+ Post New Thread
Page 2 of 9 FirstFirst 123456 ... LastLast
Results 16 to 30 of 121
Windows Thread, Annoying Virus (confick-E) in Technical; Originally Posted by synaesthesia Malwarebytes Anti Malware is a great little app that will entirely remove an infection from a ...
  1. #16
    AyatollahPies's Avatar
    Join Date
    Jan 2008
    Location
    Earth
    Posts
    900
    Thank Post
    48
    Thanked 105 Times in 95 Posts
    Rep Power
    42
    Quote Originally Posted by synaesthesia View Post
    Malwarebytes Anti Malware is a great little app that will entirely remove an infection from a machine, but if it's networked, as above you'll need to repeat the process on all machines. Install it, run it, job done.

    Now, depending on the level of infection and the specific variation of that worm, you might not be able to run the installer let alone the program itself. Thankfully it's a bit "thick". Rename the mbam.exe installer file to "fluffy.exe"

    Install.

    Once installed, go to the installation folder (c:\program files\malwarebytes etc) and rename the EXE file to fluffy.exe. Update or make a new shortcut to that. It'll now run and you'll be able to murder the infection safely. You can of course choose any name you want, "fluffy" is just my preferred alternative name. Sometimes if it's a bad infection i like the name "moist.exe".

    No reason.
    Me thinks Siggy Fraud would have a field day with you.

    To the OP, yes Malwarebytes Anti-Malware is free (though paid for versions are available) and should be a firm part of your arsenal. It's got me out of quite a few sticky issues.

  2. #17
    browolf's Avatar
    Join Date
    Jun 2005
    Location
    Mars
    Posts
    1,524
    Thank Post
    106
    Thanked 88 Times in 74 Posts
    Blog Entries
    46
    Rep Power
    40
    and probably anyone who typos his name *freud

    if you were to packet sniff your connection as you join the network it might be possible to see where the infection is coming from. Of course it could be all over the place....

  3. #18

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,844
    Thank Post
    570
    Thanked 994 Times in 766 Posts
    Blog Entries
    15
    Rep Power
    460
    Yeah it's free in it's basic "run and disinfect" form - there is a paid version which runs in the background keeping a constant eye but the former will be sufficient for your needs.
    I tend to be very wary of most anti spyware programs esepcially if it's one I've not heard of, as there's a stupid amount of fake ones out there which are malware in their own right. Did one infection of Conficker yesterday which the laptops owner decided to try and correct himself by downloading something called XoftSpySE which is malicious software itself, more than doubling the original problem

    Ah, edit : looks like a few people pipped me to the post on that one. But to expand on browolf's point about packet sniffing, Ethereal is a great app for that.

  4. #19
    browolf's Avatar
    Join Date
    Jun 2005
    Location
    Mars
    Posts
    1,524
    Thank Post
    106
    Thanked 88 Times in 74 Posts
    Blog Entries
    46
    Rep Power
    40
    it's called wireshark now

  5. #20

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,844
    Thank Post
    570
    Thanked 994 Times in 766 Posts
    Blog Entries
    15
    Rep Power
    460
    Thats the jobby, shows how much I use it

  6. #21
    NightShade01's Avatar
    Join Date
    Jan 2009
    Posts
    11
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    The removal tool that was mentioned (from f-secure) works well to detect and remove this thing...however be really careful about running it on the servers. We used on a server hoping it would disinfect -> reboot -> done.....well we rebooted the server and it didn't come back up. Seems this tool sometimes corrupts the boot record and other windows essentials. Haven't had any issues with desktop removals though....

  7. #22


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,685
    Thank Post
    352
    Thanked 794 Times in 714 Posts
    Rep Power
    346
    Would be worth checking but I doubt that's the fault of the tool, more likely that an "important" file(s) was infected and the tool wiped it for clean. Restore from back up the files pre infection, or repair the installation yourself and it should work.

    Mind you, once infected, I'd never trust a device again until it's been formatted.

  8. #23

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,844
    Thank Post
    570
    Thanked 994 Times in 766 Posts
    Blog Entries
    15
    Rep Power
    460
    I'm not the only paranoid one then, thank god for that!

    On the positive side real viruses are very rare these days, I've not had a viral infection to deal with in years - it's mostly all worms, spy/adware. Conficker is definitely the worst infection of it's type for a long time and I've certainly had to deal with more infections of that than Sasser a few years ago. Trouble is with this one it's leaving entire networks wide open for abuse and there's a niggling doubt that once an infections taken hold it'd be near impossible to entirely get rid without an entire network rebuild. I'm just thankful the only one I've had to deal with in a school was a standalone machine.

  9. #24

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    199
    i'll second the thought of turning switches off.
    at my old school we had a virus (cant remember its name) that spread via unc so the moment any pc came online it was infected again. we asked for all machines to stay off and then found one teacher 'had' to get those documents from the shared area.
    get all tools needed on to a usb stick or external hdd, down the switches, then work round the rooms. and dont be tempted once a room is clean to turn that switch back on, it only needs one usb stick to re-infect and start from scratch. once EVERY machine is clean, then get the switches online, preferably leaving half an hour between turn on of each to check that nothing is resurfacing.
    good luck with this, i feel your pain!

  10. #25

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,618
    Thank Post
    49
    Thanked 448 Times in 331 Posts
    Rep Power
    136
    Had this last week at one site.

    You must shut down the network - no arguments everything.
    The servers that are infected simply shutdown services and are useless anyway, so turn them off or unplug them until cleaned.

    Patch them first, run the MSRT to isolate/clean the infection.
    Make sure you have a working and updated AV solution.
    If you are using Sophos - (there is nothing wrong with it, if it's not working for you, then look in the mirror and blame the first person you see!) make sure your servers are set for on access scanning read/write.

    Set the Default Domain Policy to disable Autorun on all drives!!!
    Run a full scan on your server and keep the on access scanning turned on for a week at least!

    Then start on all of your administrative level access systems.
    Technician accounts, workstations that run with local administrator or power user rights... Patches, MSRT AV updates.
    If you run WSUS and have a healthy AV system the chances are the impact will be minimal but USB device usage in schools so liberally policed the risk of infection is high.

    In my case the culprit was a workstation used by the Network Administrator logged in as himself a user with Full Admin Rights!

    His own PC was out of date with it's patches and the AV was not configured to clean an infection, not that it would have helped much as that was out of date too! - AVG Pro!!
    He had foolishly used his administrative workstation to inspect a suspected defective USB stick, it must of had at least 18 - 24 hrs head start to get a hold on the network.

    11 Hrs from 1st detection to site cleaned.
    I know that other schools in the same LEA that refuse to shutdown were still trying to clean it 4 days later!

    Same old dog, with new tricks. Clever Confiker!

  11. 2 Thanks to m25man:

    Gibbo (2nd February 2009), Oops_my_bad (31st January 2009)

  12. #26

    Join Date
    Nov 2008
    Location
    Cape Wrath
    Posts
    32
    Thank Post
    0
    Thanked 4 Times in 4 Posts
    Rep Power
    17

  13. Thanks to PcDude from:

    Oops_my_bad (2nd February 2009)

  14. #27
    User3204's Avatar
    Join Date
    Aug 2006
    Location
    Wirral
    Posts
    769
    Thank Post
    55
    Thanked 66 Times in 62 Posts
    Rep Power
    34
    Our main file server, as reported one file as infected with this virus, and when I check the Mcafee EPO server, it has two reports of the virus.
    One on the main file server, and one on the workstation that had the USB disk with the virus on.... not sure how it managed to move to the file server... as it was deleted on both.


    I like this.. Virus found, Virus deleted... it's like the Advert.

  15. #28
    WithoutMotive's Avatar
    Join Date
    Feb 2006
    Location
    Wigan, UK
    Posts
    618
    Thank Post
    41
    Thanked 45 Times in 39 Posts
    Rep Power
    27
    We got pounded by this this today. Spent all day with eveything off cleaning everything. Continuing tomorrow and banning the use of USB pen drives unless they're scanned by us first.

  16. #29

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,844
    Thank Post
    570
    Thanked 994 Times in 766 Posts
    Blog Entries
    15
    Rep Power
    460
    Harsh but seemingly required, especially as was mentioned earlier with the spate of them being given out free.
    I'd be tempted to disable USB ports altogether (unless required on specific machines) either through BIOS or via software/AD permissions. If infections like this can spread throughout a network which is heavily protected already continue to gain in popularity I'd be fairly paranoid about security about now :/

  17. #30
    AyatollahPies's Avatar
    Join Date
    Jan 2008
    Location
    Earth
    Posts
    900
    Thank Post
    48
    Thanked 105 Times in 95 Posts
    Rep Power
    42
    Quote Originally Posted by m25man View Post
    If you are using Sophos - (there is nothing wrong with it, if it's not working for you, then look in the mirror and blame the first person you see!)
    You could use that logic for almost all computer related issues.

SHARE:
+ Post New Thread
Page 2 of 9 FirstFirst 123456 ... LastLast

Similar Threads

  1. [Video] Most Annoying Runner Ever
    By mattx in forum Jokes/Interweb Things
    Replies: 1
    Last Post: 13th January 2009, 01:51 PM
  2. Top 10 annoying technologies
    By FN-GM in forum IT News
    Replies: 14
    Last Post: 8th December 2008, 11:05 AM
  3. Annoying thing!
    By chrbb in forum Windows Vista
    Replies: 3
    Last Post: 2nd September 2008, 02:10 PM
  4. Annoying Error Message
    By firefox_2006 in forum Windows
    Replies: 7
    Last Post: 7th April 2007, 08:14 PM
  5. Bloddy annoying
    By GrumbleDook in forum Jokes/Interweb Things
    Replies: 28
    Last Post: 12th July 2006, 01:09 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •