. He thought having a firewall was all he needed. :eek: :rolleyes: |
We did the Microsoft scan today.... it took over 8 hrs!
It found only one medium problem: Win32/PowerRegScheduler Which I checked for removal. My son thinks this is a start up window for registering some software. It was located in my start up folder. |
In the news today:
Conficker Worm's New Instructions: Steal Identity Theft A Concern For Those With Infected Computers http://cbs11tv.com/consumer/conficke....2.983545.html Link to a Conflicker eyechart test: http://widetrends.com/tag/conflicker-eye-chart/ |
I found that eye test chart on Yahoo last night, and did it.
I could see all six boxes clearly! If you get red x's in the top 3... try again. If it continues, it is a good indication you have the worm. The author said sometimes the traffic gets heavy and the links in the pictures overload. So don't faint dead away if you get some x's at first. I think it is kind of a nifty idea! |
I hope people are now aware of keeping their computers UPDATED (can do automatic updates) especially on WIN XP
and keep on running them virus/spyware scans. that site is good curious posted. The threat is actually bigger now than April first because the code has been given to STEAL don't let it happen to you...don't get complacent.. I've already got a client that has come to me and he's shut down all his operations temp until this is resolved...very very SCARY... if this bug becomes majorly networked, we are all in a world of CHIT.... ~~~~~~~~~~~~ btw, if anyone has ever used Dell or any other services that asked you to download "goto assist" so they can access your puter remotely. Please uninstall those as soon as the troubleshootings are done. CONTROL PANELS>>>>add or remove programs>>>>goassist (Or something like that...I cannot remember the exact file name) |
| All times are GMT -5. The time now is 05:26 AM. |
Powered by vBulletin • Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
vBulletin Optimisation provided by
vB Optimise v2.7.1 (Lite) -
vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.