| T O P I C R E V I E W |
| sreeraj |
Posted - 03/16/2009 : 4:25:50 PM
I'm looking for some info on the following question.
If there is a system (say windows XP or 2003) which is infected with conficker. I install the patch and then clean it with AV and multiple conficker cleaning tools. Is the system really clean from conficker now?? and Can this system get reinfected???? |
| 7 L A T E S T R E P L I E S (Newest First) |
| don2007 |
Posted - 04/07/2009 : 09:39:59 AM
All that maybe true. I'm just saying that I would like to play with a conficker infected machine. Now that I think of it, I may already have had my chance when I worked on a machine a couple weeks ago. I had to throw in the towel, recover data & reinstall. |
| Mark Minasi |
Posted - 04/07/2009 : 09:25:03 AM
Again, the point is, how would you know that you removed it? Sure, you might remove the worm part, but how could you be certain that there wasn't some "sleeper code" that you'd missed? Or, for that matter, some rootkit behavior that cloaked something?
And if you want a copy of conficker, just put an unpatched system on the Internet without a firewall. Expose port 135 and you should be infected in a day or two, no? |
| don2007 |
Posted - 04/02/2009 : 10:07:15 AM
I'd like to have a shot at cleaning a system infected with Conficker. I searched for "download conficker". So far the only results are download the removal tool. Has anyone tried the removal tool? |
| Mark Minasi |
Posted - 04/02/2009 : 09:16:28 AM
Hmmm... with respect, esteemed colleague, Conficker's got encrypted code and it entered through a "run code of attacker's choice" vulnerability. To my mind that means that the only people who know what it REALLY does own a Ukrainian keyboard. (And they ain't talking.)
Flatten and rebuild, I say! |
| joe_elway |
Posted - 04/01/2009 : 12:25:56 PM
Everything you need should be here: http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx |
| darrylr |
Posted - 04/01/2009 : 10:13:19 AM
Clean? How can you ever be sure?
Nuke it from orbit. (It's the only way to be sure....)
Must have run into a driveby on my Vista system because it sure acted snaky and 1) Blink AV service wouldn't start, 2) System Restore points vanished, and etc.
1. Groaned.
2. Swore.
3. Rebooted to Vista SetUp on USB stick.
4. Initiated Complete PC Restore.
5. Updated system w/ any missing patches rather than waiting
for the next midnight automated run.
6. Initiated File Restore of selected directories.
Always (and still am) a believer in flattening a compromised system and rebuilding it. Used to use Drive Image on XP, Vista comes with its own solution. Kewl.
|
| ukinahan |
Posted - 03/16/2009 : 4:45:08 PM
I would say you should be ok if you follow all the steps outlined here: http://support.microsoft.com/default.aspx/kb/962007
Then again, once infected, are you really ever the same again...? The only to way to be 100% imho is REBUILD. |
