PC Pals Forum
Technical Help & Discussion => Broadband, Networking, PC Security, Internet & ISPs => Topic started by: Clive on March 22, 2009, 14:28
-
http://mtc.sri.com/Conficker/addendumC/index.html
conficker C (http://arstechnica.com/security/news/2009/03/confickerc-primed-for-april-fools-activation.ars) represents a best-of-breed specimen of malware, with its swiss-army-knife-from-hell approach to digging in, staying hidden, and making your life generally miserable. Telltale symptoms: you can't view such web sites as Microsoft.com, symantec.com, avast.com, or any other computer security-related sites the worm authors have thought to include in the blacklist; you can't run any of the superb Sysinternals utilities, or many other utilities, because they get killed within a second of starting them up; your antiviral software is impotent. But none of that is the point of the worm.
more about conficker C (http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=77976)
-
:nerves:
-
getting rid of this one will be a hard job it you get it on your computer
-
And yet they rate it 'medium'. :dunno:
-
Last week F-Secure alerted me to the fact I had acquired the virus trojandownloader.win32.agent.blcq . Spybot also showed a number of possibly related trojans which were easily removed. However, the virus had disabled system restore and F-Secure updates. It also prevented me from running F-Secure in Safe Mode and it took several further scans to remove it. I've carried out a number of scans since and it seems to have disappeared.
-
No security is 100% foolproof, but it's a shame F-Secure didn't block the virus before infection, Clive. Unless, of course, it was there as a 'timebomb', before you installed F-Secure. :dunno:
-
It turned up several weeks after I installed F-Secure. I don't know why it didn't block it but I know I received it via an e-mail.
-
I assume you have email scanning on? It should be, by default.
-
Yes I do and it did nothing about it. But my e-mails are pre-scanned by Symantic and I was warned by them that the e-mail - from a trusted source - contained the virus. I viewed the contents on the server and deleted it instead of downloading it into Outlook Express since I thought that would be safe enough. But at the next scheduled scan F-Secure detected the virius and offered to deal with it suggesting that the best remedy was to allow it to rename it. A second scan showed the virus was still there and this time I told it to repair. That failed to remove it so that it when I tried system restore, safe mode and updating etc. However, a third (or fourth) attempt to remove it did the trick. I'm now running a scan every couple of days just to check it hasn't resurfaced. Spybot scans clean so I'm encouraged to believe that it really has been nuked.
-
Very strange, Clive. I don't understand how a virus could be activated from an email when only viewed on the server, as, at that point, nothing has been downloaded to your machine. I have been using F-Secure since 2005, and nothing has ever got past it. In fact, the one and only time I have had an infection, was when I was still using Norton! I can only guess you were very unlucky, and the virus slipped through before F-Secure's scheduled update downloaded the definitions to protect you from it. At least you seem to have got rid of it, thankfully.
-
Yes, all's well that ends well as the Bard said. 8-)
-
I'm not going to go for the old linux argument but gosh it does make your life easier! :-D
-
In some ways, I can see that it does. I'd actually seriously consider looking at an iMac as my next computer.
-
I'm writing from my powerbook write now... still though Mac OS X doesn't cut it compared to Ubuntu in my opinion...
-
Would you concede it to be a happy medium though, Sam?
-
oh yes! I love this thing.
-
No, it's entirely in this world. ;D
I wonder if this was a drive-by infection, and just looking at the header was enough?
-
I wasn't aware that could happen, Rik.
-
Drive-by infections are becoming more commonplace, but so far they have been confined to websites. I suspect it's but a small step to email. :(
-
This is a very worrying development because there is little we can do to protect ourselves. :cry:
-
Of course there is, stay off the net and revert to pen and ink. ;)
-
Only last week I clicked on a link from bbc.co.uk/sport to the home page of the Zimbabwe Cricket Federation and as soon as the page opened Avast alerted me that it had intercepted a Trojan. Fortunately, Avast dealt with it and several more scans have turned up nothing.
-
It's getting very bad
If you dont have a firewall and anti virus running along with some type of anti spyware you are going to get infected
I have run across many infected sites while following links and some of these are bad
The last one I got took 3 days and a lot of work just to get rid of it so I could get on the net safely again
There are some now as you delete them or quarantine them They install themselves in another part of your computer and they must be followed from folder to folder while disconnected from the net and restore turned off
You can switch to mac or linux but as soon as they become popular they will be infected the same as windows is now