 |
|
|
|||||||
| View Poll Results: Are you infected with Downadup? | |||
| Yes, after scanning, I was infected and have removed the worm. |
   
|
2 | 2.02% |
| Yes, after scanning I was infected. I am having trouble removing the worm. |
  
|
1 | 1.01% |
| No, after scanning, I was not infected. |
  
|
96 | 96.97% |
| Voters: 99. This poll is closed | |||
 |
|
|
Thread Tools | Display Modes |
Jan 24, 2009, 08:38 PM // 20:38
|
#61 |
|
IRC W H O R E
Join Date: Feb 2006
Location: Australian Trolling Crew HQ, rightful leader and administration
Guild: Yale University [Snow]
Profession: W/
|
should i get rid of my shared folders
|
|
|
|
Jan 25, 2009, 08:32 AM // 08:32
|
#62 |
|
Grotto Attendant
Join Date: Jan 2007
Location: Niflheim
Profession: R/
|
No?
Just scan your PC with a good antivir. And for me, just to be on a safe side, I downloaded that remover and it has found nothing. Nothing in registry, too. |
|
|
|
|
Jan 26, 2009, 06:51 AM // 06:51
|
#63 |
|
Forge Runner
Join Date: Mar 2005
Location: PST
Profession: W/
|
I'm scanning at the moment, but looking into my registry, I found:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Netman\Parameters\"ServiceDll" It's not the \netsvcs\Parameters\"ServiceDll" but looks like I'll be downloading the remover just in case. |
|
|
|
|
Jan 26, 2009, 08:48 AM // 08:48
|
#64 |
|
rattus rattus
Join Date: Jan 2006
Location: London, UK GMT±0 ±1hr DST
Guild: [GURU]GW [wiki]GW2
Profession: R/
|
That's the key for the Network Connections service and is therefore safe.
And shouldn't be deleted 
__________________
Si non confectus, non reficiat
|
|
|
|
|
Jan 26, 2009, 10:08 PM // 22:08
|
#65 |
|
The Fallen One
Join Date: Dec 2005
Location: Oblivion
Guild: Irrelevant
Profession: Mo/Me
|
Bad news guys and girls. The virus Conficker.B (the network virulent strain with USB autoplay infection) has some additional removal steps. You need to check out this article for exact methods to remove it. I am adding it to the opening post as well.
http://support.microsoft.com/kb/962007 ^ Double check registry as they instruct. Also, current infection rates are in. Estimates are 15 million PCs on the most conservative estimates, 25 million on the most liberal. That said, it is safe to assume 19-21M PCs are current infected with Conficker. That accounts for 1 in every 10-11 PCs.
__________________
|
|
|
|
|
Jan 27, 2009, 12:53 AM // 00:53
|
#66 |
|
Technician's Corner Moderator
Join Date: Jan 2006
Location: The TARDIS
Guild: http://www.lunarsoft.net/ http://forums.lunarsoft.net/
|
More notes on Conficker:
http://www.microsoft.com/security/po...32%2fConficker |
|
|
|
|
Jan 28, 2009, 08:03 PM // 20:03
|
#67 |
|
Lion's Arch Merchant
Join Date: Apr 2007
|
How/where can you update your "Windows Install"? I really don't know what that is...
My Antivirus is fine, still auto-updates. Now I'm doing one of those full deep scans. My anti-virus is NOD32, I know that you normally have to pay for it, but I've the trial version, normally that's the same, just for free for a certain amount of days. <font color="FireBrick"><strong>Moderator Edit: </font></strong> References to illegal software have been removed. We don't discuss that in the Tech Corner. Thanks! |
|
|
|
|
Jan 28, 2009, 09:50 PM // 21:50
|
#68 | |
|
Site Contributor
Join Date: Aug 2006
Guild: Gems of Destiny
Profession: D/
|
Quote:
__________________
Wynthyst |
|
|
|
|
|
Jan 28, 2009, 10:07 PM // 22:07
|
#69 | |
|
rattus rattus
Join Date: Jan 2006
Location: London, UK GMT±0 ±1hr DST
Guild: [GURU]GW [wiki]GW2
Profession: R/
|
Quote:
And lose that pirated NOD32 - seriously.
__________________
Si non confectus, non reficiat
|
|
|
|
|
|
Jan 28, 2009, 10:50 PM // 22:50
|
#70 | |
|
Furnace Stoker
Join Date: Oct 2005
Location: Planet Earth, Sol system, Milky Way galaxy
Guild: [ban]
Profession: W/
|
Quote:
|
|
|
|
|
|
Jan 29, 2009, 05:41 AM // 05:41
|
#71 |
|
Wilds Pathfinder
Join Date: Aug 2005
Location: Los Angeles, California
Guild: Picnic Pioneers
Profession: E/
|
Can I assume that I don't have the worm if I can access the security websites the worm blocks?
|
|
|
|
|
Jan 29, 2009, 06:19 AM // 06:19
|
#72 | |
|
The Fallen One
Join Date: Dec 2005
Location: Oblivion
Guild: Irrelevant
Profession: Mo/Me
|
Quote:
__________________
|
|
|
|
|
|
Jan 29, 2009, 11:44 PM // 23:44
|
#73 | |
|
Lion's Arch Merchant
Join Date: Apr 2007
|
Quote:
Thank you for the link! And I'll think about changing my virus-scanner.(came from AVG Free, so this was sooo much better, I didn't like AVG Free, cause it's pop ups were terrible -.-) |
|
|
|
|
|
Jan 30, 2009, 12:13 AM // 00:13
|
#74 |
|
Wilds Pathfinder
Join Date: Mar 2007
Location: 02/18/05 (Pm me with the place, its a riddle)
Profession: A/
|
Um, no one read my post then, yeah I tihnk I had the virus....
|
|
|
|
|
Jan 30, 2009, 04:02 PM // 16:02
|
#75 | |
|
Lion's Arch Merchant
Join Date: Apr 2007
|
Quote:
 But now I'm trying to uninstall NOD32, but when I restart my pc it just shows up again. Anyone knows why or what the problem is? |
|
|
|
|
|
Jan 30, 2009, 09:07 PM // 21:07
|
#76 | |
|
The Fallen One
Join Date: Dec 2005
Location: Oblivion
Guild: Irrelevant
Profession: Mo/Me
|
Quote:
__________________
|
|
|
|
|
|
Feb 04, 2009, 12:31 PM // 12:31
|
#77 |
|
Forge Runner
Join Date: Mar 2006
|
Any chance being infected while using a program like MSN ?
I suggest if you dont got a proper virus scanner ; Install AVG Free Edition Last edited by Lourens; Feb 04, 2009 at 12:39 PM // 12:39.. |
|
|
|
|
Mar 18, 2009, 07:14 AM // 07:14
|
#78 |
|
Pre-Searing Cadet
Join Date: Mar 2009
|
Conficker and things not read about.
As a server Admin in a School District here in Arizona, I have been tasked with eliminating this worm from our systems which total about 1000 PC's and servers. A daunting task considering there are only 2 others in the tech department, plus the director.
We seem to have been infected as early as the 15th of January. We have been working on a "fix" for the better part of 2 weeks and are just about there. Let me give you some insight as to what we are up against at this stage of infection. 1. Running MSRT or Fixdownadup (symantec) does no good. the virus simply prevents them from running. 2. Updating our anti virus version (eset) from 2.7 to 3.0 or 4.0 will work without issue using push technology. However, most PC's will not update the updated virus signatures because they cannot access the AV site. To update the AV packages, utilize the removal tool and Windows Updates, we must kill the svchost file(s). We must visit each PC manually and use a program called Process.exe. Running this kills all svchost processes, which destabilizes the system, and pops up the shutdown command. After disabling shutdown, we run that proces a few more times to make sure the svchost does not come back. Then we run the malware tool. We then reboot the system after the malware tool finds the virus (run under a deep scan) and eliminates it. After reboot, we begin to immediately update windows with SP3, and the 38 updates after SP3. We then check for the presence of the virus in the registry (SVCHOST - netsvcs). When that is completed, we re-apply the 3 separate patches that address the conficker vunerability (directly and indirectly). Reboot a third time and test the logon. Then we document the machine by room and move onto the next room, rinse and repeat. The longer this virus remains in play, the more damage it causes. I have group policy logon scripts that no longer run. Manually running those scripts at this moment results in a 5 to 10 minute delay in execution of those scripts, if they run at all. They are visual basic scripts, not batch files. I am hoping as more computers are repaired, script functionality returns because I have seen nothing on how to restore script functionality on the internet. Time on each PC from start to finish takes about an hour depending on the # of files on the PC and how deeply infected the PC is. It was decided by others to not update windows automatically because of the potential for a bad update to hurt various computers, or all of them. Let me tell you from experience and from what I and the other 2 people will be doing this entire weekend - Update your systems to the latest and greatest patches out there to keep your systems from becoming infected. A fully updated system with a fully updated AV will prevent reinfection. |
|
|
|
|
Mar 18, 2009, 07:34 AM // 07:34
|
#79 | |
|
Pre-Searing Cadet
Join Date: Mar 2009
|
Quote:
Our PC's at the School District I work at arent updated beyond the image that was made for that particular computer model. After our Conficker disaster is under control, you can bet we will revisit that issue. |
|
|
|
|
|
Mar 18, 2009, 07:45 AM // 07:45
|
#80 |
|
Pre-Searing Cadet
Join Date: Mar 2009
|
MacAfee good enough?
Our Anti Virus (NOD32) version 2.7 found the Conficker virus file and removed it each and every time, so we thought we were safe because the file was quarantined and deleted. *WRONG*
Our AV only prevented 1 method of infection. Conficker uses any one of at least 3 or 4 ways to infect a PC. This is why we got a late start on disinfecting our PC's because we thought our AV was catching it before it had a chance to do anything. It was only catching that one method of infection... Then after being infected for over a month, we started experiencing network congestion, domain controller slowdown, group policies not working, group policy scripts not running... yeah fun... Never ASSUME your protected from Conficker. Verify!!! |
|
|
|
|
|
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Desolation Sword | Icy DS | Sell | 4 | Sep 18, 2007 03:14 AM // 03:14 |
| virus | Wretchman Drake | Technician's Corner | 4 | Jan 26, 2006 11:37 PM // 23:37 |
All times are GMT. The time now is 05:49 AM // 05:49.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("