Nancy asks…

Do I have the conficker worm, or is it a mimic?

The other day the text under my desktop icons lost all transparency and now have a blue bar around the text. So I opened mozilla to find a solution, and norton's notified me of an attempted attack. Weird, I thought.
Details:
An intrusion attempt by put.ghura.pl was blocked. And then some from click.winrar2009.cn, and goasi.cn. All being a HTTP malicious PDF Request.
So i ran a scan, found ten things (there's usually only one low level tracking cookie), it fixed them. Tried to run live update, wouldn't connect after ten minutes. I opened mozilla, then another attempted attack, and the microsoft site wouldn't open. System restore points are still there, but the fail to restore. Turned off the computer, got out my laptop and started investigating. Seems as though I have the same symptoms as conficker. Downloaded all of the 'official' conficker removal tools, including windows malicious software removal tool. None of them found it, not even in safe mode. The malicious software removal got to the end of the scan and then stayed on the one file, and the 'scan time' started to update every 3 seconds.

I followed the guide at http://support.microsoft.com/kb/962007 and downloaded all the recommended patches and stuff. Didn't work.

Running win xp home 32-bit, norton's internet security 2008.

dave answers:

There is a test to determine whether your computer is infected with Conficker or not. The test can be found here: http://www.2-viruses.com/remove-conficker

Powered by Yahoo! Answers

Filed under: News

Like this post? Subscribe to my RSS feed and get loads more!