Guild Wars Forums - GW Guru
 
 

Go Back   Guild Wars Forums - GW Guru > Forest of True Sight > Technician's Corner

Notices

View Poll Results: Are you infected with Downadup?
Yes, after scanning, I was infected and have removed the worm. 2 2.02%
Yes, after scanning I was infected. I am having trouble removing the worm. 1 1.01%
No, after scanning, I was not infected. 96 96.97%
Voters: 99. This poll is closed

Reply
 
Thread Tools Display Modes
Old Jan 23, 2009, 12:48 AM // 00:48   #41
Technician's Corner Moderator
 
Tarun's Avatar
 
Join Date: Jan 2006
Location: The TARDIS
Guild: http://www.lunarsoft.net/ http://forums.lunarsoft.net/
Advertisement

Disable Ads
Default

McAfee really isn't that great...

Check out av comparatives for the good anti-virus solutions.

Quote:
Originally Posted by Fire Drake View Post
How do you disable System Restore if you have Vista? Also, I was looking in my Registry, and I couldn't find netsvcs. Is that ok? Or should I be worried?
Right click Computer and select Properties
Click Advanced System Settings on the left side.
Uncheck all drives listed and click Yes/OK on your way out.

Don't forget to re-enable it and then restart your computer so a new restore point will be created that is clean and also has backups of your registry hives, and more!

Last edited by Lord Sojar; Jan 23, 2009 at 01:32 AM // 01:32.. Reason: hai2u tarun
Tarun is offline   Reply With Quote
Old Jan 23, 2009, 01:24 AM // 01:24   #42
Lion's Arch Merchant
 
Join Date: Feb 2008
Guild: Looking For TA Guild!
Profession: W/
Default

checked all computers in house and scaned no virus here
The Air Revenger is offline   Reply With Quote
Old Jan 23, 2009, 02:30 AM // 02:30   #43
are we there yet?
 
cosyfiep's Avatar
 
Join Date: Dec 2005
Location: in a land far far away
Guild: guild? I am supposed to have a guild?
Profession: Rt/
Default

after checking the other computer and waiting for the hubby to get home and check his---4 computers all clean.

and yeah businesses are really bad about updating, as a temp in 2007 I worked in a place that was still using 98--with no plans to ever change!! and yeah no updates there
have worked in lots of businesses that wont do updates for whatever reason (cost, time etc)....its pretty scary if you work at those places and can take your computer home with you.....
__________________
where is the 'all you can eat' cookie bar?
cosyfiep is offline   Reply With Quote
Old Jan 23, 2009, 04:06 AM // 04:06   #44
Technician's Corner Moderator
 
Tarun's Avatar
 
Join Date: Jan 2006
Location: The TARDIS
Guild: http://www.lunarsoft.net/ http://forums.lunarsoft.net/
Default

When I worked for a major bank, they were using Windows 2000 in the XP/Server 2003 era.
Tarun is offline   Reply With Quote
Old Jan 23, 2009, 04:19 AM // 04:19   #45
Furnace Stoker
 
pumpkin pie's Avatar
 
Join Date: Jul 2006
Location: behind you
Guild: bumble bee
Profession: E/
Default

Thank Rahja

I did a full scan with AVG free last night, but not infected with any of those, just wandering if AVG is good enough to detect it?
pumpkin pie is offline   Reply With Quote
Old Jan 23, 2009, 05:18 AM // 05:18   #46
Departed from Tyria
 
Shayne Hawke's Avatar
 
Join Date: May 2007
Guild: Clan Dethryche [dth]
Profession: R/
Default

I think this alert actually made my computer worse off.

In the process of updating AVG, Ad-Aware, and manually updating XP, I somehow picked up a trojan that keeps popping up every couple hours.

No sign of the worm though. No registry entry, nothing from AVG, nothing from the f-downadup checker. Just this stupid trojan.
Shayne Hawke is offline   Reply With Quote
Old Jan 23, 2009, 05:23 AM // 05:23   #47
God of Spammers
 
I pwnd U's Avatar
 
Join Date: Oct 2005
Location: in the middle of a burning cornfield...
Guild: Scars Meadows [SMS] (Officer)
Default

Thanks for the heads up Rahja. Scanned with a bunch of Anti-Viruses but no sign of the worm.
I pwnd U is offline   Reply With Quote
Old Jan 23, 2009, 05:24 AM // 05:24   #48
Furnace Stoker
 
pumpkin pie's Avatar
 
Join Date: Jul 2006
Location: behind you
Guild: bumble bee
Profession: E/
Default

lol Shayne .

anyway i ran another full scan comes back clean. ... hope the free avg is as good as any paid ones...
pumpkin pie is offline   Reply With Quote
Old Jan 23, 2009, 05:52 AM // 05:52   #49
Frost Gate Guardian
 
Join Date: Oct 2007
Guild: Desolation Lords [DL]
Profession: Mo/
Default

Quote:
Originally Posted by pumpkin pie View Post
lol Shayne .

anyway i ran another full scan comes back clean. ... hope the free avg is as good as any paid ones...

I just checked... it's even o nthe avg main page lol... it says...

"Downadup worm infects over 9 Million PCs

AVG detects and heals all variants of the recent Downadup worm that infecting numerous PCs worldwide. Unpatched PCs are most at risk as well as networks with weak or no passwords."

Just check the main page if it helps you feel secure xD


Anyways, I always have auto updates on, but I'ma scan anyways while i'm sleeping
Nature Loves Me is offline   Reply With Quote
Old Jan 23, 2009, 09:12 AM // 09:12   #50
Lion's Arch Merchant
 
Smurf Minions's Avatar
 
Join Date: Jun 2006
Location: Somewhere you can't see
Guild: Limburgse Jagers [LJ]
Profession: N/
Default

People can always do the free panda scan, though it doesn't disinfect everything (it does on the paid version), it should find downadup if its there (panda claims that 100k of 2000k pc's were infected by downadup that were scanned by the panda active scan)

http://www.pandasecurity.com/actives...n-US&IdPais=63
Smurf Minions is offline   Reply With Quote
Old Jan 23, 2009, 10:24 AM // 10:24   #51
The Fallen One
 
Lord Sojar's Avatar
 
Join Date: Dec 2005
Location: Oblivion
Guild: Irrelevant
Profession: Mo/Me
Default

Our percentages on our poll are looking decent, but still... 1 out of every 30 PCs is infected, and most Guru users are good about using Windows updates and having an Anti Virus, and having sensible passwords thanks to our gaming backgrounds. That of course, doesn't speak for all users, but I would say at least 85% of our users are fairly good with keeping updates on their Windows installs and AVs.

So, assuming our current poll, let's put that in perspective...

Guru has ~1500 fairly active users, which means by the current poll statistics, 45 of them are currently infected with Downadup. That is 45 people that shouldn't be infected, and that hopefully will not be infected because of this thread. We can take that estimate of 45 down to 43 at least. Remember, tell as many people as you can; knowledge is power (pardon the cliché)

However, the current estimates of all users across the world that are infected is now 1 in every 12 PCs. That number of 10.2M PCs infected may seem small thinking about it, so let's say that we took the same 1,500 active guru users, and applied the current viral infection statistics, shall we?

1 in 12 = approximately 8%, but by the time I am making this post, that would probably be closer to 9% based on the current infection rate (which is astronomical at around 1% daily and growing)

So, 135 of our very active users are infected by the current world infection rates.... that is absolutely incredible.

In other news regarding Downadup/Conficker:

The U.K's Ministry of Defence (MoD) has been infected. They have been battling the sinister worm for 2 weeks now. They are curing the infections, but as fast as they cure it, it reinfects cured PCs and infects new networks. Currently, it has even spread into the network systems on the Royal Navy's submarines (not the targeting or operations systems, thank god) The level of information that can be accessed currently is only rated as 'Restricted', but if the infection continues to spread, it could access Classified files and more.

In addition, many public hospital networks have been badly infected, with some hospitals reporting 800+ of their machines being infected with Downadup variant C (the most virulent and mutated strain yet). Downadup poses a major security risk on this level, because of confidential patient files it can access that contain a plethora of personal information, as well as alarm codes for pharmacy access. The hospitals in question are currently, desperately trying to scrub the virus from their networks, but again, it is quite difficult given the way and speed at which Downadup can mutate and adapt to attempts to remove it.



But all hope is not lost. If analysts predictions are correct, the rate of infection should come to its peak within the next 14-16 days. However, the downside is that if the hackers/creators decide to flip the switch prior to mass removal, they will have the largest botnet ever recorded to intrude what they want, on their terms. Currently, the world's largest botnet has a maximum of 175,000 PCs under its control, and is responsible for most of the junk email (chain letters, pornography, viagra, magazine ads, etc) that you might receive in your email/spam folder.

To put it in perspective.... the largest botnet @ 175,000 PCs controlled is 1/85th the power of the estimated peak of Downadup's, that is estimated to reach 15M PCs in the next 2 weeks (by some estimates, 1 in every 3 PCs will be infected, meaning more on the order of 25M)

With 25 millions PCs in its control, Downadup could potentially be the worst cyber terror weapon we have ever seen. However, it may just be a scare tactic, to show the world that hackers are not quelled, and are just as powerful if not more powerful now, than they were 5-8 years ago. In the end, what we all should hope is that businesses and all home users learn, across the world, that updating their software and keeping their networks secure is of the utmost importance.
__________________
Lord Sojar is offline   Reply With Quote
Old Jan 23, 2009, 10:58 AM // 10:58   #52
Jungle Guide
 
KZaske's Avatar
 
Join Date: Jun 2006
Location: Boise Idaho
Guild: Druids Of Old (DOO)
Profession: R/Mo
Default

Thanks Rahja for the warning; I had done a complete scan just a few days ago but did it again anyway on my network (only three computers so far). Nice and clean.
To everyone not believing they are at risk; this IS a serious event, this bot-net has potential to bring the internet to it's knees in minutes if activated. Imagine a DoS attack against google, yahoo or network solution's servers; all at the same time. This Botnet has that potential.
KZaske is offline   Reply With Quote
Old Jan 23, 2009, 01:31 PM // 13:31   #53
Krytan Explorer
 
Blackhearted's Avatar
 
Join Date: Jan 2007
Location: Ohio, usa
Guild: none
Profession: Mo/
Default

Quote:
Originally Posted by Rahja the Thief View Post
This isn't your typical virus or worm. It can mask itself as anything it sees fit, and can go directly into Root directories. Method of infection can be anything from an infected file you downloaded such as a WMV or MP3, or as sinister as plugging in your USB drive (if it was infected from a public location like the library or school/work) and Windows auto running the device.
That's kinda inaccurate. Being infected by files such as MP3's pretty much wont happen. MP3's are just compressed audio samples with maybe some small bits of text for tagging, they contain no data to be executed. The only way a virus spreading through an mp3 would be probable is if the mp3 files were contained in an infected exe you had to run to extract them. So basically.. if this infection comes from a download, it's not coming from an mp3 file.


As for this virus warning. eh, i see none of the symptoms at all so it doesn't seem necessary to do a full scan. Especially since i've only had a virus actually get passed me and cause any problem a mere 1 time in the 7 years i've had my own pc. And even then it was dealt with and all was back to normal in less than an hour. So i'm not worried.
Blackhearted is offline   Reply With Quote
Old Jan 23, 2009, 02:08 PM // 14:08   #54
The Fallen One
 
Lord Sojar's Avatar
 
Join Date: Dec 2005
Location: Oblivion
Guild: Irrelevant
Profession: Mo/Me
Default

Quote:
Originally Posted by Blackhearted View Post
That's kinda inaccurate. Being infected by files such as MP3's pretty much wont happen. MP3's are just compressed audio samples with maybe some small bits of text for tagging, they contain no data to be executed. The only way a virus spreading through an mp3 would be probable is if the mp3 files were contained in an infected exe you had to run to extract them. So basically.. if this infection comes from a download, it's not coming from an mp3 file.


As for this virus warning. eh, i see none of the symptoms at all so it doesn't seem necessary to do a full scan. Especially since i've only had a virus actually get passed me and cause any problem a mere 1 time in the 7 years i've had my own pc. And even then it was dealt with and all was back to normal in less than an hour. So i'm not worried.
The virus itself isn't an MP3. It can appear as one, by manipulating windows into making itself appear as a folder, file type, etc. Though, its most common tactic is to appear as a root folder, it can, in fact, appear as as various filetypes with randomly generated 5-8 digit names. Conficker B has been dealt with, but a few mutations have been known to do this. Conficker C has developed the uncanny root folder auto run trick... which is worst of all.
__________________
Lord Sojar is offline   Reply With Quote
Old Jan 23, 2009, 05:22 PM // 17:22   #55
Wilds Pathfinder
 
Jecht Scye's Avatar
 
Join Date: Dec 2005
Guild: Lucky Crickets[Luck]
Profession: N/Me
Default

I just did a full system scan with AVG, nothing viral turned up. So I went to regedit in my Windows Vista 64bit OS, and followed this path:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\

However, there is no "netsvc" directory within the Services directory. Is it possible that it's labeled as something else in Vista?

EDIT: I currently checked my brother's PC running XP, and he also does not have the "netsvc" directory.

Last edited by Jecht Scye; Jan 23, 2009 at 05:26 PM // 17:26..
Jecht Scye is offline   Reply With Quote
Old Jan 23, 2009, 05:38 PM // 17:38   #56
Furnace Stoker
 
pumpkin pie's Avatar
 
Join Date: Jul 2006
Location: behind you
Guild: bumble bee
Profession: E/
Default

Quote:
Originally Posted by Nature Loves Me View Post
I just checked... it's even o nthe avg main page lol... it says...

"Downadup worm infects over 9 Million PCs

AVG detects and heals all variants of the recent Downadup worm that infecting numerous PCs worldwide. Unpatched PCs are most at risk as well as networks with weak or no passwords."

Just check the main page if it helps you feel secure xD


Anyways, I always have auto updates on, but I'ma scan anyways while i'm sleeping
thanks! very much. i did another full scan lol this is the third time nothing .
pumpkin pie is offline   Reply With Quote
Old Jan 23, 2009, 05:43 PM // 17:43   #57
Emo Goth Italics
 
Join Date: Sep 2006
Default

Will a complete computer format sort it out?

Thanks for the heads up, I'll be sure to check my laptop.

Edit: I'm under the assumption that I'm not infected. I don't have any anti-whatever except the stuff you get from Windows (I find it makes my already incredibly slow laptop even slower), but I've found no trace using the program built against this virus that you posted in the OP and checking the Regedit program. I've yet to do a deep scan, so I guess I'll get to it. Thanks again.

Last edited by Tyla; Jan 23, 2009 at 06:01 PM // 18:01..
Tyla is offline   Reply With Quote
Old Jan 23, 2009, 05:50 PM // 17:50   #58
Wilds Pathfinder
 
viper11025's Avatar
 
Join Date: Mar 2007
Location: 02/18/05 (Pm me with the place, its a riddle)
Profession: A/
Default

Ok, I odn't know if this is related but take my word fro this and hold it true.

I was on my commputer, january 10 I tihnk and my computer does this.
1. Cant update
1a. I try system restore, it freezes.
2.I scan it, it freezes.
I hit my head on the desk and force a restore with disk, it refuses.
3.I reinstall it, it freezes.
I look to it and shake my head grabbing the good old Killdisk.
4.I format the sucker, 3 times.
It worked!!

Thats my story, um, the numbers mean sometihng I did to it, the other is the reaction.
Thats my story, and trust me, if that was the worm, its a beast, make a killdisk or disk formatting floppy while you still can.
viper11025 is offline   Reply With Quote
Old Jan 24, 2009, 12:53 AM // 00:53   #59
Furnace Stoker
 
Elder III's Avatar
 
Join Date: Jan 2007
Location: Ohio
Guild: I Will Never Join Your Guild (NTY)
Profession: R/
Default

All is good here, but I tremble when I think of 9 out of 10 ppl that I know, who generally speaking don't know the first thing about computer security or maintenance work in general.

Thanks for the post Rahja.... I usually ignore such things, but I figured this was serious when I saw the GURU mods posting about it.
Elder III is offline   Reply With Quote
Old Jan 24, 2009, 03:15 PM // 15:15   #60
Forge Runner
 
Join Date: Apr 2007
Guild: DMFC
Default

For those who say - i looked for the registry entry and it wasnt there - , its stated in first post that the registry entry May or May Not be present .
Thought id be kind enough to point that out as it appears no1 else has and it may help those stop worrying.

Gj Rahja
Spiritz is offline   Reply With Quote
Reply

Share This Forum!  
 
 
           

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Desolation Sword Icy DS Sell 4 Sep 18, 2007 03:14 AM // 03:14
virus Wretchman Drake Technician's Corner 4 Jan 26, 2006 11:37 PM // 23:37


All times are GMT. The time now is 05:49 AM // 05:49.


Powered by: vBulletin
Copyright ©2000 - 2016, Jelsoft Enterprises Ltd.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("