PDA

View Full Version : Virus for Windows that may harm your computer


ronjocox
03-26-2009, 08:40 AM
There is a virus that might attack your windows computer on April 1st!

Here's the link (http://en.wikipedia.org/wiki/Conficker)

Assaundrell Yumerai
03-26-2009, 10:44 AM
Thanks for the info, but I'm just wondering how to prevent it...

ronjocox
03-26-2009, 05:43 PM
There's a patch on the link.

Here it is: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

So, yeh

Lord Celebi
03-26-2009, 07:31 PM
Damn, that worm sounds brutal. Thanks for the info.

Kayden Javlaíakín
03-26-2009, 08:06 PM
Oh wow, that's one tough worm. Conficker... I'll pass the word to friends and fam, thanks for the info.

I guess I should just be happy I don't use Windows anymore (Linux ftw!).

-Zodeon
03-26-2009, 08:13 PM
Says it even gets the Windows 7 Beta, but i'm sure ill be safe.

Stinky
03-26-2009, 08:47 PM
Obvious April Fools Prank is obvious. wait... what?

Ahlat
03-26-2009, 11:42 PM
There is a virus that might attack your windows computer on April 1st!

Here's the link (http://en.wikipedia.org/wiki/Conficker)

OMG OMG IM SO SCARED!!!!!! AHHHHHHHHHHHHH!!!!!!!!!!!!!!


Seriously look at date come on obvious april fools.

spartan117
03-27-2009, 12:28 AM
I heard about that virus yesterday on yahoo.
Thanx for the patch link though.

ronjocox
03-27-2009, 08:37 AM
OMG OMG IM SO SCARED!!!!!! AHHHHHHHHHHHHH!!!!!!!!!!!!!!


Seriously look at date come on obvious april fools.

It's just a coincidence. Conficker A and B infected 9 million computers.

Trainer17
03-27-2009, 08:59 AM
I have lost faith in April Fools now. :s

Gaby
03-27-2009, 09:40 AM
...I feel bad for a friend of mine now, her birthday's in April 1st. xD

Anyways, I dun'know which patch to download. D: Halp pl0x? <-- Has XP.

AllYourBaseAreBelongToUs
03-27-2009, 07:19 PM
I was going to make a thread on this.

Ah well, atleast the message has gotten out here in the forum.

I too am confused whether or not to take "conficker" seriously..

Wisp
03-27-2009, 07:35 PM
I'm downloading the patch anyway. I'd rather be safe, like rust said. It sounds lethal. o__o;
April Fools day or not, I'm patching. xD

AllYourBaseAreBelongToUs
03-27-2009, 07:39 PM
I'm downloading the patch anyway. I'd rather be safe, like rust said. It sounds lethal. o__o;
April Fools day or not, I'm patching. xD

I already patched ^^

Luckily Vista is only "Important" and not "Critical" like XP or before.

Tory vs Meaty II
03-27-2009, 08:35 PM
SmitfraudFix is free and safe. I use it, and I'm always liked it.

Lord Fedora
03-27-2009, 08:47 PM
Oh, and, uh, to avoid embarresment, even though most of you are probably not like me and realized this, but if you got a new computer with Vista after October 2008, you don't need the patch... hehe.

AllYourBaseAreBelongToUs
03-27-2009, 08:52 PM
Oh, and, uh, to avoid embarresment, even though most of you are probably not like me and realized this, but if you got a new computer with Vista after October 2008, you don't need the patch... hehe.

Oh, w00t!

I got mine December 08, or Januray 09, I think the latter >.<

Either way I got the patch, better to be safe than sorry.

Ahlat
03-28-2009, 12:51 PM
It's just a coincidence. Conficker A and B infected 9 million computers.
Well okay I geuss I'll just rather be safe than sorry. Though I still beleive it's april fools. :P

EDIT: How do you find out what service pack you have for windows XP.

Caite-chan
03-28-2009, 01:07 PM
Great another idiot with nothing better to do than screw over everyone else.

Ajarr
03-28-2009, 01:15 PM
Oh, and, uh, to avoid embarresment, even though most of you are probably not like me and realized this, but if you got a new computer with Vista after October 2008, you don't need the patch... hehe.

Are you serious? I just got done downloading the patch! :goofy:

AllYourBaseAreBelongToUs
03-28-2009, 03:54 PM
Are you serious? I just got done downloading the patch! :goofy:

I hope so, otherwise some idiots gonna "h4x" my computer D:

Ahlat
03-28-2009, 04:46 PM
Well okay I geuss I'll just rather be safe than sorry. Though I still beleive it's april fools. :P

EDIT: How do you find out what service pack you have for windows XP.

Someone please help me with this I'm beginning to get scared. :P

Kayden Javlaíakín
03-28-2009, 05:18 PM
Someone please help me with this I'm beginning to get scared. :P
I haven't used Windows in a while, but I believe that if you hit the Windows and Break keys, a System Properties dialog will come up and display your OS information, including service pack if applicable.

Ahlat
03-28-2009, 05:44 PM
I haven't used Windows in a while, but I believe that if you hit the Windows and Break keys, a System Properties dialog will come up and display your OS information, including service pack if applicable.
Sorry but I don't understyand. :oops:

Kayden Javlaíakín
03-28-2009, 05:48 PM
Sorry but I don't understyand. :oops:
Hit the key with the little Windows flag and Pause/Break simultaneously. From the dialog box you should be able to determine what service pack you are running, if any.

Ahlat
03-28-2009, 06:24 PM
Hit the key with the little Windows flag and Pause/Break simultaneously. From the dialog box you should be able to determine what service pack you are running, if any.
Okay thanks. I just didn't understand what yu meant by pause/break until I saw the key.

I got it patched. ^_^

ronjocox
03-29-2009, 01:30 AM
Or you can "Run" and type 'winver'

Soda
03-29-2009, 11:07 PM
My computer is already messed up enough, I don't have much to lose.

I don't feel like 'patching' it. :P

Black Hawk
03-30-2009, 12:43 AM
They had a special on this on 60 minutes just 2-3 minutes ago. It's serious business.

Snow Fairy Sugar
03-30-2009, 01:38 AM
Oh, so the virus is not a rumor- it really does exist, does it?

Hmm..guess that means I'm going to have to download the Patch right away..

Black Hawk
03-30-2009, 01:41 AM
Problem is, the patch came out before the latest conficker plus it mutates faster than the flu virus. Your best course of action is to run constant virus scans and to not click any chat links.

poke123
03-30-2009, 02:50 AM
So what systems are being affected? I have Windows Vista... I couldn't find the patch to prevent the virus from infecting my computer. Can someone give me the link?

Lord Fedora
03-30-2009, 03:03 AM
So what systems are being affected? I have Windows Vista... I couldn't find the patch to prevent the virus from infecting my computer. Can someone give me the link?
Any and all computers running any version of Windows can get it. Personally I feel safe, because I run automatic updates on my lappie, plus I had the original patch when I got my computer, plus I have an excellent virus protection program and firewall (Symantec ftw)

AllYourBaseAreBelongToUs
03-31-2009, 07:18 PM
Well, I've got the Patch, but if I'm not on for a while after tomorrow, Conficker ruined my computer -.-

Also, I run a lot of virus scans, infact I'm scanning right now!

Ahlat
03-31-2009, 07:53 PM
I have a question. what if you don't use your computer at all and have the plug out on april 1st, can can conficker still get you?

Peace Buyer
03-31-2009, 09:47 PM
Any and all computers running any version of Windows can get it. Personally I feel safe, because I run automatic updates on my lappie, plus I had the original patch when I got my computer, plus I have an excellent virus protection program and firewall (Symantec ftw)

That wont work....it will eat through it, It is said to be the deadlies computer virus.

It litteraly will erase all data files and can infect a site and delete that!

Stay off the internet April 1 no questions!!

Yoda55
03-31-2009, 09:49 PM
I'm saved from the virus :D

Mitsuzo-kun
03-31-2009, 10:20 PM
They had a special on this on 60 minutes just 2-3 minutes ago. It's serious business.

Yeah, it was in the newspaper the other day too. I have the same problem as Poke123. :/ I have Vista, and tried most of the patches, but everytime I'd finished downloading it and tried to run it, it said "This update does not apply to your system". Epic fail.

Black Hawk
04-01-2009, 01:34 AM
I have a question. what if you don't use your computer at all and have the plug out on april 1st, can can conficker still get you?

-.- If your computer has internet access at any point, you're at risk. I would also like to point out that this virus doesn't start spreading on April 1st, It activates. So the virus will not infect you tomorrow. You are either good or it already has infected your computer and will receive its instructions tomorrow.

I'm saved from the virus :D

Unless you're running Linux or have a Mac, no you're not.

Nirvash
04-01-2009, 02:30 AM
You all are so uninformed. Not even funny.

This "virus" is the conficker worm. It has been out for months. It shut down British Royal Navy computers, as well as some french government computers I believe. It currently has infected millions of computers world wide. Taken from F-secure's blog, here's the run down:

April 1st, 2009 has arrived.

As I'm posting this, it's 00:18 on the 1st of April in Auckland, New Zealand.

But there aren't that many Conficker infections in New Zealand to begin with.

Infection situation in South Korea is more interesting; it's in the TOP 5 infected countries. And it's already 20:18 on the 31st in Seoul right now.

So, when exactly is Conficker activating?

It goes like this:

Conficker checks the local clock every 90 minutes (in some cases even more frequently)
The check is done with Windows GetLocalTime function
GetLocalTime gives the local time, based on the local time zone
Because of this, machines around the world are returning different times
Clock skew affects this as well
But not by much, as Windows machines will sync their local clock with time.windows.com once a week
Once the local clock says it's April 1st, Conficker will collect a date from the net

This means that machines in Australia will already be collecting a date from the net when machines in Hawaii aren't.

Conficker's net time collection uses several large websites to get the date. These are sites such as:

adobe.com
answers.com
baidu.com
bbc.co.uk
comcast.net
disney.go.com
ebay.co.uk
facebook.com
imdb.com
megaporn.com
miniclip.com
rapidshare.com
torrentz.com
typepad.com
wikimedia.org
yahoo.com
youtube.com

The HTTP header time on these sites is very accurate and very close to each other.

You can check these yourself: simply connect to port 80 of any website with netcat or telnet. In Windows, simply run "telnet google.com 80". Once connected, type (blindly) "GET /" and hit enter a couple of times. You'll get a screenful of results, including a "Date:" field.



Here's some sample HTTP HEAD returns from websites that Conficker uses to check the date. These were checked earlier this morning:

Google.com
Date: Tue, 31 Mar 2009 06:27:42 GMT
Client-Date: Tue, 31 Mar 2009 06:27:42 GMT
Client-Peer: 209.85.171.103:80

Facebook.com
Date: Tue, 31 Mar 2009 06:28:24 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Client-Date: Tue, 31 Mar 2009 06:28:24 GMT
Client-Peer: 69.63.184.143:80

www.baidu.com
Date: Tue, 31 Mar 2009 06:31:47 GMT
Expires: Tue, 31 Mar 2009 06:31:47 GMT
Client-Date: Tue, 31 Mar 2009 06:31:48 GMT
Client-Peer: 220.181.5.222:80

www.youtube.com
Date: Tue, 31 Mar 2009 06:32:30 GMT
Expires: Tue, 27 Apr 1971 19:44:06 EST
Client-Date: Tue, 31 Mar 2009 06:32:31 GMT
Client-Peer: 208.65.153.253:80

When the local clock says it's April 1st, Conficker will fetch the date values from the above sites and will use these values in an algorithm to generate 50,000 unique domain names. Do note that even if the date from the web sites says it's March 31st, Conficker would still activate if the local clock says it's April 1st.

The machines that are infected by Conficker.C and are turned on, will change modes between 00:00 and 01:30 on April 1st, based on machines own clock. The ones that are turned off, will change modes soon after they are booted up.

Cheers,
Mikko

Anyway, I typed up a tutorial on how to scan your computer for it using Nmap, but you can learn how from Insecure.org

http://insecure.org

Bryce
04-01-2009, 03:24 AM
Meh. My computer is so effed up already, it's not even funny. Bring it on, worm. >:O

Tory vs Meaty II
04-01-2009, 05:15 AM
Well, It is after 12:00 here, eventually, I will get it. But my SmitfraudFix (http://siri.geekstogo.com/SmitfraudFix.php) will do the trick like it always do. I works for all versions Windows 2000 and up. This laptop is running on Windows XP - Windows Vista Capable.

Kenny_C.002
04-01-2009, 05:21 AM
Unless you're running Linux or have a Mac, no you're not.

Linux strikes again as the windows saviour :3

Lord Fedora
04-01-2009, 07:29 AM
Well, I don't have it yet, but since any one of you can be infected, I'm going to go offline for the next few days on my lappie in the hopes that it dies out or is destroyed.

I just figured out the whole April 1st thing too. It's not a coincidence, the people who programmed it just have a very sick sense of humor.

Soda
04-02-2009, 01:02 AM
:rolleyes: I have a Windows XP super old computer and works just as well as it did yesterday.

Just as I said...

APRIL FOOLS JOKE.

Chromatic Alchemist
04-02-2009, 01:38 AM
Actually, to all the non-believers, this is not an April Fools joke. Though it didn't happen to everyone, many people reported this virus today (uber news nerd).

Lord Fedora
04-02-2009, 01:46 AM
Actually, to all the non-believers, this is not an April Fools joke. Though it didn't happen to everyone, many people reported this virus today (uber news nerd).
*has remained untouched and is thrilled about it*

spartan117
04-02-2009, 01:56 AM
*has remained untouched and is thrilled about it*
Ditto.
And I had the firewall and defense system on disabled mode. Haha.

Kayden Javlaíakín
04-02-2009, 10:22 PM
Linux strikes again as the windows saviour :3
Indeed it has. :3

*smug Debian user*

I have a Windows XP super old computer and works just as well as it did yesterday.

Just as I said...

APRIL FOOLS JOKE.

Umm... no.

The A and B variants have already infected millions of PCs; the fact that C activated yesterday was just a coincidence, or maybe even a scheme to get people to believe it was naught more than a joke.

Considering the fact that Microsoft released a patch for this bugger in October, most of the people infected by it are simply those who never keep their software up-to-date. Sadly, that accounts for a good amount of Windows users. :S

Orange_Flaaffy
04-06-2009, 04:35 PM
*hugs her Mac*:biggrin: Everything is fine here:happy:

Shroom
04-06-2009, 05:07 PM
It's not a virus. It's a worm. Also, as long as you have updated your computer since November and have an updated anti-virus you are fine. And if you want to know if you are infected, just go to microsofts website. If you have it, it will block access to Microsoft's website and prevent you from logging in on your anti-virus provider's website.

Dark Lightning
04-06-2009, 05:47 PM
I didn't even know about this and nothing has happened to my Vista. :O

Shroom
04-06-2009, 06:10 PM
I didn't even know about this and nothing has happened to my Vista. :O

You wont notice anything. It's a worm, not a virus. It wont slow down your computer. Or make spam appear. It will just take your information such as passwords and such and put it on the internet.

spartan117
04-06-2009, 08:19 PM
It's not a virus. It's a worm. Also, as long as you have updated your computer since November and have an updated anti-virus you are fine. And if you want to know if you are infected, just go to microsofts website. If you have it, it will block access to Microsoft's website and prevent you from logging in on your anti-virus provider's website.
In that case Im fine. It lets me go on Microsoft.com and nothing has changed on my computer.

Lusitania
04-06-2009, 08:26 PM
I have a little idea. You know how it was supposedly to go out on April 1st? What if that was just a front to make everyone feel safe, adn then release it later, whether it be a day, a week, or a month.

AllYourBaseAreBelongToUs
04-06-2009, 08:45 PM
I have a little idea. You know how it was supposedly to go out on April 1st? What if that was just a front to make everyone feel safe, adn then release it later, whether it be a day, a week, or a month.

Well, that's possible, but I hope not.

I've survived the supposed day.

Soda
04-06-2009, 09:35 PM
You wont notice anything. It's a worm, not a virus. It wont slow down your computer. Or make spam appear. It will just take your information such as passwords and such and put it on the internet.

Then seriously, I don't know what I was getting so worked up about. :3

Lusitania
04-06-2009, 09:45 PM
Then seriously, I don't know what I was getting so worked up about. :3

For you, no, but for your parents/any adult, it's a big deal. Their bank account numbers, credit card numbers, and anythign they've evert put into the internet (i.e. if you buy something off of eBay), it's able to be obtained by Conficker.

LimeGreen
04-06-2009, 09:47 PM
I didn't even know about this and nothing has happened to my Vista. :O
Vista....lucky D:

They said that it could strike at any time.

Also they said that AVG could delete it.

Josh
04-06-2009, 10:26 PM
For you, no, but for your parents/any adult, it's a big deal. Their bank account numbers, credit card numbers, and anythign they've evert put into the internet (i.e. if you buy something off of eBay), it's able to be obtained by Conficker.

Um... dude. So far the only variations of the Conficker worm disable certain networking functions. It's not any form of keylogger or spyware.

iReign
04-06-2009, 10:31 PM
Um... dude. So far the only variations of the Conficker worm disable certain networking functions. It's not any form of keylogger or spyware.

Yeah, what Josh said. Anyway, did anyone actually get Conficker? :X

LimeGreen
04-06-2009, 10:57 PM
Yeah, what Josh said. Anyway, did anyone actually get Conficker? :X
Not me if anyone did
Well they really wouldn't be on too much if they knew they had it.

Josh
04-09-2009, 11:14 PM
My school got hit with it pretty bad, we discovered just in time for the term to end (our IT guy is taking paternity leave next term).

So as you'd expect, we have a network that stretches across the entire school and every computer int he school is "locked" (i.e. The harddrive can be written to, but resets to a preset state every time you reboot) apart from a few (in staffrooms, some classrooms, etc.). We figured it's one of these unlocked computers that the virus originated from.

The first occurence we really had was at a single moment, all of the computers in the room were hit with an error that caused "svchost.exe" to fail. For the most part, this majorly disabled the networking and forced everyone to have to reboot (which meant most of the class lost all the programming they did in that lesson).

We thought it was just the network switch sending some dodgy packets (because it only seemed to be happening in the two computer rooms) so we reset that and it seemed okay. One of the odd symptoms it was displaying, however, was that when we told the computer to reset it would get stuck at either "Logging off" or "Closing network connections". So we had to force it to shut down.

Then a few days later I was up in the library and I noticed about two computers were in the permanent "Logging off" state, so I forced it to shut down and then started it up again. Of course, another "svchost.exe" error.

This happened to about 4/12 library computers, some still working, some refusing to even launch applications.

We did some research and then narrowed it down to be the Conficker virus. We downloaded a patch from Windows Update and everything seemed to work just fine.

You may have the Conficker worm if:
svchost.exe continuss to randomly crash
- As result:
-- applications might not launch properly
-- networking functions might not be available
-- your computer may not shutdown/reset properly

Archer
04-11-2009, 03:44 AM
@Josh - I can't understand how that would happen easily, as most schools are obsessive when it comes to updates and security. I know that my school has antivirus programs on each computer, despite the fact that they run through a server with a firewall and it's own antivirus. I realise this is to stop anything getting through on USBs, etc. They also lock the computers from anything but pre-specified processes, so it's nigh impossible to run any programs they don't want you to.

As most businesses are more careful with security, I can't imagine how they recieved the virus.

Josh
04-11-2009, 07:38 AM
There are some staff machines that may have been unlocked. It's quite possible that it could've originated from another school (every school in the state is networked) and spread. For some reason the computers don't update properly (it's a hopeless network).