Conficker C

[billyellis]

http://www.cnn.com/2009/TECH/03/24/conficker.computer.worm/index.html

Are there any tools out there yet that can detect whether or not a computer is infected? Obviously removal is not possible yet, but what about detection?

The article above has a link to a Microsoft on-line scan, but I am not interested in letting MS scan my computer unless it is absolutely necessary because of their reputation for taking and storing personal information.

Can we maybe get a sticky about this new threat leading up to April 1st with the latest news and remedies as they (hopefully) become available?

 

[mflynn]

Yes removal is possible!

I posted about it here.

If you have more computers on the network do them all 1 at a time with all the others off!

Download them both boot to Safe mode and run them.

https://www.techspot.com/vb/showthread.php?t=122620&highlight=conflicker

Do the top one first then reboot again to Safe Mode and run the 2nd one.

Finally back to Normal mode and you are sure you are clean the do the 3rd (Microsoft patch).

I would then run thru the 8 Steps!

Mike

 

[billyellis]

Hi Mike,

I saw that thread, but since it was a month old and referenced older variants (A & B) I wanted to know whether removal of C was possible, since according to the article there was no fix for it yet. I will definitely take those steps and at least make sure I am not infected with the earlier variants, and if you or anyone else hears anything positive about variant C (the real bad-*** one that no one knows what it will do come April 1), hopefully they can post it at this site somewhere.

 

[billyellis]

One thing the information for A & B states is that there are/were pretty obvious signs of infection, such as an inability to access antivirus and antimalware sites or get Windows Updates. Does anyone know if that applies to C as well, or was that perhaps one of the improvements with the newer variant to make it less obvious that a system was infected?

I can navigate to update sites for my software, but since there have been no Windows Updates since 3/10, it is impossible to tell whether or not that action is blocked or not. Does anyone know if C infection is still as obvious as A & B?

Also, a general worm question - looking around at various web sites, the general consensus appears to be that a worm infection should be treated with an OS wipe/reload to be absolutely certain of removal. Is that overkill?

Finally, when I tried to look back and see the security updates, which used to be listed in the Add/Remove Programs window, I notice that they are not there anymore. Was there an update that hid them recently? Where can I go to find a listing of installed Windows Updates without opening the registry?