| Author |
 Topic  |
|
|
sreeraj
Here To Stay
India
228 Posts
Status: offline |
 Posted - 03/16/2009 : 4:25:50 PM
|
I'm looking for some info on the following question.
If there is a system (say windows XP or 2003) which is infected with conficker. I install the patch and then clean it with AV and multiple conficker cleaning tools. Is the system really clean from conficker now?? and Can this system get reinfected????
|
Sreeraj
http://www.sreerajnair.com |
|
|
ukinahan
Moderator
USA
822 Posts
Status: offline |
Posted - 03/16/2009 : 4:45:08 PM
|
I would say you should be ok if you follow all the steps outlined here: http://support.microsoft.com/default.aspx/kb/962007
Then again, once infected, are you really ever the same again...? The only to way to be 100% imho is REBUILD. |
-----------------
Ultan Kinahan
MSFT - OSO SE |
 |
|
|
darrylr
Welcome Newcomer
USA
14 Posts
Status: offline |
Posted - 04/01/2009 : 10:13:19 AM
|
Clean? How can you ever be sure?
Nuke it from orbit. (It's the only way to be sure....)
Must have run into a driveby on my Vista system because it sure acted snaky and 1) Blink AV service wouldn't start, 2) System Restore points vanished, and etc.
1. Groaned.
2. Swore.
3. Rebooted to Vista SetUp on USB stick.
4. Initiated Complete PC Restore.
5. Updated system w/ any missing patches rather than waiting
for the next midnight automated run.
6. Initiated File Restore of selected directories.
Always (and still am) a believer in flattening a compromised system and rebuilding it. Used to use Drive Image on XP, Vista comes with its own solution. Kewl.
|
|
|
|
joe_elway
Honorable But Hopeless Addict
Ireland
7397 Posts
Status: offline |
|
|
Mark Minasi
Chief cook and bottle washer
USA
10658 Posts
Status: offline |
Posted - 04/02/2009 : 09:16:28 AM
|
Hmmm... with respect, esteemed colleague, Conficker's got encrypted code and it entered through a "run code of attacker's choice" vulnerability. To my mind that means that the only people who know what it REALLY does own a Ukrainian keyboard. (And they ain't talking.)
Flatten and rebuild, I say! |
Mark
tweetin' at mminasi |
|
|
|
don2007
Honorable But Hopeless Addict
1974 Posts
Status: offline |
Posted - 04/02/2009 : 10:07:15 AM
|
| I'd like to have a shot at cleaning a system infected with Conficker. I searched for "download conficker". So far the only results are download the removal tool. Has anyone tried the removal tool? |
Dyslexic people untie. |
|
|
|
Mark Minasi
Chief cook and bottle washer
USA
10658 Posts
Status: offline |
Posted - 04/07/2009 : 09:25:03 AM
|
Again, the point is, how would you know that you removed it? Sure, you might remove the worm part, but how could you be certain that there wasn't some "sleeper code" that you'd missed? Or, for that matter, some rootkit behavior that cloaked something?
And if you want a copy of conficker, just put an unpatched system on the Internet without a firewall. Expose port 135 and you should be infected in a day or two, no? |
Mark
tweetin' at mminasi |
|
|
|
don2007
Honorable But Hopeless Addict
1974 Posts
Status: offline |
Posted - 04/07/2009 : 09:39:59 AM
|
| All that maybe true. I'm just saying that I would like to play with a conficker infected machine. Now that I think of it, I may already have had my chance when I worked on a machine a couple weeks ago. I had to throw in the towel, recover data & reinstall. |
Dyslexic people untie. |
|
|
| |
Topic |
|
Conficker - Need Info
