Huge computer virus may hit tomorrow, April 1 - WITH instruction on what to do

http://www.americablog.com/2009/03/huge-computer-virus-may-hit-tomorrow.html

Huge computer virus may hit tomorrow, April 1
by John Aravosis (DC) on 3/31/2009 11:09:00 AM

This is not a joke. Update your anti-virus now. And even then, it may be too late. This is a Windows virus.

NYT:

http://bits.blogs.nytimes.com/2009/03/19/the-conficker-worm-april-fools-joke-or-unthinkable-disaster/

Okay that sounds a bit too much like Terminator.

Here's the 60 Minutes report from the other night:
http://www.cbsnews.com/stories/2009/03/27/60minutes/main4897053.shtml?source=search_story

What do you do? Reader Bradford suggests the following (I confirmed his links, they're genuine):

Also, please make sure every Windows machine is patched. Follow the instructions of your Operating system here:
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Also, there is a free removal tool being provided by Mcaffee and it can be found here:
http://www.mcafee.com/us/threat_center/conficker.html

Make sure you click on the link on the upper right for the STINGER application.

If they are already infected, the WORM prevents the anti-virus software from updating automatically and it prevents people from getting to security websites. What is worse, if they did not update their OS with the Microsoft patch I sent you before they got infected, the WORM makes the system THINK that it already has that update! What this means is that the end-users Windows OS will not update itself to fix the hole that the Worm is using. The end-user will see a dialog box that tells them their system is already up to date and does not need the patch. It is the WORM that is making the system tell the end user that!

At this point, the only way I can determine that a person can be 100% sure to be un-infected is to run the STINGER application I sent you earlier. I ran it on all of my personal systems. If they cannot get to that site, I would be concerned as that may mean they are infected.

More from the Washington Post:
http://www.washingtonpost.com/wp-dyn/content/article/2009/02/13/AR2009021302080.html

i don't know who to trust anymore...

alot of people will be hit by this.

international Rickroll

I'd have no choice but to think it was funny. No one can be mad at a Rick-roll.

The bulk of computers on the FDA network experienced a forced reboot to make sure that not only were they not infected with Conficker, but that they were properly inoculated. A forced reboot with this little notice is a pretty huge deal considering less careful users could experience data loss. It's not something that is done unless the threat is fairly severe. I'd recommend everyone get patched and protected ASAP.

Linux rules!!!

An email to get the virus. I saw it on 60 minutes but I didn't watch it all. I never open emails that I don't know.

How does one get this virus?

If you don't open emails, are you safe?

I got it few months ago and I don't open any emails if it's not from someone I know. You can get it in all kinds of ways, even from websites that are trusted and well known. I still have no clue at all how I got it. It took WEEKS to clean my computer and I had to get a couple of programs from a non-infected computer to even start to clean it up... programs that require a savy tech person to tell you every single step in what to do because those programs are not for the average person to use and can be very dangerous if you don't know exactly what you're doing. It was the most sophisticated virus I've ever come across, and I'm lucky I got the booger before it had morphed into the even more sophisticated booger it's become.

Well let me rephrase that. To be safe you should run the removal tool in the mcaffee link. If your machine is infected the removal tool should disinfect it and prevent it from becoming infected again. Weather or not your machine is infected you should go here
http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us

and make sure you have all the critical updates.

Patching alone I dont believe fixes it if you are infected, Though I could be wrong. This thing rejects replacements to the code based on some pretty complex routines. So a straight patch may fail.

Run the tool first,it will let you know definitively weather or not you are infected. This thing has a solid signature that cant be missed so if it is there the tool will find it.


Pretty scary bug though and quite amazing at the same time to those of us of the geekier persuasion.

I will follow your advice

I use one to copy all my photos and important files. It stays unplugged except when I copy.

including flash drives to be safe. Though if you run the tool on your copy of windows and ensure that it is clean and then aply the patch reinfection is not possible on your main machine. It is possible for it to spread through shared folders to other machines on the network however so cleaning add on storage devices as well would certainly be recomended.

according to 60 Minutes you can get it from any infected website.

Protect yourself! I downloaded a patch for my operating system and it only took a couple of minutes.

into

If you do Windows Update regularly, shouldn't you already have these?

Thanks for the reminder re: the virus.

I have automatic updates but no idea if that includes this new patch.

I downloaded the patch and it installed on my XP system that I get automatic updates for. My Vista system on my other computer informed me it didn't need the patch when I tried to install it.

It only takes a couple of minutes. Check your system information to see exactly what operating system you have and go here: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

It's a very quick download and quick install.

Apparently they put the patch out in October but I got the virus in the beginning of January, so I must not have had the patch (or for some reason it didn't work).

Do you know how I check to see what updates I've gotten and when I got them? I have my computer do automatic updates daily while I'm asleep, so I have no idea what updates I've gotten.

then check the box that says Show Updates you can see all the updates listed. The update you need for this is KB958644

I had it installed back in October but I got the virus in January anyway. Apparently the patch doesn't work.

From what I've read there's a few different morphs of the virus, each one more debilitating that the previous one (don't know how many versions of it there are). Could it be that this patch only worked for the original virus but didn't on subsequent tweeked versions and Microsoft didn't put out a patch for them? This is weird that I had the patch but still got the virus months later.

How Will Conficker Affect You?

http://www.cnn.com/2009/TECH/03/31/april.fools.computer.virus/index.html



Don't fret about Conficker: Here's what to do (AP)

http://tech.yahoo.com/news/ap/20090331/ap_on_hi_te/tec_conficker_what_to_do

It was associated with the "Vundo" spyware that disguises itself as "Antivirus 200X" & "Antivirus 360" among ohter names.

The conficker virus likes to jump on flash drives. I put my flash drive into an infected machine to install malwarebytes and the virus put itself on my thumb drive.

from all the machines in my family that have become infected. These people literally deserve the death-penalty IMO - and I'm no death penalty proponent :mad:

for which operating system they have:

Windows XP: click on My Computer and then SYSTEM INFORMATION

Vista: Click on Computer then SYSTEM PROPERTIES

Once you know who operating system you have, go to the Microsoft site: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Look down the list and see if your operating system is listed.

If it is click on the operating system link and download the patch. Once you do that, open the patch and let it execute.

I am runnig an old machine with XP Service Pack 1.
Microsoft wants me to install Ser. Pack 2, which I have had problems with on other machines.
and wants me to install IE 7.
Othewise it will not install the patch.
but I never use IE.
I use Firefox, with No Script, with Ad-Block and Pop-up blocker and with Avast real time anti-virus running.
The only time I got a virus was when I opened IE last year for some reason or the other and within 1 minute a pop up window appeared and I had the Cool Web Search worm. Arrrgghhhh.

I think the date on mine was Oct. 22 or thereabouts

I used the link for the free removal tool, and clicked on "Avert Stinger Tool for Removing Conficker" in the upper right corner. In the little box that pops up after you click "run," it says "The publisher could not be verified. Are you sure you want to run this software?" and below that, "This file does not have a valid digital signature that verifies its publisher. You should only run software from publishers that you trust." Well, I trust McAfee, but shouldn't it have a valid digital signature?

Thank you very much to anybody who can help/explain!

It's a pretty useless feature on windows. Usually you can safely ignore it. I'm not familiar with the program you are trying to install though. I used malwarebytes for this (and most other viruses I run into) http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol

Either that or superantispyware http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html?tag=mncol

Those two programs take care of pretty much any virus I come across (I work in IT)

The reviews at that second link are pretty glowing, so that's what I picked. Thank you very very much! :hug:

and have a beer.

I'm gonna get my computer ready when I get home!!

What to do if you are infected
If you are reading this page, your computer is probably not infected with Conficker as the worm blocks access to most security web sites.

If you have a computer that is infected, you will need to use an uninfected computer to download a specialized Conficker removal tool from. The tool is available here.


It says the Norton people are already protected.

I read upthread that if you can access Symantec (Norton), you don't have it.

I get my updates from Microsoft and Norton daily, and run my virus protection daily.

I also checked and determined that I got the patch back in October, 2008.

I assume that I'm fine if I don't turn the Windows system on?