Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Conflicker! READ THIS - Impoetant information


  • This topic is locked This topic is locked
2 replies to this topic

#1 king009

king009

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 18 December 2009 - 05:01 PM

Important infromation is for all people infected with the worm Conflicker! :thumbsup:

Virus Alert - Conflicker Worm.


The worm exploits a bug in the Windows Server service used by Windows 2000, Windows XP, Windows Vista etc. It self-replicates as the downloadable library file %System%\[RANDOM FILE NAME].dll, deletes any user-created System Restore points and creates the services.

Conflicker Worm then downloads and executes a file and creates an http server on the computer on one random port, sends this URL as part of its payload to remote computers, then connects back to this URL to download the worm.

With all the AntiVirus scanner we know and have, you will be able ONLY to disinfect the previously locked files, some services or EXE's, but the main important part of Conflicker, will load a few days later from his own http server (connects to UPnP router and opens the http port) a new worm into your WIN32 directory.

Please take note: No AV or Malware software on the market is able to repair the damaged registry made by Conflicker or to find the http server on the compromised computer.

For that reason, the only way to get rid of conflicker is Format C.

We had over 7 infected computers, there was NO other way to get Conflicker out from the compromised computers.

Thank you.


Edited by king009, 18 December 2009 - 05:08 PM.


BC AdBot (Login to Remove)

 


#2 JamesFrance

JamesFrance

  • Members
  • 283 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France/Spain
  • Local time:10:56 PM

Posted 19 December 2009 - 12:35 PM

Comodo Time Machine could deal with this by letting you restore to a snapshot from before the infection happened.

It should go final very soon as I am now running RC2 with no problems.

BTW it is free as usual.
James

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:56 PM

Posted 20 December 2009 - 07:01 AM

Conficker is perfectly cleanable as long as you know what you are dealing with and how to use your tools.... Just my opinion...

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users