Conficker Virus - MS patch
Conficker Virus - MS patch
For windows xp - http://www.microsoft.com/downloads/d...displaylang=en
Estimates are 9m infections but it hasnt been activated yet.
Estimates are 9m infections but it hasnt been activated yet.
Guest
Posts: n/a
I saw all the media hype about this worm/virus/patch - thought I'd check that I had it installed. (XP). Had to Google how to find out the patches I have installed. Found the easiest way was to look in the registry. So just to point anyone else in the same direction you can use 'regedit' [Start/run/regedit] and look at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\
This lists all the SW you have installed, including patches. You'd think they'd make it easier .......
Dave
PS: they probably do but I couldn't see how ....
This lists all the SW you have installed, including patches. You'd think they'd make it easier .......
Dave
PS: they probably do but I couldn't see how ....
Not strictly true. Corporates can have slow update policies and extensively test patches before releasing them into the infrastructure. Then there are those corporates who have no IT policy and get caught with their pants down like this....
This patch was released on October 23rd so there really is no excuse.
Sheffield City NHS management should be shot for turning off ALL updates because one pc had an issue with automatic reboots.
So true, company I work for has only just (past few months) done a roll out to update xp pro to service pack 2 - this was after sp3 had been released, and its quite a big company I work for as well
Trending Topics
Scooby Senior
Joined: Nov 2001
Posts: 4,130
Likes: 0
From: West Yorks.
I saw all the media hype about this worm/virus/patch - thought I'd check that I had it installed. (XP). Had to Google how to find out the patches I have installed. Found the easiest way was to look in the registry. So just to point anyone else in the same direction you can use 'regedit' [Start/run/regedit] and look at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\
This lists all the SW you have installed, including patches. You'd think they'd make it easier .......
Dave
PS: they probably do but I couldn't see how ....
This lists all the SW you have installed, including patches. You'd think they'd make it easier .......
Dave
PS: they probably do but I couldn't see how ....
Last edited by MJW; Jan 21, 2009 at 10:12 AM.
Scooby Senior
Joined: Dec 2000
Posts: 20,896
Likes: 53
From: Overdosed on LCD
The antivirus companies will be rubbing their hands together as will the ISP's who are allowing this particular piece of code to register the hundreds of domains and hosting packages daily, who's paying and will the card owners be traced and for a refund. Why are the domains continuing to be registered? Would you take steps to stop this lucrative revenue stream?
The efforts of the antivirus companies and ISP's will be minimal I can assure you.
The efforts of the antivirus companies and ISP's will be minimal I can assure you.
Scooby Regular
Joined: Feb 2004
Posts: 3,763
Likes: 0
From: High Wycombe
Guest
Posts: n/a
where I work they decided to put a stop on all my wsus infrastructure in October as apparently they didn't agree to it being pre approved even though it had been done for more than 2 years with me doing it 
Since October I have had nothing but political bullsh!t stopping patching from going ahead. Now they are screaming patch this patch that and what was a once perfectly up to date wintel estate is now a shocking mess in regards to patches as they are only allowing certain patches out onto certain servers. 
Scooby Regular
Joined: Feb 2004
Posts: 3,763
Likes: 0
From: High Wycombe
F-Secures log of originating IP's supports my "dodgy install" theory:
How Big is Downadup? Very Big. - F-Secure Weblog : News from the Lab
How Big is Downadup? Very Big. - F-Secure Weblog : News from the Lab
Scooby Regular
Joined: Feb 2003
Posts: 21,611
Likes: 0
From: Zed Ess Won Hay Tee
had some trouble logging into the works CCTV pc from last friday, had a look at it just now and found this downadup thing while doing a safe mode virus scan
avg free 8.0 has found various things and put them in the virus vault, including 2 worms while i was logging into the router via my laptop (flashed on screen)
so i booted it into safe mode and started a full check, thing is the works machine, although only used for the CCTV program, also runs a http server so i can login from home. i found that leaving auto updates switched on was allowing the staff to click the title bar while the bubble thing was on screen and getting to the desktop quite easy, so switched it all off, do not want them to kill the pc and do sneaky valets for cash while i am not around so it needs to stay "locked"
so far the check has found the suspect ecbxse[1].gif file and is ploughing into the rest of the hard drives.
avg free 8.0 has found various things and put them in the virus vault, including 2 worms while i was logging into the router via my laptop (flashed on screen)
so i booted it into safe mode and started a full check, thing is the works machine, although only used for the CCTV program, also runs a http server so i can login from home. i found that leaving auto updates switched on was allowing the staff to click the title bar while the bubble thing was on screen and getting to the desktop quite easy, so switched it all off, do not want them to kill the pc and do sneaky valets for cash while i am not around so it needs to stay "locked"
so far the check has found the suspect ecbxse[1].gif file and is ploughing into the rest of the hard drives.
Last edited by StickyMicky; Jan 21, 2009 at 04:21 PM.
Scooby Regular
Joined: Feb 2003
Posts: 21,611
Likes: 0
From: Zed Ess Won Hay Tee
Some people say yes, some people say no, i can only compare it with norton, in that respect its vastly superior!
Cant say i have ever had a real problem with "AVG free" to be honest.
The works cctv machine does nothing except run the CCTV program, dyndns to upload the current IP and a small hhtp server to allow me to login from home, no internet browsing or anything like that, so i am doubtful that paying for some "proper" antivirus program is worth it?
checked the laptop i use at work for browsing, it was clean, also switched auto updates on and found i had 80mb of patches to install
came home and checked the home desktop (took 4 hours to scan in safe mode) and that was clean, need to check the missus`s laptop tomorrow but would assume its going to be fine, suspect i got infected via the cctv machine and that is as far as it got.
Cant say i have ever had a real problem with "AVG free" to be honest.
The works cctv machine does nothing except run the CCTV program, dyndns to upload the current IP and a small hhtp server to allow me to login from home, no internet browsing or anything like that, so i am doubtful that paying for some "proper" antivirus program is worth it?
checked the laptop i use at work for browsing, it was clean, also switched auto updates on and found i had 80mb of patches to install
came home and checked the home desktop (took 4 hours to scan in safe mode) and that was clean, need to check the missus`s laptop tomorrow but would assume its going to be fine, suspect i got infected via the cctv machine and that is as far as it got.
Last edited by StickyMicky; Jan 21, 2009 at 10:52 PM.
pity !! was going to " borrow " a copy for use with the little acer aspire I have here, getting kinda fed up trying to work with linux !!!
Guest
Posts: n/a
Not any more as the genuine advantage software installs as part of automatic updates and that checks to see if you are using a legit license key.
Guest
Posts: n/a
Ta muchly!
Dave
If you go here:
W32/Conficker.worm.gen.a
Read the details about the worm, specifically this bit:
Then go do a WHOIS on that domain:
Trafficconverter.biz - Traffic Converter
The status is 'suspended' but do you think that maybe:
Daniel Adams
of
13 Baterman Street
London
W1D 3AF
UNITED KINGDOM
GB
is in a spot of bother?
and he owns 50 odd other domains.....
W32/Conficker.worm.gen.a
Read the details about the worm, specifically this bit:
Attempts to download a malware file from the remote website
hxxp://trafficconverter.biz/[Removed]antispyware/[Removed].exe
New variants are connecting to various other hosts.
hxxp://trafficconverter.biz/[Removed]antispyware/[Removed].exe
New variants are connecting to various other hosts.
Then go do a WHOIS on that domain:
Trafficconverter.biz - Traffic Converter
The status is 'suspended' but do you think that maybe:
Daniel Adams
of
13 Baterman Street
London
W1D 3AF
UNITED KINGDOM
GB
is in a spot of bother?
and he owns 50 odd other domains.....
Scooby Senior
Joined: Dec 2000
Posts: 20,896
Likes: 53
From: Overdosed on LCD
What gets my goat is the Antivirus companies and ISP's saying they're doing all they can to stop this.. bla, bla, bla. Well why don't the antivirus companies install their product on the ISP's servers, end of problem.
They will be on the ISPs Servers, but as our traffic doesn't hit the Servers, it's academic.
All the web traffic is just passing through. If you would like the ISP to provide IDS on all web facing devices, be prepared to pay £1000 per month for your 'net connection and take a HUGE hit on the latency of all connections.
All the web traffic is just passing through. If you would like the ISP to provide IDS on all web facing devices, be prepared to pay £1000 per month for your 'net connection and take a HUGE hit on the latency of all connections.
Scooby Senior
Joined: Dec 2000
Posts: 20,896
Likes: 53
From: Overdosed on LCD
You've lost me a little there Keiran
"Attempts to download a malware file from the remote website"
Surely this malware file is being uploaded in order to be downloaded, what's the problem with scanning uploaded files. You can't even put a pair of **** on some servers without it being picked.
Ah, perhaps my use of ISP was a little vague, would 'hosting company' work?
"Attempts to download a malware file from the remote website"
Surely this malware file is being uploaded in order to be downloaded, what's the problem with scanning uploaded files. You can't even put a pair of **** on some servers without it being picked.
Ah, perhaps my use of ISP was a little vague, would 'hosting company' work?
Last edited by JackClark; Jan 22, 2009 at 06:08 PM.
Thread
Thread Starter
Forum
Replies
Last Post
