Community Forums => General Chat => Topic started by: BlackNMild2k1 on March 31, 2009, 03:51:20 AM
Title: **VIRUS ALERT** Cornficker to activate April 1st
Post by: BlackNMild2k1 on March 31, 2009, 03:51:20 AM
Quote
First scan your pc with this, it should detect all variants. This is a tool made by Microsoft and it's free: http://onecare.live.com/site/en-us/default.htm
Keep your windows installation updated, for gods sake. You have no excuse!
Quote
Conficker, also known as Downup, Downadup and Kido, is a computer worm that surfaced in October 2008 and targets the Microsoft Windows operating system.[1] The worm exploits a previously patched vulnerability in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, Windows 7 Beta, and Windows Server 2008 R2 Beta.[2] The worm has been unusually difficult for network operators and law enforcement to counter because of its combined use of advanced malware techniques.[3][4]
http://en.wikipedia.org/wiki/Conficker
Quote
Experts say it is the worst infection since 2003's SQL Slammer.[14] Estimates of the number of computers infected range from almost 9 million PCs[15][16] to 15 million computers.[17]
Quote
The worm has several mechanisms for pushing or pulling executable payloads over the network. To prevent payloads from being hijacked, variant A payloads are RC4-encrypted with a 512-bit key and RSA signed with a 1024-bit key; the payload is unpacked and executed only if the signature verifies with a public key embedded in the worm. Variant B increases the size of the RSA key to 4096 bits. So far, this has been used only to propagate newer versions of the worm.
* Variant A generates a list of 250 domain names every day across 5 Top-level domains (TLD). It attempts an HTTP connection to each in turn, expecting from any of them a signed payload.[4] As a countermeasure, ICANN and several TLD registrars began in February 2009 a coordinated barring of transfers and registrations for these domains. o Variant C contains code to sidestep these countermeasures by generating an expanded daily list of 50000 domains across 110 TLDs. This new pull mechanism, however, is disabled until April 1.[7][10][3] * Variant B creates a named pipe, over which it can push URLs for downloadable payloads to other infected hosts on a local area network.[10] * Variant C creates an ad-hoc peer-to-peer network to push and pull payloads over the wider Internet. This aspect of the worm is heavily obfuscated in code and not fully understood, but has been observed to use large-scale UDP scanning to build up a peer list of infected hosts and TCP for subsequent transfers of signed payloads. To make analysis more difficult, port numbers for connections are hashed from the Internet Protocol address of each peer.[10]
So nobody really knows whats going to happen on April 1st. I would recommend everybody to scan and update their systems, as to not risk being part of the giant zombie botnet that will start looking for instruction in two days. Patch your stuff!
http://onecare.live.com/site/en-us/v...32/Conficker.B More detailed info about the worm....
http://www.microsoft.com/technet/sec.../MS08-067.mspx Just pick your OS out of the table of links and update.
[/size]
I found this on another site. Just thought I would share. Links to more details at the bottom of quote. all of this is found on the MS website
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: Plugabugz on March 31, 2009, 05:32:23 AM
Yes this thing was a total pain to get rid of. I had up to date anti virus and it still got like that.
guess I'm screwed. that free scan won't work for me and I've tried nearly 10 times.
I'll see you guys when i decide to spend money on adequate anti-virus programs!
The world will be over after tomorrow. So you may NEVER see us again! Supposedly this virus may be controlled by a central system which will in turn create SkyNet which means ARMAGEDDON. Be scared!
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: stevey on March 31, 2009, 09:54:37 PM
Y2k #2?
seriously, why not just set you're clocks ahead a day?
never mind....
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: NWR_pap64 on March 31, 2009, 10:12:46 PM
Uh yeaaaaaaaahh no.
I'll gladly take my chances.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: BlackNMild2k1 on March 31, 2009, 10:13:27 PM
guess I'm screwed. that free scan won't work for me and I've tried nearly 10 times.
I'll see you guys when i decide to spend money on adequate anti-virus programs!
There's no such thing as adequate anti-virus programs, even paid ones.
The more "full-proof" the antivirus suite is, the bigger it is, the more obtrusive it is, the more anal it is, the more resources it takes up, and the more likely it'll run into false positives or unneeded security warnings. YOU'RE ABOUT TO VISIT...GONINTENDO.COM... ARE YOU SURE THIS IS SAFE? YES/NO
Just run your Windows Updates for now.
If you want to try a free AV tool, goto www.pctools.com. I only scan every other month; all other times I have the program disabled from startup (give me back my resources!).
If you think you might have naughty but dormant ad/spyware, or any other badware in general, try "Trojan Remover" -- this **** works. It's only a 30-day trial tho, but running once was enough to solve problems with different people's computers I offered to fix.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: ShyGuy on March 31, 2009, 10:36:52 PM
Trojan remover is very very good. It's probably the fastest malware tool on the market and it has the added benefit or re-enabling the Windows policies if the attack has disabled them.
SuperAntiSpyware is also very good and fast.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: BlackNMild2k1 on March 31, 2009, 10:47:10 PM
I also use Malwarebytes Anti-Malware
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: Stogi on March 31, 2009, 10:48:15 PM
TOO MUCH PR0N
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: ShyGuy on March 31, 2009, 10:48:47 PM
I would consider Malwarebytes Anti-Malware the third best right now. It is also good.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: Stogi on March 31, 2009, 10:59:49 PM
So I did the scans and it looks like I don't have AIDS!
HURRAY!
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: GoldenPhoenix on March 31, 2009, 11:03:30 PM
Skynet/Conficker C begins to learn at a geometric rate. It becomes self-aware at 12:00am Eastern Time.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: NinGurl69 *huggles on March 31, 2009, 11:13:23 PM
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: King of Twitch on April 01, 2009, 01:10:03 AM
I never allow windows to update, it'll just break something and take up space at the same time. Like on Wii
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: ThePerm on April 01, 2009, 01:25:39 AM
damnit installed the wrong version of linux! doesnt read my raid drive
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: ShyGuy on April 01, 2009, 03:06:10 AM
I'm waiting for the 9.04 version of Kubuntu.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: NinGurl69 *huggles on April 01, 2009, 03:25:56 AM
Looks like the coast is clear.
GREENLIGHT THE PR0N
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: ThePerm on April 01, 2009, 06:25:33 AM
booyah! Screw Windows! If it stops working I have a backup OS. I was definitely infected. My crap started acting all weird. I kept gettin a run32 error. Ugh. Now i just have to fiddle with this thing till I know what i'm doing
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: EasyCure on April 01, 2009, 09:56:44 AM
guess I'm screwed. that free scan won't work for me and I've tried nearly 10 times.
I'll see you guys when i decide to spend money on adequate anti-virus programs!
The world will be over after tomorrow. So you may NEVER see us again! Supposedly this virus may be controlled by a central system which will in turn create SkyNet which means ARMAGEDDON. Be scared!
with all the media coverage its gotten, you'd think this really was the case.
No my Norton Premier V3 seems to be doing a great job so far (my computer has even been running better with it).
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: BlackNMild2k1 on April 02, 2009, 03:11:48 AM
I cleaned my computer, but after visiting a questionable site involving *EXPLICATIVE* I now can't play any flash videos like youtube. Keeps asking me to enable javascript or upgrade my flash player.
java is enabled & I have the latest flash player (10.xxx)
Have to run the virus scanners again heh heh crisis averted :)
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: NinGurl69 *huggles on April 02, 2009, 03:32:53 AM
I found old unrelated dormant trojans during my vigorous scan today. I haven't done a vigorous scan in months.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: EasyCure on April 02, 2009, 09:49:02 AM
yeah, none of the linked AV scans worked for me, even downloading the free trial programs didn't work (they'd download and not open, then windows folders wouldn't close).
on the bright side, there aren't any MORE pop-ups than usual, so I'll just deal with it until something cataclysmic happens.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: Stogi on April 02, 2009, 09:54:17 AM
My firefox keeps trying to upgrade itself (and failing). In fact, everything that has tried to upgrade (including java) has failed. Also, something's are loading slower than usual, like video; it's choppy.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: BranDonk Kong on April 02, 2009, 10:09:23 AM
I use Windows Live OneCare...no issues here. It's fast, runs in the background, and you can usually get it for about $10 on eBay, after using the free 90-day trial.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: NinGurl69 *huggles on April 02, 2009, 12:21:14 PM
yeah, none of the linked AV scans worked for me, even downloading the free trial programs didn't work (they'd download and not open, then windows folders wouldn't close).
on the bright side, there aren't any MORE pop-ups than usual, so I'll just deal with it until something cataclysmic happens.
Dude that's the point of no return. Time to format.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: TJ Spyke on April 02, 2009, 12:36:41 PM
Microsoft doesn't like Firefox, it won't let me run the scan (and I stopped using Internet Explorer a long time ago because it was freezing up every day and now I can't even load it).
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: NinGurl69 *huggles on April 02, 2009, 01:17:07 PM
You format too.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: EasyCure on April 02, 2009, 02:02:32 PM
yeah, none of the linked AV scans worked for me, even downloading the free trial programs didn't work (they'd download and not open, then windows folders wouldn't close).
on the bright side, there aren't any MORE pop-ups than usual, so I'll just deal with it until something cataclysmic happens.
Dude that's the point of no return. Time to format.
To be honest it was doing this from time to time before the April 1st Worm-scae.. lulz
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: vudu on April 02, 2009, 02:05:33 PM
I read that something like only 6% of computers in America are infected with the worm. You guys have really bad luck.
I was fortunate enough to reformat my PC last month (for a completely unrelated issue) so I'm in the clear. ;D
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: EasyCure on April 02, 2009, 02:15:43 PM
meh
i was planning on getting a new computer anyway. I'm still running some old HP with windows XP installed and IE7
i'll just continue to download some music torrents and backing them up to disc until it dies.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: BlackNMild2k1 on April 02, 2009, 02:23:44 PM
Microsoft doesn't like Firefox, it won't let me run the scan (and I stopped using Internet Explorer a long time ago because it was freezing up every day and now I can't even load it).
IE Tab for FireFox https://addons.mozilla.org/en-US/firefox/addon/1419
never need to open IE again
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: Stogi on April 02, 2009, 07:16:00 PM
I feel like something is recording everything I type!
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: Shift Key on April 03, 2009, 04:13:50 AM
I feel like something is recording everything I type!
No I'm not! [/sarcasm]
A couple of tips for everyone:
A quick way to see if your system is compromised is available here: http://www.confickerworkinggroup.org/infection_test/cfeyechart.html
What this is doing is requesting images from known antivirus sites. Conficker is actively blocking access to these sites so that victims cannot download antivirus updates. So no images means you're probably infected. Note that the inverse (you can see the images, so you're all clear) is not true - you should definitely get your hands on a cleanup tool and ensure that you're in the clear.
Here's a link to a cleanup tool which should get around the virus blocking attempts - its a tech site rather than a vendor: http://majorgeeks.com/download6158.html
Any other questions?
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: EasyCure on April 03, 2009, 08:54:37 AM
I feel like something is recording everything I type!
No I'm not! [/sarcasm]
A couple of tips for everyone:
A quick way to see if your system is compromised is available here: http://www.confickerworkinggroup.org/infection_test/cfeyechart.html
What this is doing is requesting images from known antivirus sites. Conficker is actively blocking access to these sites so that victims cannot download antivirus updates. So no images means you're probably infected. Note that the inverse (you can see the images, so you're all clear) is not true - you should definitely get your hands on a cleanup tool and ensure that you're in the clear.
Here's a link to a cleanup tool which should get around the virus blocking attempts - its a tech site rather than a vendor: http://majorgeeks.com/download6158.html
Any other questions?
yeah, what should i do if that doesnt work?
(haven't tested it yet, since i'm not at home)
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: NinGurl69 *huggles on April 03, 2009, 12:31:38 PM
Dude time to format.
Well, backup the important stuff onto an external hard drive and have a "clean" computer run scans on those contents (beware of that funky autorun/resycled.com malware that immediately attacks removable drives).
Dump IE and use SeaMonkey. Install WinPatrol to help you monitor your startup programs (for bad stuff).
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: EasyCure on April 03, 2009, 01:33:33 PM
Well, backup the important stuff onto an external hard drive and have a "clean" computer run scans on those contents (beware of that funky autorun/resycled.com malware that immediately attacks removable drives).
Dump IE and use SeaMonkey. Install WinPatrol to help you monitor your startup programs (for bad stuff).
Thanks for all your help Pro, but no need to do any of these. I just saw on the news that there was a massive explosive at my building when SWAT teams had no choise but to fire missiles at some giant peice of machinery that was assimilating all local electronic hardware.
Oh and also Rosie O'Donnel was there
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: NinGurl69 *huggles on April 03, 2009, 02:23:31 PM
She's got a computer for you?
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: EasyCure on April 03, 2009, 03:03:02 PM
yeah i was referening south park there.. when cartman gets assimilated by his trapper keeper. i know at least you'd get it.
any who i'm gonna go with pros advice and hit that bi reset button, so to speak. too bad i gotta backshit up first. i wont get tihs done for awhile lol
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: ThePerm on April 13, 2009, 03:31:44 AM
holy crap my computer operates on ridiculously dead levels in windows now.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: BlackNMild2k1 on April 13, 2009, 03:34:26 AM
reformat?
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: ThePerm on April 13, 2009, 03:56:30 AM
yeah that seems like the step..i just need to find my disks. I backed up all my data, i just need to wipe this thing out.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: Stratos on April 13, 2009, 04:37:05 AM
"Wipe them out. All of them."
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: EasyCure on April 13, 2009, 10:02:47 AM
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: ThePerm on May 12, 2009, 03:56:54 PM
yay, i reinistalled windows and everything is double fast now, i had some hitches getting my wireless installed but it works now.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: BlackNMild2k1 on May 12, 2009, 03:59:39 PM
now stay off the questionable porn sites and install an adblocker & noscript & you should be ok as long as you have the necessary virus & spyware protection too.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: EasyCure on May 12, 2009, 04:06:48 PM
now stay off the questionable porn sites and install an adblocker & noscript & you should be ok as long as you have the necessary virus & spyware protection too.
Your telling me there are unquestionable porn sites? They're all sketch to me. Computer plague waiting to happen.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: EasyCure on May 13, 2009, 08:59:42 AM
now stay off the questionable porn sites and install an adblocker & noscript & you should be ok as long as you have the necessary virus & spyware protection too.
Your telling me there are unquestionable porn sites? They're all sketch to me. Computer plague waiting to happen.
Just likes whores IRL
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: UncleBob on May 13, 2009, 09:17:32 AM
What's this porn you all speak of?
Give me some links so I can figure out what you're talking about.
:D
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: EasyCure on May 13, 2009, 09:37:20 AM
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: ThePerm on June 29, 2009, 09:57:14 PM
so i got another virus, this time i was checking out tmz.com checking out the death of Billy Mays and "Protection System" decides it wants to install itself without asking. This is the most rediculous **** ever, i need to do a format, but i can't because i got too much work on my portfolio, i'm going to have to clear out an extra hd, move my stuff. Format the existing hd and then re-install windows. Luckily ubuntu has my back, and i can use it when crap aint working. I would just use ubuntu, but gimp is not quite as nice as photoshop, and ubuntu wont seem to install itself on my computer, every time i run it, it always decides its in installation mode. ugh. if i could get aholf of the person who created this virus, i would torture them for days. I get over a virus, re-install windows, everything is fine for like a month, then i have to do it again, ok system works i think im in the clear, nope. this time this thing is worse and i can't fix it. This thing has root access and unless i format this thing will always be there.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: BranDonk Kong on June 29, 2009, 10:27:14 PM
Do you have any antivirus software? Get Windows Live OneCare, it's free for 90 days, and you can get the full version on eBay for $15 or so, and install it on 3 computers for a year. Also, don't go to tmz.com.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: ThePerm on June 29, 2009, 10:30:54 PM
the virus wont let me download from any anti virus sites, if i go to any one of them it punishes me by putting links to pornotube, and like other porno sites with porn icons on my desktop. Yeah im thinking about going to the store and buying something.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: BlackNMild2k1 on June 29, 2009, 10:38:27 PM
Man you gotta do something. You don't have a friend that can download the program and put it on a disc for you, then you boot up in safe mode and install it?
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: NinGurl69 *huggles on June 29, 2009, 10:39:24 PM
it might block that installation too.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: Stratos on June 30, 2009, 12:14:00 AM
Try installing in SafeMode. You might get lucky and trick the virus.
Also, sometimes you can just brute force your way through the installation process depending on how it is stopping you. You say it 'punishes' you. Is that all it does, add links and pop ups? Or do you actually get error messages that stop the install process?
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: BranDonk Kong on June 30, 2009, 12:21:58 AM
Do this - take out your HDD, get an external enclosure (you can take it back when you're done), but it in the enclosure, and let someone else with some antivirus software clean it for you. You can also create a new FAT32 partition in Ubuntu (I assume, or just a RAW partition), then install a fresh copy of Windows there, download the AV software, and clean all of your partitions. Reinstalling Windows is a last resort.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: Stratos on June 30, 2009, 12:23:38 AM
If the Win32 kernel is infected you may just be screwed.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: EasyCure on June 30, 2009, 10:49:04 AM
the virus wont let me download from any anti virus sites, if i go to any one of them it punishes me by putting links to pornotube, and like other porno sites with porn icons on my desktop. Yeah im thinking about going to the store and buying something.
If the Win32 kernel is infected you may just be screwed.
The what? I believe i've had this affected for awhile.. but i might be confusing win32 for something else..?
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: ThePerm on July 01, 2009, 03:01:18 AM
i would fix everything from ubuntu, but i can't. Ubuntu just doesnt recoginize my drive. Its as if its not there at all, It reads my hd on the pATA cord, but not the SATA cord. I think the newer version of Ubuntu might. I have Ubuntu 8, but not 9..i need to make a new bootdisk.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: Stratos on July 01, 2009, 03:19:00 AM
If the Win32 kernel is infected you may just be screwed.
The what? I believe i've had this affected for awhile.. but i might be confusing win32 for something else..?
Quote from: Wikipedia
The Windows API, informally WinAPI, is Microsoft's core set of application programming interfaces (APIs) available in the Microsoft Windows operating systems.
Quote from: Wikipedia
Base Services- Provide access to the fundamental resources available to a Windows system. Included are things like file systems, devices, processes and threads, and error handling. These functions reside in kernel.exe, krnl286.exe or krnl386.exe files on 16-bit Windows, and kernel32.dll on 32-bit Windows.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: ThePerm on July 01, 2009, 04:17:10 AM
yeah when i reinstall windows and i look at the computer management, Theres an error warning that says an unknown accesses the root before i've finished installing the new version of windows. If this were on my pATA drive, i could just fix it from linux by deleting all windows directories, like documents and settings, program files, and windows. What i worry about is where else is this thing stored. I stuck a sd card in my dads computer and the thing had a file name Belkinblahblah.exe for the virus, luckily that computer is solidly protected and AVG caught it before it was a problem. I would have had my AVG on, but i have to turn it off to run certain programs. Anyhow so i caught the virus. I'm wondiering if its possible for the virus to install itself on my wireless G belkin thumb adapter. Its not a storage drive, but im wondering if the virus can install itself on the firmware with a redirect for AVG. Like i said I have thought about ways to torture the virus programmer.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: EasyCure on July 01, 2009, 09:55:01 AM
If the Win32 kernel is infected you may just be screwed.
The what? I believe i've had this affected for awhile.. but i might be confusing win32 for something else..?
Quote from: Wikipedia
The Windows API, informally WinAPI, is Microsoft's core set of application programming interfaces (APIs) available in the Microsoft Windows operating systems.
Quote from: Wikipedia
Base Services- Provide access to the fundamental resources available to a Windows system. Included are things like file systems, devices, processes and threads, and error handling. These functions reside in kernel.exe, krnl286.exe or krnl386.exe files on 16-bit Windows, and kernel32.dll on 32-bit Windows.
??? *sits in corners with knees to chest, rocking back and forth*
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: Stratos on July 01, 2009, 04:41:49 PM
Backup what you can and reformat is what I would say. And make sure the way you back it up is secure so any viruses do not spread.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: EasyCure on July 02, 2009, 09:25:24 AM
*sits in corners with knees to chest, rocking back and forth*
These days you don't even need root access to do some nasty stuff. The really scary stuff is coming in through the web browser - as what happened to Perm, he was the victim of a drive-by-download attack. Didn't need any user interaction, didn't trigger any admin warnings or prompts. It just used an exploit in IE7 (it may not be, but my money's on that) to install something to a protected directory and BAM, compromised machine.
Pro Tip: Firefox + AdBlock + NoScript. Seriously, protect yourself out there.
Visiting random sites is also a quick and easy way to get infected with something random.
And make sure the way you back it up is secure so any viruses do not spread.
Put it onto a secondary drive. Nuke it. Reinstall and setup antivirus and install those system updates and patches. THEN (and only then) do you even consider bringing over your files.
If this were on my pATA drive, i could just fix it from linux by deleting all windows directories, like documents and settings, program files, and windows. What i worry about is where else is this thing stored. I stuck a sd card in my dads computer and the thing had a file name Belkinblahblah.exe for the virus, luckily that computer is solidly protected and AVG caught it before it was a problem. I would have had my AVG on, but i have to turn it off to run certain programs. Anyhow so i caught the virus. I'm wondiering if its possible for the virus to install itself on my wireless G belkin thumb adapter. Its not a storage drive, but im wondering if the virus can install itself on the firmware with a redirect for AVG.
1. 90% of the time, once malware has root access, it'll bury itself in a combination of places - the most common that I've dealt with is "C:\Windows\System32" and "C:\Program Files\*some application name*".
2. Ugh. Not that I have the full story, but antivirus isn't a _sometimes_ thing. You never appreciate it until you realise you weren't using it.
3. To perform a firmware update (lets say he wanted to prevent USB wireless dongles from being used to surf to AV sites), the malware guy would need to have a modified-but-still-working firmware available for each possible chipset/manufacturer/device combination. He may target only your device chipset, but the cost-benefit ratio is heavily weighted in the cost category. If I were a bad guy it'd be easier to monitor network activity at the kernel level and block your AV attempts there (and I don't have to worry about targeting the underlying hardware). Much less effort for much more benefit.
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: ThePerm on July 02, 2009, 05:28:28 PM
no it wasn't internet explorer it was firefox...so watch out. Firefox might be too popular nowadays making it a target, might want to switch to opera, although that could turn into a Jim's Drugs sort of situation
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: NinGurl69 *huggles on July 02, 2009, 06:12:32 PM
Did you use No Script or not?
[Seamonkey supports FF's plugins, so i'm good]
Title: Re: **VIRUS ALERT** Cornficker to activate April 1st
Post by: BlackNMild2k1 on June 01, 2010, 01:29:23 PM
No new VIRUS ALERT or anything, but a new article about the Cornficker virus was posted today and though some of you might want some reading material to help pass the time at work.
