Nasty computer virus due on April 1st

Originally posted by TwiTcHomatic
reply to post by spitefulgod

 

If you are not connected to the net at "said" time it is IMPOSSIBLE for it connect to the master server.

I made a follow-up post mentioning I forgot to add that to my first post in the thread.

The point of the "roll-back" is to keep it from activating on its own, when not connected to the net. My suggestion was not a FIX.. it is merely giving you time to see what the widespread result is after the APRILS 1st date on the machines that will be hit. If nothing happens to the general PC populace, then all you lost was a little bit of "net time".



[edit on 26-3-2009 by TwiTcHomatic]

That won't work. If conficker C cannot connect to the internet to download its payload from one of the domains in its list then it will sleep for 24 hours and try again, then it will sleep for 4 days and try again if not successful. It loops until successful or is stopped.

This may be a minor point for some, but it is not a virus.

It is a worm.

A Virus is:

virus: a software program capable of reproducing itself and usually capable of causing great harm to files or other programs on the same computer ...
wordnet.princeton.edu/perl/webwn
A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. ...
en.wikipedia.org/wiki/Computer_virus
: A program which can be transmitted between computers via networks (especially the Internet) or removable storage such as CDs, USB drives, floppy disks, etc., generally without the knowledge or consent of the recipient. ...
en.wiktionary.org/wiki/computer_virus

Google

A worm is:

A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

Wikipedia

Just trying to help you all understand what it really is.

reply to post by venividivici


Exactly.... I would rather keep it in a perpetual loop than from doing nothing and sitting on the net for the moment it wants to connect to its master server to do its job. This is only a delay method till it activates... once it activates and the chance is seen to "see what it does"... it will be easier to write code to counter and fix.

I have said 3 times now it is not a fix. It still goes by the date on your machine, thats why not being on the net, does not allow it to get an updated "realtime" date from the microsoft exchange server or any other server it will use.

reply to post by TwiTcHomatic


Instead of disconnecting from the internet for indeterminate amount of time why not just download and run the microsoft utility today that finds and cleans conificker.B/C?

support.microsoft.com...

if this article has caught enough attention so that the author of the virus would see it, wouldn't he/she/they change the active date before april 1st then since now people know to be prepared on april 1st??? i don't know

Wouldn't do much good if it's already sitting dormant in computers or networks.

He/she/they/it may be able to push out it out again with a different activation date, but it wouldn't have the effectiveness because it wouldn't be able to spread as far as it would with having a couple of weeks already out there.

I have updated with Microsoft removal tool for the Confiker virus. Hope this will do the trick

In case anyone missed it and is interested, there was a great segment on 60 Minutes last night about this:

www.cbsnews.com...

I thought the information was well presented.

I've made disk images of my main computers OS disks and downloaded
appropriate patches. Now we wait.

Regards.......KK

[edit on 30-3-2009 by kinda kurious]

reply to post by kinda kurious


My antivirus could detect and block but not remove it. I have a recent reformat of my OS drive and reinstalled windows XP, updated virus/firewall and it's gone!

Guess it's part of Windows XP

April 1 is a call home to update day nothing more.

I suspect that this worm is out there for some other purpose and day.

badwarebusters.org...

Its my guess that April 1 is just a day that they see how many computers they have infected.

If you want to do damage you want as many computer infected as possible.
that mean you need to know.

If i was going to do something like this i would let the worn go for years without doing anything but updating before i sprung it.

For extra security:
It may be a good idea to disable Remote Assistance on your PC (in the System properties), to prevent hackers from taking control of your computer. You can undo this if you ever need remote assistance - most home users never use it anyways. Your PC should be set to disallow (opening of this Port) by default - but it never is and they assume you'll never check and find out.

reply to post by TwiTcHomatic


If someone is so determined to send a computer virus around the world, it just shows you how much they HATE everyone.

Sadly, there are a lot of people like that.

reply to post by ahnggk


Thanks for that info. I realize I may simply be prolonging the enevitable, but at least all my software will hopefully be intact. Also, I am hopeful we will know more info and I am simply buying more time, so OS disk backups are but one of many precautions.

I am neither a computer expert nor novice. As a small business owner, I am forced to maintain my own small network. (Both PC's & Mac's) What frightened me was in the CBS 60 minutes link I posted. If the head of Cyber Security for CBS News could not insure their computer network was not vulnerable, what does that say for the rest of us?

Regards.......KK

reply to post by venividivici


You have any suggestions on what to do if you can't download from Microsoft?
I bought my computer used and long story short I was supposed to get the original Windows XP and I didn’t.

So, that means I can’t download from Microsoft...

reply to post by silo13


Hi Silo,

If you can log on to Microsoft, search for "Validation Certificate."

I believe it offers options to become "certified" for a fee, of course.

But others here can probably be of better assistance.

Regards......KK

this virus is faily simple to remove if you do get it. Go to Symantec and download downadup remover.

Let it scan your computer. If you find it there are instructions that aren't too painful, to remove the virus.

If you don't have it just make sure you have the MS08-067 update installed to manage any possible April 1st attack.

Downadup removal

MS Security Bulletin update ms08-067

Always make sure your anti-virus is up to date.

Rolling back your computer clock might be a temporary fix however while your clock is rolled back your virus software won't auto update. Make sure if you intend to roll back the date that you first get the latest security and virus updates.

You can also download the free zone alarm, and should anything attempt to sneak past you'll be alerted.

basic caution is all that's required to protect from this. I really don't think it's going to be as huge as many seem to be bracing for.

reply to post by silo13

Busted! Conficker's tell-tale heart uncovered

www.theregister.co.uk...


REMOVAL TOOLS

www.sophos.com...

www.bdtools.net...

Originally posted by L.HAMILTON


Those of us that had to contend with viruses on their computers, know how damaging and tedious they can be to remove. The people that write these viruses amaze me; to fully understand an operating systems like windows. Apparently this 'bad boy' is thought to already infect between 5 to 10 million computers. Named Conficker worm malware is to infect million more computers on April 1st.

www.cnn.com
(visit the link for the full news article)

I have been infected with this thing. This past weekend was a nightmare for me. It downloads on it's own, changes computer settings, and will not allow you to check your security updates or run your anti-malware. It infects IE by re-directing to a fradulent site that looks exactly like the one you want, i.e., ebay sign in, paypal sign in, and my personal bank sign in. And this was not through emails. I typed each address into the address bar and that is where the virus took me. Finally, after trying several online anti-malware scans, I found one that worked and cleaned it out. It is malwarebytes. The only thing that alerted me to the sign on pages is that each asked for a "one time verification" asking for your SS number, credit card number and your PIN number!!! Of course, I didn't do it, and could not go any further to my accounts. I had to access them on my husband's computer. I have windows XP home, and he has Vista.

[edit on 31-3-2009 by aero56]

Looks like Lloyds TSB bank has been hit by the Virus, Ive tried logging onto my Online Statement but everytime I do I get a security certificate flash up asking me to verify it. Its not one of Lloyds so luckily I didnt click yes or access the site.
My computer is running fine and everything is normal (installed the Microsoft patch earlier in the week and reset the clock last night) so its not a problem at this end.

Hmmm...it's now past Midnight, 4/1, here on the East Coast of the US...and as near as I can tell nothing has happened...

Ho Hum