imported_Imp
Diamond Member
- Dec 20, 2005
- 9,148
- 0
- 0
Originally posted by: Raduque
Anybody got a link to a legitimate tool that lets you know if a computer is infected with conficker?
Originally posted by: Raduque
Anybody got a link to a legitimate tool that lets you know if a computer is infected with conficker?
C:\>conficker_mem_killer
----------------------------------
Conficker Memory Disinfector
----------------------------------
Felix Leder, Tillmann Werner 2009
{leder, werner}@cs.uni-bonn.de
----------------------------------
Examining [0] [System Process]: Error [1300] SetPrivilege: Not all privileges or
groups referenced are assigned to the caller.
no match
Examining [4] System: Error [1300] SetPrivilege: Not all privileges or groups re
ferenced are assigned to the caller.
no match
Examining [360] smss.exe: Error [1300] SetPrivilege: Not all privileges or group
s referenced are assigned to the caller.
no match
Examining [504] csrss.exe: Error [1300] SetPrivilege: Not all privileges or grou
ps referenced are assigned to the caller.
no match
Examining [564] wininit.exe: Error [1300] SetPrivilege: Not all privileges or gr
oups referenced are assigned to the caller.
C:\>regnfile_01
----------------------------------
Conficker File and Registry Checker
----------------------------------
Felix Leder, Tillmann Werner 2009
{leder, werner}@cs.uni-bonn.de
----------------------------------
On this computer Conficker will be installed in...
Conficker.A...
DLL: unknown (random)
Conficker.B...
DLL: C:\Windows\system32\xlreyirz.dll...clean (non existent)
Registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\a
gjjvf
Registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ag
jjvf
Conficker.C...
DLL: C:\Windows\system32\mvfhnl.dll...clean (non existent)
Registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\e
nppfensf
Registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\en
ppfensf
C:\>
Originally posted by: Imp
My AV is up to date, but thanks to all the hype, I will update my Windows for once.
Originally posted by: ViRGE
Why? There have been plenty of botnet worms before that do the exact same thing. Why is everyone in such a tizzy over this one?Originally posted by: Joemonkey
Our security team is going crazy over this thing... be interesting to see what happens
Originally posted by: vi edit
Originally posted by: ViRGE
Why? There have been plenty of botnet worms before that do the exact same thing. Why is everyone in such a tizzy over this one?Originally posted by: Joemonkey
Our security team is going crazy over this thing... be interesting to see what happens
I've been through code red, nimbda, slammer, ect. None of them have spread as fast and been as destructive as this thing. .
Originally posted by: Gunbuster
So why cant they monitor what it's checking for timesync and then forge the responses to set off the thing and find out where it will pull new instructions from. Then just DDOS that site.
Originally posted by: TallBill
Originally posted by: Imp
My AV is up to date, but thanks to all the hype, I will update my Windows for once.
Mine was too, but Conficker has hidden in my antivirus process. I ran those cleaner programs, but who knows. I really need to find my Vista disc and reinstall anyways, perhaps now is the time.
Edit - And apparently in windows defender too.
Originally posted by: Demon-Xanth
Originally posted by: seemingly random
Since it's april 1 somewhere in the world right now, it seems that the question can now be answered.
March has 31 days.
Originally posted by: amdhunter
I want in on this...anyone know where I can get infected? I have a VM I can use to play with this.
Originally posted by: nobody554
Originally posted by: amdhunter
I want in on this...anyone know where I can get infected? I have a VM I can use to play with this.
Ditto that. I wanna see what happens.
Since version .B, Conficker has included virtual machine detection capabilities. It evaluates the result of the
SLDT instruction to determine whether it runs in a virtual environment.
Originally posted by: Imp
Originally posted by: TallBill
Originally posted by: Imp
My AV is up to date, but thanks to all the hype, I will update my Windows for once.
Mine was too, but Conficker has hidden in my antivirus process. I ran those cleaner programs, but who knows. I really need to find my Vista disc and reinstall anyways, perhaps now is the time.
Edit - And apparently in windows defender too.
What the hell...
Damnit, wasn't going to pay much of any attention to this. Now I've gotta get out the paranoid hat.
Your first step should be the tools you already have: Windows Update, to make sure your computer is fully patched, and your current antivirus software, to make sure anything that slips through the cracks is caught.
But if Conficker's already on your machine, it may bypass certain subsystems and updating Windows and your antivirus at this point may not work. If you are worried about anything being amiss -- try booting into Safe Mode, which Conficker prevents, to check -- you should run a specialized tool to get rid of Conficker.