Conficker Virus - MS patch
20 January 2009, 07:44 PM
#1
Conficker Virus - MS patch
For windows xp - http://www.microsoft.com/downloads/d...displaylang=en
Estimates are 9m infections but it hasnt been activated yet.
Estimates are 9m infections but it hasnt been activated yet.
21 January 2009, 08:50 AM
#4
Guest
Posts: n/a
I saw all the media hype about this worm/virus/patch - thought I'd check that I had it installed. (XP). Had to Google how to find out the patches I have installed. Found the easiest way was to look in the registry. So just to point anyone else in the same direction you can use 'regedit' [Start/run/regedit] and look at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\
This lists all the SW you have installed, including patches. You'd think they'd make it easier .......
Dave
PS: they probably do but I couldn't see how ....
This lists all the SW you have installed, including patches. You'd think they'd make it easier .......
Dave
PS: they probably do but I couldn't see how ....
21 January 2009, 09:16 AM
#6
Scooby Regular
iTrader: (1)
Join Date: Jul 2004
Location: There on the stair
Posts: 10,208
Likes: 0
Received 0 Likes
on
0 Posts
Not strictly true. Corporates can have slow update policies and extensively test patches before releasing them into the infrastructure. Then there are those corporates who have no IT policy and get caught with their pants down like this....
This patch was released on October 23rd so there really is no excuse.
Sheffield City NHS management should be shot for turning off ALL updates because one pc had an issue with automatic reboots.
21 January 2009, 09:49 AM
#7
Scooby Regular
iTrader: (1)
Join Date: Aug 2005
Location: Manchester ish
Posts: 18,547
Likes: 0
Received 0 Likes
on
0 Posts
So true, company I work for has only just (past few months) done a roll out to update xp pro to service pack 2 - this was after sp3 had been released, and its quite a big company I work for as well
Trending Topics
21 January 2009, 09:59 AM
#8
Moderator
Join Date: Dec 1998
Location: Staffs
Posts: 23,573
Likes: 0
Received 0 Likes
on
0 Posts
The first tests we did with SP3 hosed XP, so I don't blame them for being slow.
Yesterday we've run into a XP SP3 compatability issue (or so one of the two software vendor is claiming...)
Yesterday we've run into a XP SP3 compatability issue (or so one of the two software vendor is claiming...)
21 January 2009, 10:09 AM
#9
Scooby Senior
Join Date: Nov 2001
Location: West Yorks.
Posts: 4,130
Likes: 0
Received 0 Likes
on
0 Posts
I saw all the media hype about this worm/virus/patch - thought I'd check that I had it installed. (XP). Had to Google how to find out the patches I have installed. Found the easiest way was to look in the registry. So just to point anyone else in the same direction you can use 'regedit' [Start/run/regedit] and look at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\
This lists all the SW you have installed, including patches. You'd think they'd make it easier .......
Dave
PS: they probably do but I couldn't see how ....
This lists all the SW you have installed, including patches. You'd think they'd make it easier .......
Dave
PS: they probably do but I couldn't see how ....
Last edited by MJW; 21 January 2009 at 10:12 AM.
21 January 2009, 10:09 AM
#10
Scooby Senior
The antivirus companies will be rubbing their hands together as will the ISP's who are allowing this particular piece of code to register the hundreds of domains and hosting packages daily, who's paying and will the card owners be traced and for a refund. Why are the domains continuing to be registered? Would you take steps to stop this lucrative revenue stream?
The efforts of the antivirus companies and ISP's will be minimal I can assure you.
The efforts of the antivirus companies and ISP's will be minimal I can assure you.
21 January 2009, 11:00 AM
#11
Scooby Regular
Join Date: Feb 2004
Location: High Wycombe
Posts: 3,763
Likes: 0
Received 0 Likes
on
0 Posts
21 January 2009, 02:40 PM
#12
Guest
Posts: n/a
where I work they decided to put a stop on all my wsus infrastructure in October as apparently they didn't agree to it being pre approved even though it had been done for more than 2 years with me doing it 
Since October I have had nothing but political bullsh!t stopping patching from going ahead. Now they are screaming patch this patch that and what was a once perfectly up to date wintel estate is now a shocking mess in regards to patches as they are only allowing certain patches out onto certain servers. 
21 January 2009, 02:54 PM
#13
Scooby Regular
Join Date: Feb 2004
Location: High Wycombe
Posts: 3,763
Likes: 0
Received 0 Likes
on
0 Posts
F-Secures log of originating IP's supports my "dodgy install" theory:
How Big is Downadup? Very Big. - F-Secure Weblog : News from the Lab
How Big is Downadup? Very Big. - F-Secure Weblog : News from the Lab
21 January 2009, 04:19 PM
#14
Scooby Regular
Join Date: Feb 2003
Location: Zed Ess Won Hay Tee
Posts: 21,611
Likes: 0
Received 0 Likes
on
0 Posts
had some trouble logging into the works CCTV pc from last friday, had a look at it just now and found this downadup thing while doing a safe mode virus scan
avg free 8.0 has found various things and put them in the virus vault, including 2 worms while i was logging into the router via my laptop (flashed on screen)
so i booted it into safe mode and started a full check, thing is the works machine, although only used for the CCTV program, also runs a http server so i can login from home. i found that leaving auto updates switched on was allowing the staff to click the title bar while the bubble thing was on screen and getting to the desktop quite easy, so switched it all off, do not want them to kill the pc and do sneaky valets for cash while i am not around so it needs to stay "locked"
so far the check has found the suspect ecbxse[1].gif file and is ploughing into the rest of the hard drives.
avg free 8.0 has found various things and put them in the virus vault, including 2 worms while i was logging into the router via my laptop (flashed on screen)
so i booted it into safe mode and started a full check, thing is the works machine, although only used for the CCTV program, also runs a http server so i can login from home. i found that leaving auto updates switched on was allowing the staff to click the title bar while the bubble thing was on screen and getting to the desktop quite easy, so switched it all off, do not want them to kill the pc and do sneaky valets for cash while i am not around so it needs to stay "locked"
so far the check has found the suspect ecbxse[1].gif file and is ploughing into the rest of the hard drives.
Last edited by StickyMicky; 21 January 2009 at 04:21 PM.
21 January 2009, 10:49 PM
#16
Scooby Regular
Join Date: Feb 2003
Location: Zed Ess Won Hay Tee
Posts: 21,611
Likes: 0
Received 0 Likes
on
0 Posts
Some people say yes, some people say no, i can only compare it with norton, in that respect its vastly superior!
Cant say i have ever had a real problem with "AVG free" to be honest.
The works cctv machine does nothing except run the CCTV program, dyndns to upload the current IP and a small hhtp server to allow me to login from home, no internet browsing or anything like that, so i am doubtful that paying for some "proper" antivirus program is worth it?
checked the laptop i use at work for browsing, it was clean, also switched auto updates on and found i had 80mb of patches to install
came home and checked the home desktop (took 4 hours to scan in safe mode) and that was clean, need to check the missus`s laptop tomorrow but would assume its going to be fine, suspect i got infected via the cctv machine and that is as far as it got.
Cant say i have ever had a real problem with "AVG free" to be honest.
The works cctv machine does nothing except run the CCTV program, dyndns to upload the current IP and a small hhtp server to allow me to login from home, no internet browsing or anything like that, so i am doubtful that paying for some "proper" antivirus program is worth it?
checked the laptop i use at work for browsing, it was clean, also switched auto updates on and found i had 80mb of patches to install
came home and checked the home desktop (took 4 hours to scan in safe mode) and that was clean, need to check the missus`s laptop tomorrow but would assume its going to be fine, suspect i got infected via the cctv machine and that is as far as it got.
Last edited by StickyMicky; 21 January 2009 at 10:52 PM.
22 January 2009, 05:12 AM
#17
Scooby Regular
iTrader: (8)
Join Date: Sep 2002
Location: Fife - Scotland
Posts: 4,455
Likes: 0
Received 0 Likes
on
0 Posts
pity !! was going to " borrow " a copy for use with the little acer aspire I have here, getting kinda fed up trying to work with linux !!!
22 January 2009, 08:04 AM
#18
Scooby Regular
iTrader: (1)
Join Date: Aug 2005
Location: Manchester ish
Posts: 18,547
Likes: 0
Received 0 Likes
on
0 Posts
i always thought windows would let you update major security things even with a dodgy copy?
(not actually speaking from experience as mine are all legit)
(not actually speaking from experience as mine are all legit)
22 January 2009, 08:10 AM
#19
Guest
Posts: n/a
Not any more as the genuine advantage software installs as part of automatic updates and that checks to see if you are using a legit license key.
22 January 2009, 10:39 AM
#21
Scooby Regular
Join Date: Aug 2003
Location: Sheffield; Rome of the North
Posts: 17,582
Likes: 0
Received 0 Likes
on
0 Posts
WGA was defeated almost immediately. The only success MS has had has been in acting against any websites who dared to host it. Google: "RemoveWGA".
22 January 2009, 04:08 PM
#22
Guest
Posts: n/a
Ta muchly!
Dave
22 January 2009, 04:42 PM
#23
Scooby Regular
iTrader: (1)
Join Date: Jul 2004
Location: There on the stair
Posts: 10,208
Likes: 0
Received 0 Likes
on
0 Posts
If you go here:
W32/Conficker.worm.gen.a
Read the details about the worm, specifically this bit:
Then go do a WHOIS on that domain:
Trafficconverter.biz - Traffic Converter
The status is 'suspended' but do you think that maybe:
Daniel Adams
of
13 Baterman Street
London
W1D 3AF
UNITED KINGDOM
GB
is in a spot of bother?
and he owns 50 odd other domains.....
W32/Conficker.worm.gen.a
Read the details about the worm, specifically this bit:
Attempts to download a malware file from the remote website
hxxp://trafficconverter.biz/[Removed]antispyware/[Removed].exe
New variants are connecting to various other hosts.
hxxp://trafficconverter.biz/[Removed]antispyware/[Removed].exe
New variants are connecting to various other hosts.
Then go do a WHOIS on that domain:
Trafficconverter.biz - Traffic Converter
The status is 'suspended' but do you think that maybe:
Daniel Adams
of
13 Baterman Street
London
W1D 3AF
UNITED KINGDOM
GB
is in a spot of bother?
and he owns 50 odd other domains.....
22 January 2009, 04:55 PM
#24
Scooby Senior
What gets my goat is the Antivirus companies and ISP's saying they're doing all they can to stop this.. bla, bla, bla. Well why don't the antivirus companies install their product on the ISP's servers, end of problem.
22 January 2009, 05:26 PM
#25
Scooby Regular
iTrader: (1)
Join Date: Jul 2004
Location: There on the stair
Posts: 10,208
Likes: 0
Received 0 Likes
on
0 Posts
They will be on the ISPs Servers, but as our traffic doesn't hit the Servers, it's academic.
All the web traffic is just passing through. If you would like the ISP to provide IDS on all web facing devices, be prepared to pay £1000 per month for your 'net connection and take a HUGE hit on the latency of all connections.
All the web traffic is just passing through. If you would like the ISP to provide IDS on all web facing devices, be prepared to pay £1000 per month for your 'net connection and take a HUGE hit on the latency of all connections.
22 January 2009, 06:06 PM
#26
Scooby Senior
You've lost me a little there Keiran
"Attempts to download a malware file from the remote website"
Surely this malware file is being uploaded in order to be downloaded, what's the problem with scanning uploaded files. You can't even put a pair of **** on some servers without it being picked.
Ah, perhaps my use of ISP was a little vague, would 'hosting company' work?
"Attempts to download a malware file from the remote website"
Surely this malware file is being uploaded in order to be downloaded, what's the problem with scanning uploaded files. You can't even put a pair of **** on some servers without it being picked.
Ah, perhaps my use of ISP was a little vague, would 'hosting company' work?
Last edited by JackClark; 22 January 2009 at 06:08 PM.
Thread
Thread Starter
Forum
Replies
Last Post
Steve Perriam
Non Scooby Related
13
18 September 2001 04:53 PM
