![[community profile]](https://www.dreamwidth.org/img/silk/identity/community.png){kind=small}
Conficker Worm Update
Apr. 11th, 2009 10:44 am![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
karadin.livejournal.comThe worm spreads via sharing files and even if you've updated and used the patch your computer you can still be infected by this worm.
You can tell you've been infected when
* Access to security-related sites is blocked (such as microsoft and mcafee)
* Users are locked out of the directory
* Traffic is sent through port 445 on non-Directory Service (DS) servers
* Access to administrator shared drives is denied
* Autorun.inf files are placed in the recycled directory, or trash bin
check if you can access these sites
http://www.mcafee.com/us/
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
and there is also a test
http://www.mcafee.com/us/enterprise/confickertest.html
The first thing the worm will do is auto install a system called 'Antivirus XP 2008 (or 2009) This is NOT A REAL PRODUCT, do not allow your computer to finish installing.
'McAfee (Avert) Conficker Stinger' is a program that can remove the worm, access from the McAfee site, http://www.mcafee.com/us/threat_center/conficker.html
(If you cannot access, google and retrieve by an indirect route - you know you have the right program when you see S.T.I.N.G.E.R. exe - vil.nai.com when you download)
Note: you must have your system restore disabled for the program to work, as this is where the worm is embedded. As soon as the worm is removed, re-enable the system restore. Then run the Microsoft Windows Malignant Software Removal Tool.
Run an antivirus - antimalware scan, run updates on your Windows and Security system.
To protect your computer from further attacks, make your passwords are as secure as possible, disable auto-run from Windows, make sure this change is made in Registry. Check both the Microsoft and McAfee sites for security updates.
You can tell you've been infected when
* Access to security-related sites is blocked (such as microsoft and mcafee)
* Users are locked out of the directory
* Traffic is sent through port 445 on non-Directory Service (DS) servers
* Access to administrator shared drives is denied
* Autorun.inf files are placed in the recycled directory, or trash bin
check if you can access these sites
http://www.mcafee.com/us/
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
and there is also a test
http://www.mcafee.com/us/enterprise/confickertest.html
The first thing the worm will do is auto install a system called 'Antivirus XP 2008 (or 2009) This is NOT A REAL PRODUCT, do not allow your computer to finish installing.
'McAfee (Avert) Conficker Stinger' is a program that can remove the worm, access from the McAfee site, http://www.mcafee.com/us/threat_center/conficker.html
(If you cannot access, google and retrieve by an indirect route - you know you have the right program when you see S.T.I.N.G.E.R. exe - vil.nai.com when you download)
Note: you must have your system restore disabled for the program to work, as this is where the worm is embedded. As soon as the worm is removed, re-enable the system restore. Then run the Microsoft Windows Malignant Software Removal Tool.
Run an antivirus - antimalware scan, run updates on your Windows and Security system.
To protect your computer from further attacks, make your passwords are as secure as possible, disable auto-run from Windows, make sure this change is made in Registry. Check both the Microsoft and McAfee sites for security updates.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}