Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is it Conficker?


  • Please log in to reply
3 replies to this topic

#1 Virus_Killer

Virus_Killer

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 10 June 2009 - 01:54 AM

Hello!

Me and my friends learn with laptops at school. We use the same wireless connection. Well, today I checked my friend's computer (she asked me to download MSN for her). I tried to download, but Microsoft's site was blocked. Than I tried to get to other anti-virus sites, and it was blocked either. I entered the Conficker Eye Chart, as I was very suspicious. I could see all the pictures. I know Conficker sends itself via the wireless network to every connected computer, so I checked another laptop. The same blocked sites.

Another very strange fact: they both have more then 5 svchost.exe processes. I'm not sure it's connected to our problem. I downloaded Spyboy on their computers (strangely it wasn't blocked), and updated it. It found about 9 to 10 problems, one of them is something like "Windows Automatic Updates_Disabled". After the scan, I couldn't get to any other anti-virus sites, like before! Can you please tell me what should I do? I tried updating
MBAM or AVG on their computers- it didn't work. Should I tell them not to connect to the internet, so they won't infect the whole class?

Their are as stupid as shoes when it is about computers. Nobody has an anti-virus that really works. Only my computer isn't infected :thumbsup:
Please answer as fast as you can, as I'm afraid our laptops will get "Kaput".

Waiting for advice, Daniel.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:14 PM

Posted 10 June 2009 - 10:54 AM

Is the wireless connection something the school provides? If so, has anyone contacted and advised the school's IT Department? The IT staff generally has procedures in place to deal with malware infections to protect the network and school resources. Further, the malware you are dealing with may have already infected the network. If that's the case, the IT Department needs to be advised right away so they can take the appropriate measures.

If no one is using any school resources, you can start by reading How to remove Downadup and Conficker worm and Protect yourself from the Conficker computer worm. Have each of your friends who are infected read those articles too.

The Conficker/Downadup Worm targets unpatched systems so be sure they read Conflicker Worm - More Potent MS08-067 attacks to unpatched systems.

There are a number of free removal tools available to download and use.Symantec W32.Downadup Removal Tool
McAfee AVERT Stinger for W32/Conficker - alternate download
F-Secure Downadup Removal Tool
Sophos Conficker Clean-up Tool - alternate download
F-Secure Downadup Removal Tool Instructions
BitDefender Anti-Downadup tool - alternate download
You can also download and perform a Full scan with Microsoft's Malicious Software Removal Tool.

However, if your friends do not keep their computers up to date with all critical Windows updates/patches, do not use an anti-virus, firewall and other anti-malware protection and you all continue to use the same wireless network, then they all remain at risk to malware infection.

Just in case you are not dealing with Conficker, everyone should also download and scan with Malwarebytes Anti-Malware. Print out and follow these Instructions for scanning with Malwarebytes Anti-Malware and perform a Quick Scan in normal mode followed by rebooting the machine. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

If no one can use the Internet or download any programs, then they are going to need access to another (clean) computer with an Internet connection such as yours. The removal tools can be downloaded and saved to a flash (usb, pen, thumb, jump) drive or CD and transfered to the infected machines where they can be used. As you are dealing with multiple computers, I would advise you to use a CD to keep your usb drive from accidentally becoming infected.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Virus_Killer

Virus_Killer
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 11 June 2009 - 05:41 AM

Thank you so much!

I entered the first link, and downloaded BitDefender's Anti-Downadup. Then I extracted it to a Disk-On-Key, and healed some computers.

I have 2 question:

- What should I do after I clean their system from that virus, to make sure it won't happen again? Most of the pupils had an anti-virus running.

- The network is only for our class. We are the only one in school to study with laptops. We are in the 7 grade. Well, my question is how do I make sure
the virus won't infect others? I didn't clean all the computers in my class. When I asked our computers teacher, he told me if somebody gets infected, he should re-install Windows. He is an idiot, I know. So, can I make sure our system is safe?

And again, thanks for the fast reply and the good advice :thumbsup:

Edited by Virus_Killer, 11 June 2009 - 05:44 AM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:14 PM

Posted 11 June 2009 - 06:51 AM

What should I do after I clean their system from that virus, to make sure it
won't happen again?

Make sure everyone uses Windows update to download all critical updates/patches. These two links contain important information and all your friends should read them.

Conflicker Worm - More Potent MS08-067 attacks to unpatched systems
Protect yourself from the Conficker computer worm

Tips to protect yourself against malware and reduce the potential for re-infection:Keep Windows and Internet Explorer current with all critical updates from Microsoft which will patch many of the security holes through which attackers can gain access to your computer. If you're not sure how to do this, see Microsoft Update helps keep your computer current.

Avoid gaming sites, porn sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Malicious worms, backdoor Trojans IRCBots, and rootkits spread across P2P file sharing networks, gaming, porn and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.Keeping Autorun enabled on USB (pen, thumb, jump) and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:Many security experts recommend you disable Autorun asap as a method of prevention. Microsoft recommends doing the same.

...Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network shares, or other media containing a file system with an Autorun.inf file...

Microsoft Security Advisory (967940): Update for Windows Autorun

The network is only for our class. We are the only one in school to study with laptops. We are in the 7 grade. Well, my question is how do I make sure the virus won't infect others? I didn't clean all the computers in my class. When I asked our computers teacher, he told me if somebody gets infected, he
should re-install Windows....So, can I make sure our system is safe?

As I already previously noted, all schools have an IT Department that provides support to the entire administration, not just a computer class. Talk to a member of the IT staff and explain what happened. They need to be informed of such incidents so they can take preventive measures in the future. If they do not want to talk to you, then ask your parents talk to them.

Do that and follow the prevention tips I provided above.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users