Conficker.C, WORM, Serious Threat!!
Mar 25, 2009
Just when you might have thought it was safe to start using USB flash drives at work again, the third, and by all accounts, most fiendish version of the Conficker worm that's infected millions of PCs already is set to attack on April 1st, Ars Technica reports. Conficker.C's designed to hide itself even more thoroughly than its older siblings Conficker.A and Conficker.B, using tricks such as:
•Inserting itself into as many as five Windows-related folders such as System, Movie Maker, Internet Explorer, and others (under a random name, of course)
•Creating access control entries and locking the file(s)
•Registers dummy services using a "one (name) from column A, one from column B, and two from column C" method
To find out what happens when Conficker.C strikes, join us after the jump.
Conficker.C's payload makes it harder than ever to recover from being infected:
•Deactivates Windows Security Center notifications
•Prevents restart in Safe Mode
•Prevents Windows Defender from running at system startup
•Deletes all system restore points
•Disables various error-reporting and security services
•Terminates over twenty security-related processes
•Blocks DNS queries
•Blocks access to security and antivirus websites
•And, to top it all off, Conficker.C can choose from a list of 500 domains to contact out of a pool of 50,000 (way up from Conficker.B's 32 out of 250).
Link:This is No Joke: Conficker.C to Strike on April Fools' Day | Maximum PC
Removal Tool: How to use the Downadup removal tools - BDTools.net
+++++++++++++++++++++
I can't say much else, as I don't know much else, though I read about this on another Forum I belong to. I have all my Updates in place as always, ran MS Malware Removal Tool, Ran complete system Scan, my PC turned up clean of
Conflicker A and B as well as C, but then C has not been released as yet.
+++++++++++++++++++++
I do know MS has a bounty out on the individual responsible, $250,000 BUCKS!!
That should give you guys an Idea of how SERIOUS this THREAT is!!
I am not sure about the removal tool either, but that's the only one I found.
Thus far.
View 9 Replies
Feb 26, 2009
Conficker worm gets an upgrade. The Conficker worm, which infected millions of PCs last month, has received an upgrade which makes it much more effective. The new variant, dubbed Conficker B++, has been redesigned to get around attempts to shut it down. Previous versions checked for software updates from a list of 250 randomly generated URLs. But security companies managed to reverse engineer the algorithm that generated the URLs and design a way to block the software from updating. The new variant now uses a new set of backdoors to update itself.
View 9 Replies
View Related
Jul 15, 2009
Last coupla days, since the update to Malwarebyte's 1.39 (for Vista HP x64), it's been finding this "threat" HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{y479c6d0-otrw-u5gh-s1ee-e0ac10b4e555} (Generic.Bot.H) Does anyone recognize this? Is it a false positive, or something I should allow it to "repair"?
View 7 Replies
View Related
Mar 30, 2009
Quote: Will the Conficker worm, expected to activate on April 1, set off viral destruction or be a dud?
Security experts say Conficker.C (also called Downadup) presents a serious threat. Infected machines -- said to number from 3 million to 10 million globally, depending on estimates -- could be activated for data destruction and theft or espionage, spam relays or denial-of-service (DoS) attacks. While a "doomsday scenario" on April 1 seems unlikely, many security professionals regard Conficker.C as the malware fruit of a disciplined criminal operation out to make money off it.
More here: Conficker on April 1st: Eve of destruction or big joke? - Network World
View 9 Replies
View Related
Jun 4, 2008
I can't see hidden files due to a worm. I delete this worm but the problem is remaining!
View 4 Replies
View Related
Mar 16, 2009
"BitDefender has released what it claims is the first vaccination tool to remove the notorious Conficker virus that infected some 9 million Windows machines in about three months.The worm, also known as Downadup, exploits a bug in the Windows Server service used by Windows 2000, XP, Vista, Server 2003 and Server 2008.
View 4 Replies
View Related
Mar 15, 2009
http://www.pcworld.com/article/159238/virulent_worm_exploits_missing_patches.html?loomia_ow=t0:a41:g29:r2:c0.098293:b22758322
View 9 Replies
View Related
Mar 23, 2008
He was infected by ISASS malware, a WORM that hide in windows system folders and share my conection with anothers users without my autorization. In firewall i can see a lot of ports opened without my UAC identify. Anti v??rus like norton or kaspersky don't solve my problem. I tried windows defender, and tried RegistryBooster 2, both without sucess.
I studied a internet forum about the problems and i believed that i will solve the problem with a tool of microsoft: but after dowloaded and scanner computer, the tool dont find any problem..........
View 5 Replies
View Related
May 31, 2008
IE07 opens new sites/windows by it self. I suspect it's trojan/worm but Windows and McAfee could not dtect anything
View 5 Replies
View Related
Apr 9, 2009
Experts warn of imminent Conficker attack. Security experts have uncovered new Conficker activity which could indicate that the hackers behind the worm are finally gearing up for an assault. Researchers at Trend Micro discovered a new variant of Downad/Conficker last night, called Worm_Downad.E, which is spreading over the peer-to-peer network of infected PCs created by the previous version.
View 4 Replies
View Related
Jan 20, 2009
If computer is infected with this worm, Customer may not experience any symptoms, or you may experience any of the following symptoms: Account lockout policies are being tripped. Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and Error Reporting Services are disabled. Domain controllers respond slowly to client requests. The network is congested. Various security-related Web sites cannot be accessed.............
View 4 Replies
View Related
Feb 6, 2009
I am still unable to install X2 the Threat on my PC. When installing I accept the terms in the licence agreement, select destination folder. select default folder and hit Install. X2 does not install and the following message is displayed:
Quote: X2 The Threat - InstallShield Wizard
InstallShield Wizard Completed
The wizard was interrupted before X2 - The Threat could be completely installed.
Your system has not been modified. To complete installation at another time, please run setup again.
Click Finish to exit the wizard. Why is the InstallShield Wizard interrupted?
View 9 Replies
View Related
