Do you have the Confiker worm?

[Dad]

Here's a hint for removing the confiker virus.

1. Update your computer using windows update.
2. XP users, click start, run then type in mrt into the run box and hit enter.
3. Vista users, click on start, find, type in mrt.exe and run that program by using a double click on the found file. (I'm doing the Vista part by memory, hope it's right. If not, post here)

It will give you a box asking for a quick scan or a full scan. Look at the top right hand corner and make sure it says March 2009. If it is an earlier version see #1. Run the quick scan, it will tell you if it finds confiker and delete it for you automatically.

This is Microsoft Malicious Software remover. Although it will run in the back ground each month by itself you can run it manually too. If you turn off your computer at night it may not run at all until you do a manual scan.

Here are some real time instructions.

http://www.mydigitallife.info/2007/0...-2000-and-2k3/

[gruntly]

HOLY COW!!! What did I do wrong!!!

I updated microsoft... It threw the service package #3 at me and after I downloaded it and let it check the system with the recommended mrt etc, I lost my internet connection completely... I mean lost it. I was fumed I was angry I was really really cheesed off

first thing I did was try to do a backpedal restore. uh-uh. So I dumped the #3 package. uh-uh. Tried to find my connection. uh-uh. Finally created a new connection and it worked

The good news is the mrt only found two infections. Something called aleonan or something and dealt with them. the bad news is I don't wanna go throught that again

Can I or should I put the package #3 back on and then try a new connection again if necessary or leave it the way it is?

Signed,

Confustrated!

[Dad]

HOLY COW!!! What did I do wrong!!!

I updated microsoft... It threw the service package #3 at me and after I downloaded it and let it check the system with the recommended mrt etc, I lost my internet connection completely... I mean lost it. I was fumed I was angry I was really really cheesed off

first thing I did was try to do a backpedal restore. uh-uh. So I dumped the #3 package. uh-uh. Tried to find my connection. uh-uh. Finally created a new connection and it worked

The good news is the mrt only found two infections. Something called aleonan or something and dealt with them. the bad news is I don't wanna go throught that again

Can I or should I put the package #3 back on and then try a new connection again if necessary or leave it the way it is?

Signed,

Confustrated!

Something was running your computer and it wasn't Microsoft. Make sure you do your system checks, scan disk fixing errors and maybe even a good defrag. Back up your system to another computer or external hard drive. SP3 tells you to do that before installing. Did you back up before installing SP3?

Service pack 3 doesn't like all computers. Especially those with some AMD chips. If you install SP3 it doesn't uninstall 100%. Should you install it again... I have it running on a few dozen machines, some with AMD chips and it runs OK now. When it first came out it was death to some.

Running the MRT is safe but in your case I would guess you had something holding on to your network connection telling aliens what you were doing. Glad you are all cleaned up now.

[me75006]

I had to clean Conficker.E, off my Mom's pc this weekend. Unknown precisely how it got into her pc. It pestered her with "System Protect 2009" software, which is bogus.
In cleaning, manually, there was a process to kill, files to delete, and registry entries to delete.
if you google the two file names, listed, you can find enough to scare the bejeezus out of you.

iehelper.dll
sysgard.exe
these files can have variations in their name, like iehelper02.dll for example. They are trojan files.

web site sophos.com has a free scanner/removal tool, after you register.
Conficker will also block your access to many popular antivirus web sites, so you cant get ahold of removal tools. It turns off security features in windows, turns off the ability to "safe boot", and is able to get into every nook & cranny of the operating system.

There is a working group of industry specialists at:
http://confickerworkinggroup.org/wiki/

which has a test on the home page, and alot of information.

Also see : http://mtc.sri.com/Conficker/

quote:
Perhaps the most obvious frightening aspect of Conficker C is its clear potential to do harm. Among the long history of malware epidemics, very few can claim sustained worldwide infiltration of multiple millions of infected drones. Perhaps in the best case, Conficker may be used as a sustained and profitable platform for massive Internet fraud and theft. In the worst case, Conficker could be turned into a powerful offensive weapon for performing concerted information warfare attacks that could disrupt not just countries, but the Internet itself.


About SRI Ijnternatonal:
SRI International is an independent, nonprofit research institute conducting client-sponsored research and development for government agencies, commercial businesses, foundations, and other organizations. SRI also brings its innovations to the marketplace by licensing its intellectual property and creating new ventures.

[iraqveteran]

Some good info there.


I did the scan. Nothing found. Good thing too.

[Balystic]

Anyone say MAC?

[me75006]

Anyone say MAC?

be advised re: macs
Warning: "Conficker" worm may affect some Mac users

http://www.macfixit.com/article.php?...09033108432353

[Dad]

<I'm 53 and I'm a PC>

[Executioner]

Conficker? Is that a new pron site??

[Dad]

Exe....

What's a pron site?

[Executioner]

too much beer that night my fingers didn't co operate, how about porn?

it was a joke.

OK a bad one some sites I'm on are kinda anal and get very offensive if you type the word porn, so "pron" is the accepted substitute.

Nevermind I'll just crack open another beer.

[Dad]

LOL

[ctrlaltdel]

okie... so how do I know if I have it or not?

[ctrlaltdel]

I typed in the mrt in the run box and it directed me to this and I am downloading it:
Microsoft® Windows® Malicious Software Removal Tool (KB890830)


now.

Thanks anyway!

Im a vista user!

[ctrlaltdel]

too much beer that night my fingers didn't co operate, how about porn?

it was a joke.

OK a bad one some sites I'm on are kinda anal and get very offensive if you type the word porn, so "pron" is the accepted substitute.

Nevermind I'll just crack open another beer.

Pronficker?! sorry I can't hold back this one...

[Dad]

Yup.. it will run on vista too... always nice to check for malicious software. The mrt will also run in the background if you let your computer run all night.

Make sure you update your vista, if you haven't, and get the latest mrt update.

[jrobin9]

good post

[jasonjames]

I had something, but not sure it was the Confiker. I had to wipe out my HD. It took 3 hours to erase my HD, and 4 hours to re-install windows and all the SP updates.

[Chillpro]

okie... so how do I know if I have it or not?

it will hurt when you pee.

[Dad]

it will hurt when you pee.

Now that's just wrong


Darn funny but just wrong. LOL