Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Worm:Win32/Conficker.gen!E


  • Please log in to reply
4 replies to this topic

#1 Nunos

Nunos

  • Members
  • 83 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:12:58 AM

Posted 19 April 2013 - 09:53 AM

Microsoft Security Essentials keeps reporting this every few minutes that it is cleaning it or quarantining it. I am on Windows XP Professional 32-Bit.

 

 

Below is one of the excerpts from the Event Viewer logs.

 

 

Event Type: Information
Event Source: Microsoft Antimalware
Event Category: None
Event ID: 1117
Date:  4/19/2013
Time:  7:19:56 AM
User:  N/A
Computer: Changed to protect the innocent
Description:
Microsoft Antimalware has taken action to protect this machine from malware or other potentially unwanted software.
 For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Conficker.gen!E&threatid=2147679296
  Name: Worm:Win32/Conficker.gen!E
  ID: 2147679296
  Severity: Severe
  Category: Worm
  Path: file:_C:\WINDOWS\system32\awpzio.ia;file:_C:\WINDOWS\Tasks\At655.job;taskscheduler:_C:\WINDOWS\Tasks\At655.job
  Detection Origin: Local machine
  Detection Type: Generic
  Detection Source: Real-Time Protection
  User: NT AUTHORITY\SYSTEM
  Process Name: System
  Action: Quarantine
  Action Status:  No additional actions required
  Error Code: 0x00000000
  Error description: The operation completed successfully.
  Signature Version: AV: 1.149.137.0, AS: 1.149.137.0, NIS: 0.0.0.0
  Engine Version: AM: 1.1.9402.0, NIS: 0.0.0.0

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:58 AM

Posted 19 April 2013 - 10:00 AM

Hello Nunoz

Let's try one or two of these removal tools and see if it comes back.

There are a number of free removal tools available to download and use.To protect your system from the Conficker/Downadup Worm infection you can start by reading these articles:You are safe from Conficker if you can access Window's Critical Updates or if you can go to security sites such as mcafee.com. Thanks to our quietman7 for this write up.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Nunos

Nunos
  • Topic Starter

  • Members
  • 83 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:12:58 AM

Posted 24 April 2013 - 10:34 AM

Thank you for the help. So I ran almost all of those scans and found nothing but the Sophos one would not download and install. So I put em all on a flashdrive and set it to read only and put it in there and was able to get the other scans to download and install. The Sophos tool said it found it and ran. I then went through the whole list again and rebooted. After about 40 minutes it started happening again. :( I made sure all of the Windows updates were installed. I am wondering if it is reinfecting from a system on the network? I do have several other PC's but none of them are reporting the virus at all.

 

Sorry for the delay.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:58 AM

Posted 24 April 2013 - 02:53 PM

It's also possible the Flash Drive is infected.
 
Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Nunos

Nunos
  • Topic Starter

  • Members
  • 83 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:12:58 AM

Posted 24 April 2013 - 04:53 PM

OK I will run that on all my flashdrives to make sure thank you.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users