• Welcome to SC4 Devotion Forum Archives.

Conflicker C.

Started by choco, March 30, 2009, 08:23:48 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

choco

Hi all!

its been getting more widespread converage, but the Conflicker C. worm (linkie) is set to activate on April 1st.  its a fairly nasty virus, so please take the time to check your PC's and especially your servers. 

http://forums.mcafeehelp.com/showthread.php?t=225901
http://www.pcworld.com/article/157876/protecting_against_the_rampant_conficker_worm.html

please ask if you have any questions  :)

Jonathan

So exactly do we protect against this, the articles say of a MS update, my update history only shows updates this year? I have no updates that need to be installed at the moment, so do I assume I have the update? And is there some tool that will tell you if you are infected?

Jonathan

Pat

Jus to make sure I went and found the link on the Wiki to Microsoft here for the download of the patch

Don't forget the SC4D Podcast is back and live on Saturdays @ 12 noon CST!! -- The Podcast soon to Return Here Linkie

choco

Quote from: Warrior on March 30, 2009, 11:05:52 AM
So exactly do we protect against this, the articles say of a MS update, my update history only shows updates this year? I have no updates that need to be installed at the moment, so do I assume I have the update? And is there some tool that will tell you if you are infected?

Jonathan

vista?  the security rollouts are different from kernel to kernel.....vista, 7, and 2008 are all using a similar kernel which needs a patch.  XP, 2000, 2003 all use another update.  your old updates may be gone due to a service pack update, but i'd physically search your hard drive for the $NTUninstallation folder for the appropriate patch to ensure it was done. 

download March 09 Malicious software removal tool and malwarebytes.  also, disable autorun feature in the registry (there's a tech bulletin on how to accomplish this). 


bdtools.net had a removal tool for Conflicker, but i tried to download it today and caught the PAK Generic.001......so looks like someone hacked the domain to infect the only existing tool to remove this beast.