Immediate Warning and Notice [Conficker/Downadup Virus]

<s>Hmm, i had the registery entry, and deleted it. Does this mean its gone?</s>
nvm on that, deleted something else that was familiar looking :P

I also ran nod32 and the f-downadup program ran, and it didnt find anything, so i guess im clean.

EDIT: F-Downadup Note: Computers infected by Downadup are blocked from reaching f-secure.com websites.

just saw that on their site, was able to reach it fine so probably im just clean

Thanks for warning us, Rahja. No registry entry here, but I'm installing Avira at this moment and will perform a deep scan.

Results came up with a minor Trojan, other than that, I'm clear.

Recently formatted because of other Trojans I had, and this time instead of installing AVG, (seeing as it let me down), my PC Driver CD came with Kaspersky, and that's registered until April.

Wondering, is Kaspersky strong enough to detect/remove these? It's Deep scanning as we speak, but i'll change it out if it's not a strong option.

System Restore saves the trojan/worm/virus also. So it is still there after removal from current system.

Thanks for the heads-up. I was clean today, but will keep a watch for it.

I have avast and Spybot S&D. I didn't run my spyware detector yet (I will tonight, though), but I did a boot scan of my computer overnight, and the scan didn't seem to have found anything, which is a good thing I guess.

On another note, I have been keeping up with the updates, and I'm currently under a fresh (installed just last night) installation of Windows XP Professional.

I will keep my system updated regularly, too.

Updated MS08-067 Oct. last year and expected no problems. Ran full systems scan anyways, nothing found. Ran Symantec's removal tool, nothing found to remove.

tnx for heads up nevertheless

Hey guys.
I just went to try and update my pc (im on vista, so the things gotta search for updates before it can do anything) and i got this error:

Code 8000FFFF: Windows Update a rencontré une erreur inconnue.

Have had no trouble with this until now.
Web search has come up with nothing, and im not a PC wizz so i was wondering whether you guys knew whats going on/if this is possibly the worm?

Slightly worried, but im scanning and McAfee hasnt had any problems updating (i did it manually) and is scanning away now.

Any ideas how to fix this would be brilliant, it was fine till now and it says last update was onnnn the 17th.

Thanks

~Lies

EDIT: Researched and got quite a bit, but nothing ive trieds worked so far :s
And i forgot i was on a french PC and this is an english forum...
Translation: Code 8000FFFF: Windows Update has encountered an unknown error.

Thanks again.
~Lies

Thanks Rahja! Ran a full system scan like suggested, just to be sure. Clean as a whistle!

According to the poll you have helped save two computers with this information (so far),- got to feel good about that!

i wonder if this applies to the win 7 beta also...

This is the virus that crashed the hell out of my laptop, somehow we got it fixed but now my laptop is bluescreening

http://www.cnn.com/2009/TECH/ptech/0...ref=newssearch

So... I'm a little confused. I read this article a week ago that states the downadup worm is engineered to spread through corporate networks and, for that reason, corporate networked computers are more at risk than home computers.

The means of infection through networked computers described in the article seems different than the means of infection you describe, and it appears from this article that corporate networks are indeed in deep doodoo where this worm is concerned and that it spreads through corporate networks is the reason for the rapid rate of spread and concern to Homeland Security.

But I can see how it might be easy to bring the worm home from work on a flash drive. What I don't see is how this is any more damaging to our home systems than any other worm or virus we can contract. I'm sure there's a lot more information out there about it that I can research when I have the time, but in the meantime I'd love if you'd explain.

Btw, I did a manual scan on my work computer immediately after reading this article and then on my home computer as well. I think I'll do another on my work computer as soon as I finish this post *shivers*

Thanks!

Scanning as we speak , searched for the registry but couldn't find it. Thanks for the heads up Rahja

Rather than explain it in detail, I will just give you a quick example with an exclaimer.

Many businesses do not frequently update their network with Windows Updates as they should, because it does require a substantial investment in time and resources. They have to bring down the network, test the updates, make the updates live, and bring back up the network. It can take several hours, which at a corporation, is bad news. This is still no excuse though, so don't take it that way.

But, say for example, CNET became infected (not saying they are). The virus could, in fact, spread to their content upload servers, that you download things from. You go to CNET and download, say, Spybot or AdAware etc. Now, you go to install the program, but little do you know, the sneaky little Downadup has already gone and imbeded itself in their uploads, because it infected their network previously, and spread like wildfire. Again, just a hypothetical example.

The point is, this thing is hitting corporations more and more, which endangers home users that are the least bit lax on security. Those who run a good security suite and are concious of their actions on the net have far less to worry about (though it doesn't mean you still can't get it)

Let's also have a look at the pole results so far. Based on 44 people voting, 2 were infected and removed the worm.

That being said, that means by our numbers, 1 in every 22 PCs are infected. Now, Guru users are, for the most part, computer literate and know basic internet etiquite. This pretty much falls in line with the estimates coming in from around the world placing it at 1 in every 14-16 PCs. Standard, computer illiterate users are many times more likely to be infected than most of us. Keep that in mind. The results speak for themselves.

*is running a thorough scan on Avast at this moment*

I can access F-Secure.com, so I think I'm good... right? o0

How do you disable System Restore if you have Vista? Also, I was looking in my Registry, and I couldn't find netsvcs. Is that ok? Or should I be worried?

No, if you don't have the registry entry, that is a GOOD THING. Still, do your scans and be extra cautious of who/where you download from.

1: Open up "Control Panel" and navigate your way to "Programs and Features".

2: Click "View installed updates" on the left hand side.

3: Find the update KB929777 and uninstall it.

4: Attempt to install the update again in Windows Update

5: Once successful, restart your PC.

Alternatively

1: Launch REGEDIT

2: Go into HKLM\COMPONENTS, and check if these three values exist under the COMPONENTS key:

PendingXmldentifier
NextQueueEntryIndex
AdvancedInstallersNeedResolving

3: Providing they do exist, back up the Components key, then delete the three above values.
4: Restart the computer, and Windows Update should now be working fine.

After running the spyware scan, I found 11 entries, but I easily removed them.

I was not infected with the virus (as I said, I do have a fresh install of XP Pro (love that Pro!)).

Thanks for the heads up; I will spread the word.

Ok I use McAfee and don't see a deep scan button so I'm just wondering if these settings are fine:


Also, is McAfee good enough to spot it and remove it if it's there? I'm currently scanning at the moment so I don't know how it'll end.

Additionally, how true is it that if you can reach f-secure.com that you're safe? I have 3 laptops that all could reach it, but I want to be sure.