[identity profile] karadin.livejournal.com posting in [community profile] gackt_army
The worm spreads via sharing files and even if you've updated and used the patch your computer you can still be infected by this worm.

You can tell you've been infected when
* Access to security-related sites is blocked (such as microsoft and mcafee)
* Users are locked out of the directory
* Traffic is sent through port 445 on non-Directory Service (DS) servers
* Access to administrator shared drives is denied
* Autorun.inf files are placed in the recycled directory, or trash bin


check if you can access these sites
http://www.mcafee.com/us/
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
and there is also a test
http://www.mcafee.com/us/enterprise/confickertest.html

The first thing the worm will do is auto install a system called 'Antivirus XP 2008 (or 2009) This is NOT A REAL PRODUCT, do not allow your computer to finish installing.

'McAfee (Avert) Conficker Stinger' is a program that can remove the worm, access from the McAfee site, http://www.mcafee.com/us/threat_center/conficker.html

(If you cannot access, google and retrieve by an indirect route - you know you have the right program when you see S.T.I.N.G.E.R. exe - vil.nai.com when you download)

Note: you must have your system restore disabled for the program to work, as this is where the worm is embedded. As soon as the worm is removed, re-enable the system restore. Then run the Microsoft Windows Malignant Software Removal Tool.

Run an antivirus - antimalware scan, run updates on your Windows and Security system.

To protect your computer from further attacks, make your passwords are as secure as possible, disable auto-run from Windows, make sure this change is made in Registry. Check both the Microsoft and McAfee sites for security updates.

Date: 2009-04-11 04:47 pm (UTC)
From: [identity profile] tanfouk.livejournal.com
i really appreciate your detailed account of what to look out for and what to do.

Date: 2009-04-11 07:20 pm (UTC)
From: [identity profile] blazing-shadow.livejournal.com
Thanks for the update.

Date: 2009-04-13 01:11 am (UTC)
teasingfool: (Bowie: Eye)
From: [personal profile] teasingfool
Thank you very much for this information.

Profile

gackt_army: Gackt Army International Fanclub Logo (Default)
GACKT ARMY

April 2017

S M T W T F S
      1
23 45678
9101112131415
16171819202122
23242526272829
30      

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Jul. 26th, 2025 06:02 am
Powered by Dreamwidth Studios