 |
|
|
|||||||
| View Poll Results: Are you infected with Downadup? | |||
| Yes, after scanning, I was infected and have removed the worm. |
   
|
2 | 2.02% |
| Yes, after scanning I was infected. I am having trouble removing the worm. |
  
|
1 | 1.01% |
| No, after scanning, I was not infected. |
  
|
96 | 96.97% |
| Voters: 99. This poll is closed | |||
 |
|
|
Thread Tools | Display Modes |
Jan 22, 2009, 05:44 AM // 05:44
|
#1 |
|
The Fallen One
Join Date: Dec 2005
Location: Oblivion
Guild: Irrelevant
Profession: Mo/Me
|
Immediate Warning and Notice [Conficker/Downadup Virus]
<font COLOR="darkred" font size="3">VERY IMPORTANT: READ EVERYTHING IN THIS POST.</font>
Detailed in this post is extremely important information regarding your PC's security. Recently, a very potent, and malicious worm [a type of virus] has been discovered. This worm goes by several aliases, including Downadup, Conficker, or Kido; most commonly known as Downadup or Conficker. This isn't your typical virus or worm. It can mask itself as anything it sees fit, and can go directly into Root directories. Method of infection can be anything from a file you downloaded such as a WMV or MP3 that it has masked itself as, or as sinister as plugging in your USB drive (if it was infected from a public location like the library or school/work) and Windows auto running the device. Disabling AUTO RUN is not effective in stopping Downadup. You <font COLOR="red">ARE AT RISK</font> if you use Windows XP or Windows Vista, especially if you do not have Auto Updates on, or update frequently via manual updating. Downadup can mask itself and you may not even know you are infected. Once it infiltrates your system, it will edit your Windows Registry. After this is completed, the worm begins to override your firewall settings, allowing it to download malware from any number of hosts. This malware will only increase the damage to the PC. However, the creators of Downadup have yet to activate the second stage of the worm. Once they do, Downadup will do one of two things: 1). It will retrieve all your confidential files, personal information, passwords (online banking especially), and logins and send them to any numbers of hosts. 2). It will combine your PC into its botnet and attempt to hack (by brute force) anything it is targeted to. This is the fear of the Department of Homeland Security. With the current infection rate, it has the capability of hacking some of the most important data centers in the country if given the chance and enough time. This worm is now being monitored by US-CERT [U.S. Computer Emergency Readiness Team, in conjunction with the Department of Homeland Security] as well as the FBI Cyber Crimes unit. They have moved this into a possible cyberterror attack, and they are quite serious about it. According to newly released figures, 1 in every 12 Windows XP/Vista PCs are infected with Downadup (current estimates are that 23 million PCs are infected) If you are not concerned about this virus, and do not take efforts to mitigate your risk of infection or to remove the worm if you are already infected, you may not only endanger your PC, but many others. The virus has a very advanced code, and can "mutate" to adapt to threats and increase its potency. The worm will spread from your PC to your friends, and it has a very high potential to destroy your life, enjoyment, and safety on the internet. Here is information taken directly from Symantec regarding the method of infection of the worm (thanks to Symantec for the info): http://www.symantec.com/security_res...408-99&tabid=2 <font color="blue">(the threat level is listed as low, because the article is dated from November when the first variations of the worm were spotted. Do not be fooled, it is not a minor threat anymore) </font> <font color="blue">Symptoms of infection </font> * Account lockout policies being reset automatically. * Certain Microsoft Windows services such as Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender and Error Reporting Services are automatically disabled. * Domain controllers respond slowly to client requests. * System network gets unusually congested. This can be checked with network traffic chart on Windows Task Manager. * On websites related with Antivirus software, Windows system updates cannot be accessed.[15] <font color="FireBrick"><strong>FOR ADDITIONAL REMOVAL DETAILS, READ THIS ARTICLE IMMEDIATELY:</strong></font> http://support.microsoft.com/kb/962007 How can you stop this worm from affecting you? Good question, and here are the best methods.
Just because you do not have the registry key above, doesn't mean you are not infected. Keep that in mind. It may just not have reached that stage yet. You still need to do a FULL DEEP SCAN of your computer, including all your hard drives and your USB media.F-Secure has developed a tool to remove Downadup, but the above should also be used in conjunction with the tool. There is no one thing that makes you secure. It is using your logic, a good software suite, and even a router firewall to protect yourself. HERE IS THE REMOVAL TOOL FROM F-SECURE For additional reading see these articles or Google search "Downadup" or "Conficker": http://www.pcworld.com/businesscente...ry_16_pcs.html http://www.computerworld.com/action/...leId=9126 478 We at Guild Wars Guru take your PC security seriously, and this warning is not intended to scare you, but make you knowledgeable about a very serious situation. I am taking personal responsibility to inform as many guru users of this threat as possible. I would encourage you to inform your family and friends of this threat, and to direct them in testing and removing if necessary, Downadup from their systems and home networks.
__________________
|
|
|
|
Jan 22, 2009, 06:08 AM // 06:08
|
#2 |
|
Forge Runner
Join Date: Apr 2008
Location: Canada
Profession: E/
|
Oh wow, thanks for the heads up; I have a feeling my friend's computer is infected with this.. gotta break the new to him :S
Well at least I'm safe... Last edited by Lord Sojar; Jan 23, 2009 at 01:33 AM // 01:33.. Reason: hai2u Icy, edit button |
|
|
|
|
Jan 22, 2009, 06:25 AM // 06:25
|
#3 |
|
Ascalonian Squire
Join Date: Apr 2008
Profession: Mo/
|
Thank you very much for the heads up. I am currently doing full scans on my PC and notifying any friends or family who are in danger.
|
|
|
|
|
Jan 22, 2009, 06:42 AM // 06:42
|
#4 |
|
Desert Nomad
Join Date: Aug 2007
Location: Boston
Guild: We D Shot Your Stances [GODS]
Profession: A/W
|
I tried to check my registry for the worm's entries, but I was only able to get up to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\. I could not find the netsvcs to continue on to Parameters\"ServiceDll" = "[PATH OF WORM EXECUTABLE]".
What does that mean? I used the removal tool that F-Secure has developed to remove Downadup in conjunction with the above. It says that everything is clean and that no infections were found and removed. Last edited by ac1inferno; Jan 22, 2009 at 07:01 AM // 07:01.. |
|
|
|
|
Jan 22, 2009, 06:49 AM // 06:49
|
#5 |
|
Burninate Stuff
Join Date: Aug 2005
Location: New Mexico
Profession: E/Mo
|
Same for me, and my bro. Looks like a good thing
And guys, make sure you enable scan hidden and system folders on your virus scans! deep scan, not the skimpy surface scan that is default |
|
|
|
|
Jan 22, 2009, 06:50 AM // 06:50
|
#6 |
|
Lion's Arch Merchant
Join Date: May 2005
Guild: Lords of Cabal
Profession: N/
|
This worm exploits the Windows MS08-067 service vulnerability, a patch for which was released last October 15, 2008 by Microsoft to fix the bug. The real problem is that way too many users aren't smart enough to protect their computer. Remember the big scare over the Blaster and Sasser viruses? Well it's the same situation. Anyone who keeps their computer updated is immune, but 30% of users either don't bother, or don't know how to use Windows Update.
|
|
|
|
|
Jan 22, 2009, 06:52 AM // 06:52
|
#7 | |
|
The Fallen One
Join Date: Dec 2005
Location: Oblivion
Guild: Irrelevant
Profession: Mo/Me
|
If you don't have the entry, that means you either....
A). Are not infected B). The worm has not reached that stage yet. You still, absolutely (I cannot stress this enough) need to do a FULL DEEP SCAN of your PC, including active memory (if possible), and ALL your hard disk drives (and all partitions on them) Obviously, make sure you update your AV before doing the scan. Do your Windows updates as well, and if Auto Updates is off, I would highly recommend enabling it. It can prevent this type of stuff from happening. Quote:
Sasser was weak compared to Downadup, just as Blaster was (though different with Blaster). Downadup has a very adaptive code, and is almost impossible to track to its creators. That is what makes it exceeding dangerous when compared to Sasser (Blaster was approx the same threat level)
__________________
|
|
|
|
|
|
Jan 22, 2009, 07:12 AM // 07:12
|
#8 |
|
Furnace Stoker
Join Date: Oct 2005
Location: Planet Earth, Sol system, Milky Way galaxy
Guild: [ban]
Profession: W/
|
Full scan with Avira resulted only in a false positive for a completely different "threat."
Question: What measures can be taken for a system with Win 98? I'm tech support for my mom's old laptop. It sees little use, and she still has dial-up. Save the speech on Win 98's other vulnerabilities. Software firewall and anti virus are installed and updated. |
|
|
|
|
Jan 22, 2009, 07:17 AM // 07:17
|
#9 |
|
Ascalonian Squire
Join Date: Aug 2008
Location: Denmark
Guild: We Want More [HUGS]
Profession: E/
|
Checked the registry path, and couldn't find it where you said. I found it somewhere else though, in netprofm>parameters instead. I'm running the Windows 7 Beta atm, dunno if that has anything to say. Should I delete the ServiceDll in there instead?
|
|
|
|
|
Jan 22, 2009, 07:20 AM // 07:20
|
#10 | ||
|
The Fallen One
Join Date: Dec 2005
Location: Oblivion
Guild: Irrelevant
Profession: Mo/Me
|
Quote:
Quote:
__________________
|
||
|
|
|
|
Jan 22, 2009, 07:26 AM // 07:26
|
#11 |
|
Ascalonian Squire
Join Date: Aug 2008
Location: Denmark
Guild: We Want More [HUGS]
Profession: E/
|
Will do then:P
|
|
|
|
|
Jan 22, 2009, 07:28 AM // 07:28
|
#12 | ||
|
Furnace Stoker
Join Date: Oct 2005
Location: Planet Earth, Sol system, Milky Way galaxy
Guild: [ban]
Profession: W/
|
Quote:
Quote:
|
||
|
|
|
|
Jan 22, 2009, 08:05 AM // 08:05
|
#13 |
|
rattus rattus
Join Date: Jan 2006
Location: London, UK GMT±0 ±1hr DST
Guild: [GURU]GW [wiki]GW2
Profession: R/
|
Option D - Can't complete scan because my system is so unstable
 *Heads to new thread* Think it's unlikely that I've got it, though - Windows Update is still updating and NOD32 updated this morning too. Also, don't have that registry item. [edit]Full, deep scan completed - nothing found 
__________________
Si non confectus, non reficiat
Last edited by Snograt; Jan 22, 2009 at 07:57 PM // 19:57.. |
|
|
|
|
Jan 22, 2009, 08:32 AM // 08:32
|
#14 |
|
are we there yet?
Join Date: Dec 2005
Location: in a land far far away
Guild: guild? I am supposed to have a guild?
Profession: Rt/
|
what about avg? I have that on my two computers---and they run every single morning (and outside of my favorite false trojan from texmod--there is nothing to report)....?
__________________
 where is the 'all you can eat' cookie bar? |
|
|
|
|
Jan 22, 2009, 08:54 AM // 08:54
|
#15 |
|
rattus rattus
Join Date: Jan 2006
Location: London, UK GMT±0 ±1hr DST
Guild: [GURU]GW [wiki]GW2
Profession: R/
|
AVG has fallen out of favor lately, Cosy.
Try Avira for a free one or NOD32 if you don't mind paying. See Tarun's security thread - http://www.guildwarsguru.com/forum/s...php?t=10302726
__________________
Si non confectus, non reficiat
|
|
|
|
|
Jan 22, 2009, 09:06 AM // 09:06
|
#16 |
|
Krytan Explorer
Join Date: Oct 2007
Location: just chillin
Guild: Omg Gwen Is Legal [EotN]
|
Checked registry, dont seem to have that item, did a deep scan and didnt find anything. Thanks for the warning, i'll be paying attention more often now, espeially since i use my PC on a university connection sometimes
Last edited by Rak Orgon of Beowulf; Jan 22, 2009 at 03:19 PM // 15:19.. Reason: update |
|
|
|
|
Jan 22, 2009, 09:22 AM // 09:22
|
#17 |
|
Frost Gate Guardian
Join Date: Dec 2005
Location: Underground
Profession: Rt/R
|
I had this virus on my XP-System December 17th last year and I remember the hassle getting rid of this little sucker. Avira detected it immediately, but could not do anything about it. Shortly after I finally was able to delete it (disabling System-Restore etc.) Microsoft released a bunch of emergency security-updates.
My PC was safe after that, and I have not had any security issues since then. I always do regular updates for both windows and avira. |
|
|
|
|
Jan 22, 2009, 09:32 AM // 09:32
|
#18 |
|
are we there yet?
Join Date: Dec 2005
Location: in a land far far away
Guild: guild? I am supposed to have a guild?
Profession: Rt/
|
thanks snog but I paid for 2 years for avg and still have about 20 months left of that....
however, I RARELY download anything (I dont even have email on this computer!)...so not too worried (and no, I am female so none of that p0rn stuff here  )and checking the registry got me to the same thing--no netserv thing either. (will check the other computer later as its running its daily scan right now---takes it some time as its 'older').
__________________
where is the 'all you can eat' cookie bar? |
|
|
|
|
Jan 22, 2009, 09:59 AM // 09:59
|
#19 |
|
Insane & Inhumane
Join Date: Feb 2006
|
I highly doubt that I'd get the worm due to the way that I use my computer (never ever DL things, barely even surf the net), and I definitely don't plug in any external storage drives (no need to) so yeah.
Though, my brothers do dumb things, so the chance that something could spread through my home network via my Router could still be a risk to me, but I'm not sure. Is there an option for my router that I could disable to prevent this? |
|
|
|
|
Jan 22, 2009, 11:55 AM // 11:55
|
#20 |
|
Jungle Guide
Join Date: Feb 2008
Guild: Aura
Profession: Mo/R
|
thanks for the heads. after scanning i found that i was clean.
and lol i watched tremors last nigth  although i have been reliably informed that its not that type of worm! 
|
|
|
|
|
|
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Desolation Sword | Icy DS | Sell | 4 | Sep 18, 2007 03:14 AM // 03:14 |
| virus | Wretchman Drake | Technician's Corner | 4 | Jan 26, 2006 11:37 PM // 23:37 |
All times are GMT. The time now is 05:49 AM // 05:49.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("