Conficler alert

[Ernie B.]

A friend who usually knows whereof he speaks sent this...
=========================================================
Hey everybody,

The Conficker virus is no joke about being activated April 1st. You
may already have it on your system just waiting for the date to
change. If you have it, it's much better to get rid of it before it
activates. As always, keep your "bug catchers" updated regularly.

Grab this tool directly from McAfee to scan & remove this specific
threat: http://67.97.80.71/vil/conficker_stinger/Stinger_Coficker.exe

With several variants already out there, McAfee has pledged to update
this tool daily as new variants are discovered, therefore I recommend
you RUN it directly from McAfee without saving it to your computer to
get the most current update.
=============================================================

 

[FromTheRafters]

A friend who usually knows whereof he speaks sent this...
=========================================================
Hey everybody,

The Conficker virus is no joke about being activated April 1st. You
may already have it on your system just waiting for the date to
change. If you have it, it's much better to get rid of it before it
activates. As always, keep your "bug catchers" updated regularly.

Grab this tool directly from McAfee to scan & remove this specific
threat: http://67.97.80.71/vil/conficker_stinger/Stinger_Coficker.exe

With several variants already out there, McAfee has pledged to update
this tool daily as new variants are discovered, therefore I recommend
you RUN it directly from McAfee without saving it to your computer to
get the most current update.

It's like a game sometimes - where you find how many different ways you
can spell one name.

....I got one - cornflicker - no wait! confickler.

 

[ASCII]

And Here's Sophos "On Demand" scanner:
http://www.sophos.com/products/free-tools/conficker-removal-tool.html

I get the royal runaround at that link.

 

[ASCII]

It's like a game sometimes - where you find how many different ways you
can spell one name.

...I got one - cornflicker - no wait! confickler.

When will they get around to cornholer, tomorrow?
BTW: it's already April fools day UTC

 

[ASCII]

From: "ASCII" <[email protected]>



| I get the royal runaround at that link.

LOL -- You're right.

You have to sign up for a name & password top download it.
https://secure.sophos.com/products/free-tools/conficker-removal-tool/download
PITA !!

I did all that and still it didn't ever give a working DL link,
not to worry,as I don't have the malware in question.

 

[FromTheRafters]

When will they get around to cornholer, tomorrow?
BTW: it's already April fools day UTC

So, has cornflaker been updated to spambot yet?

 

[ASCII]

Here's the Trend Micro conficker removal program link - no sign-up required.

Seems that you have to be a current subscriber to use this cleanup tool.

 

[1PW]

A friend who usually knows whereof he speaks sent this...
=========================================================
Hey everybody,

The Conficker virus is no joke about being activated April 1st. You
may already have it on your system just waiting for the date to
change. If you have it, it's much better to get rid of it before it
activates. As always, keep your "bug catchers" updated regularly.

Grab this tool directly from McAfee to scan & remove this specific
threat: http://67.97.80.71/vil/conficker_stinger/Stinger_Coficker.exe

With several variants already out there, McAfee has pledged to update
this tool daily as new variants are discovered, therefore I recommend
you RUN it directly from McAfee without saving it to your computer to
get the most current update.
=============================================================

Hello:

Full credit goes to Autumn in the a.p.s newsgroup for passing on a more
comprehensive list of anticonficker utilities:

<http://www.confickerworkinggroup.org/wiki/pmwiki.php?n=ANY.RepairTools>

Thank you Autumn!

Pete

 

[NoTechie]

Here's the MS version:
http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx. Click on
your operating system to download.
-- Ernie

Thanks, Ernie, I am clean as of 6:30 p.m. Will try again tonightl

 

[NoTechie]

From: "NoTechie" <[email protected]>

| Thanks, Ernie, I am clean as of 6:30 p.m. Will try again tonightl

LOL -- If you are clean now but maybe not clean later and you have to scan again... You
have a BIGGER problem !

Why would I have a bigger problem if I scanned later before April 1?

I have WinXP Pro, ser. pack 3. Also, in the Win page, there is no patch
for that.

 

[Virus Guy]

Full credit goes to Autumn in the a.p.s newsgroup for passing on a
more comprehensive list of anticonficker utilities:

<http://www.confickerworkinggroup.org/wiki/pmwiki.php?n=ANY.RepairTools>

That site isin't coming up for me.

A tracerout to it (149.20.56.65) times out after the 14'th hop, which is
149.20.54.223 (shadowserver.org).

Perhaps it's being Ddos'd.

 

[Heather]

Came up for me at 11:38 EDST......working fine.

Heather

 

[Ernie B.]

It's like a game sometimes - where you find how many different ways you
can spell one name.

...I got one - cornflicker - no wait! confickler.

I made a typo. So, sure me already. ;-)

 

[Ernie B.]

I made a typo. So, sure me already. ;-)

Grrr... Another typo. SUE me already.

 

[Dan Gall]

Grrr... Another typo. SUE me already.

Expect a summons to be delivered by next Tuesday

 

[Ernie B.]

It's like a game sometimes - where you find how many different ways you
can spell one name.

...I got one - cornflicker - no wait! confickler.

I made a typo. So, sue me already. ;-)

 

[1PW]

That site isin't coming up for me.

A tracerout to it (149.20.56.65) times out after the 14'th hop, which is
149.20.54.223 (shadowserver.org).

Perhaps it's being Ddos'd.

Hello VG:

I just checked 30 seconds ago OK. Maybe their server was hosed with
incoming from last minute requests.

I've downloaded about 8 out of their 10 tools and have been testing them
out to see if any have "gotchas" but so far, they seem seem good to go.

Pete

 

[Virus Guy]

If you had MS08-067 installed, disabled AutoPlay and AutoRun,
were behind a NAT Router or a FireWall

Yes, all true.

and had your AV appluication up to date

I don't think it's true that any AV app would have blocked conficker
from getting onto any system back during November, December and possibly
January. If so, then the AV proviso condition in your list is not
correct.

then you would NOT need to do a "On Demand" scan specific
to the Conficker worm.

One more proviso: If you are running Windows NT or 98 or a MAC or any
version of unix (then you would not need to do a scan for conficker).

BTW, why was this posted to alt.att? What is that group?

 

[FromTheRafters]

Yes, all true.


I don't think it's true that any AV app would have blocked conficker
from getting onto any system back during November, December and
possibly
January. If so, then the AV proviso condition in your list is not
correct.

Good point. Especially considering no reactive AV is *ever* really
up-to-date.

However, had the OP contracted the worm, it would be difficult to have
kept it anywhere near up-to-date as the worm interferes with many
security related processes. If you now find your AV is 'up-to-date' then
it is unlikely you are infested. In this case the currentness of of AV
is used as an indicator.

One more proviso: If you are running Windows NT or 98 or a MAC or any
version of unix (then you would not need to do a scan for conficker).

As it now stands, perhaps. However, an update can target new propagation
paths and techniques. Keep in mind that future attacks from this will
mostly come from "inside" trusted networks. Commercially, it makes most
sense that these will become spambots.

 

[Ernie B.]

BTW, why was this posted to alt.att? What is that group?

It's a group that I hang out in, composed of ex-Worldnetters. We migrated
here when at&t completely hosed the internal help groups. For me, that was
the last straw after years of working around their email blacklist.