JThompson Posted April 1, 2009 Share Posted April 1, 2009 (edited) I've had the first calls on this when I sent out a ebullition to have users go to Symantec's site for a test. Sure enough, I got back ten or so people who could not get there via the internet. I gave them a couple other security sites with the same result. I don't do systems admin for these people, they are clients for my printer business and I was just trying to lend a hand before stuff got worse. Now, the admin calls me up to come over with acopy of the removal tool because he can't access the security sites. lol Hey, if he isn't better than that they need a new admin. Anyway, I just dropped the removal tool on my machine and had him tell his users to download it from my server. Since I'm not on the worm's list it doesn't block access to the software. If you think you might be infected and want to do a quick test, go here: http://symantec.com If you can get to the website you are, most likely, NOT infected. If you can't get to the website, you most likely are infected with the worm. I dropped a copy of Symatec's removal tool on my server to circumvent the worm blocking you from from getting it. You can find the software here: Conficker Removal Tool There is a patch to secure the machine at Microsoft, but their servers are so busy with people trying to DL it you can't get there. Maybe it's the worm? LOL Anyway, if you have the worm the patch doesn't work, you need to remove the worm first as it closes the same door tha patch does, making it hard to scan for the vulnerability. There's something very funny, or sad, about not being able to access MS to download a patch. You would think with all the BILLIONS they have that they could secure bandwidth and servers to meet the needs. You can't even access Microsoft right now! Regards, JT Edited April 1, 2009 by JThompson Link to comment Share on other sites More sharing options...
sfinney Posted April 1, 2009 Share Posted April 1, 2009 Thanks for the help! Link to comment Share on other sites More sharing options...
Adam B Posted April 1, 2009 Share Posted April 1, 2009 or run a mac Link to comment Share on other sites More sharing options...
JThompson Posted April 1, 2009 Author Share Posted April 1, 2009 or run a mac Perhaps you can explain iTunes? Gawd, that software is friggn junk!!! The only reason Macs have better luck is that there aren't as many so the script kiddies write for what gets them the most mischief. I hate the bloated pig that is MS OS but I always get my machines to run without fail. My machine runs 24/7 and if I don't install something new, that requires a restart, `sigh" It will run for months without a restart. I think the longest I had one up was for 2yrs running 2k server. That damn machine was bullet proof. Link to comment Share on other sites More sharing options...
sslav Posted April 1, 2009 Share Posted April 1, 2009 The only reason Macs have better luck is that there aren't as many so the script kiddies write for what gets them the most mischief. +1 Link to comment Share on other sites More sharing options...
Adam B Posted April 1, 2009 Share Posted April 1, 2009 actually that is only partially correct, the Mac OS is based off BSD Unix and that system is many years old and a very stable/secure system, I could go into great technical details but I dont want to bore anyone. Link to comment Share on other sites More sharing options...
outerlimits Posted April 1, 2009 Share Posted April 1, 2009 The only reason Macs have better luck is that there aren't as many so the script kiddies write for what gets them the most mischief. +1 so be it-all the more reason to run os x then. Link to comment Share on other sites More sharing options...
XRe Posted April 1, 2009 Share Posted April 1, 2009 actually that is only partially correct, the Mac OS is based off BSD Unix and that system is many years old and a very stable/secure system, I could go into great technical details but I dont want to bore anyone. Not to mention, large chunks of the OS are open source. Holes tend to be plugged far more quickly in that environment.... Link to comment Share on other sites More sharing options...
raz-0 Posted April 1, 2009 Share Posted April 1, 2009 actually that is only partially correct, the Mac OS is based off BSD Unix and that system is many years old and a very stable/secure system, I could go into great technical details but I dont want to bore anyone. Uhh no. It's a flavor of unix under the hood, and it's unix that is intended to be used by a single user with a gui desktop. Pretty much all browsers are swiss cheese, which gives you shell access for the account, and as any honest unix admin will tell you, if they have shell access, root access isn't that far away. actually that is only partially correct, the Mac OS is based off BSD Unix and that system is many years old and a very stable/secure system, I could go into great technical details but I dont want to bore anyone. Not to mention, large chunks of the OS are open source. Holes tend to be plugged far more quickly in that environment.... There is NOTHING magic about open source. OSS is as riddled with holes as commercial software. You just don't wind up with security through obsurity or vulnerability through obscurity for nearly as long due to the amount of scrutiny. Unfortunately, there is not some mythical destination of "reallly and truly secure" that the faster revision cycle of OSS software hastens progress towards. Lots of software will always have vulnerabilities because they are inherent to the process. I want a database that apps can talk to remotely, I'm going to be able to use all the legit tools to exploit the system just like i do to actually use it as intended. No pun intended, but if you want a window in your room, you have to put a hole in the wall. Regardless of your OSS, keep up with patches and you will have a lot less headaches. Link to comment Share on other sites More sharing options...
MichiganShootist Posted April 1, 2009 Share Posted April 1, 2009 Okay--- while all you key board junkies are on-line... tell me how you would know if your PC was infected by this new worm??? Link to comment Share on other sites More sharing options...
JThompson Posted April 1, 2009 Author Share Posted April 1, 2009 Okay--- while all you key board junkies are on-line... tell me how you would know if your PC was infected by this new worm??? Did you read the first post? Link to comment Share on other sites More sharing options...
MichiganShootist Posted April 1, 2009 Share Posted April 1, 2009 Yep--- I've now read it three times. What I don't see or know is what the symptoms would be. The post says-- If you think you might be infected etc etcI just don't know what would let me know if I "might be infected" I just ran the on line live up date on the Symatec www site to make sure all my deffinitions were up to date in both PCs... so I'm guessing that means "we" are okay.....Right???? or is there more?? Link to comment Share on other sites More sharing options...
Adam B Posted April 1, 2009 Share Posted April 1, 2009 I have yet to see one at work but Cheely called me and said that when you try to go to windows update it redirects you to google Link to comment Share on other sites More sharing options...
JThompson Posted April 1, 2009 Author Share Posted April 1, 2009 (edited) Yep--- I've now read it three times.What I don't see or know is what the symptoms would be. The post says-- If you think you might be infected etc etcI just don't know what would let me know if I "might be infected" I just ran the on line live up date on the Symatec www site to make sure all my deffinitions were up to date in both PCs... so I'm guessing that means "we" are okay.....Right???? or is there more?? Your okay bro... The symptom would be not being able to get to Symantec. Edited April 1, 2009 by JThompson Link to comment Share on other sites More sharing options...
p99shooter Posted April 1, 2009 Share Posted April 1, 2009 There's something very funny, or sad, about not being able to access MS to download a patch. You would think with all the BILLIONS they have that they could secure bandwidth and servers to meet the needs. You can't even access Microsoft right now! The vulnerability that conficker exploits was patched my Microsoft over 6 months ago. If people were dilligent about taking care of their computers, they wouldn't rushing there to fix the problem after it is too late. Another way to check and see if you are infected is to attempt to boot your PC into Safe Mode. (Restart, hit F8 after bios messages, or just keep tapping F8 while system boots up, and select Safe Mode from the menu). Conficker prevents a system from booting into safe mode. Link to comment Share on other sites More sharing options...
Matt Cheely Posted April 1, 2009 Share Posted April 1, 2009 So I run your tool, and it says that it doesn't find the conficker worm, but something else, cleans it, and I'm still unable to go to the microsoft update page... I'm running it again. Link to comment Share on other sites More sharing options...
JThompson Posted April 1, 2009 Author Share Posted April 1, 2009 There's something very funny, or sad, about not being able to access MS to download a patch. You would think with all the BILLIONS they have that they could secure bandwidth and servers to meet the needs. You can't even access Microsoft right now! The vulnerability that conficker exploits was patched my Microsoft over 6 months ago. If people were dilligent about taking care of their computers, they wouldn't rushing there to fix the problem after it is too late. Another way to check and see if you are infected is to attempt to boot your PC into Safe Mode. (Restart, hit F8 after bios messages, or just keep tapping F8 while system boots up, and select Safe Mode from the menu). Conficker prevents a system from booting into safe mode. A bunch of system won't boot to safe mode no matter if they are infected or not. Also, I never let MS update anything on my system. Can't tell you how many times they screw something else up with their "patches" My system has been patched, but it's firewalled, locked down and I keep my virus sniffers up to date.. Link to comment Share on other sites More sharing options...
JThompson Posted April 1, 2009 Author Share Posted April 1, 2009 (edited) So I run your tool, and it says that it doesn't find the conficker worm, but something else, cleans it, and I'm still unable to go to the microsoft update page... I'm running it again. MS is down bro, or at least it was earlier. Edited April 1, 2009 by JThompson Link to comment Share on other sites More sharing options...
Matt Cheely Posted April 1, 2009 Share Posted April 1, 2009 Well, then shouldn't it just not get to the page? It redirects me to google, while saying microsoft update in the address bar... Link to comment Share on other sites More sharing options...
MichiganShootist Posted April 1, 2009 Share Posted April 1, 2009 F Y I----the 1911forum is not "reachable" by me on 2 machines or by several friends. I don't know if it's related to this new worm or not. Link to comment Share on other sites More sharing options...
Chris Keen Posted April 1, 2009 Share Posted April 1, 2009 So I run your tool, and it says that it doesn't find the conficker worm, but something else, cleans it, and I'm still unable to go to the microsoft update page... I'm running it again. MS is down bro, or at least it was earlier. It's working fine for me. Link to comment Share on other sites More sharing options...
A62335 Posted April 1, 2009 Share Posted April 1, 2009 That board has been up and down all day today, I was able to get on earlier, but couldn't just now. Link to comment Share on other sites More sharing options...
Chris Keen Posted April 1, 2009 Share Posted April 1, 2009 F Y I----the 1911forum is not "reachable" by me on 2 machines or by several friends. I don't know if it's related to this new worm or not. That site appears to just be down. Firefox can't find the server at www.1911forum.com. AR15.com works ok. Link to comment Share on other sites More sharing options...
JThompson Posted April 1, 2009 Author Share Posted April 1, 2009 The redirect to Google is malware I think... I don't think it's conficker doing that... you have other crap on there. You need to update virus software and do a scan Link to comment Share on other sites More sharing options...
larry cazes Posted April 2, 2009 Share Posted April 2, 2009 All of our PCs are fine but your tool came in handy for a friend in our office who was infected. Thanks again for posting it. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now