Hey all, I am writing this so early because I am absolutely gutted and quite honestly pretty god damn scared! You may well have heard of the Conficker worm which was speculated to strike today? Well, I turned on my main Desktop PC this morning only to be greeted by a “scene” style window with the words “Conficker – Instructions are here suckas”. Picture after the hop…
As you can see, it said the following:
Conficker Infection Count: 10,143,529
Days Since You Were Infected: 109
Hours Conficker Has Had Control Over Your Machine: 2619
Processing Instructions
I managed to capture the screenshot before quickly shutting down the Desktop PC and going on to my Laptop (Which luckily, as of yet, hasn’t been struck with Conficker it would seem) as I have no idea what “Instructions” it was trying to process!
All I know is that if this thing is as dangerous as it is ominous, I don’t want to let it have it’s way with my PC as there is some extremely sensitive data on there!
I just thought I would put this out there so you all know what to expect if you are infected. Have you been infected or have something to say? Please do leave your comments below.
Yeah I know its April Fool’s Day
@Madiator: Thanks for the comments, but I really wish this were a joke.
There has been speculation for quite some time now that this worm would strike today (of all days!).
Hey Tom,
Check out this tool from Symantec to remove it, instructions below.
Alastair.
http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99
Follow these steps to download and run the tool:
1. Download the FixDwndp.exe file from: http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixDwndp.exe.
Note: W32.Downadup.C may block access to Symantec Web sites and network addresses. Follow these steps to remove the block:
1. Click Start > Run or hit Windows Key + R.
2. Type cmd and click OK.
3. Type net stop dnscache and press Enter.
4. Type exit and press Enter.
2. Save the file to a convenient location, such as your Windows desktop.
3. Optional: To check the authenticity of the digital signature, refer to the “Digital signature” section later in this writeup.
Note: If you are sure that you are downloading this tool from the Security Response Web site, you can skip this step. If you are not sure, or are a network administrator and need to authenticate the files before deployment, follow the steps in the “Digital signature” section before proceeding with step 4.
4. Close all the running programs.
5. If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
6. If you are running Windows Me or XP, turn off System Restore. For instructions on how to turn off System Restore, read your Windows documentation, or one of the following articles:
How to disable or enable Windows Me System Restore
How to turn off or turn on Windows XP System Restore
7. Locate the file that you just downloaded.
8. Double-click the FixDwndp.exe file to start the removal tool.
9. Click Start to begin the process, and then allow the tool to run.
NOTE: If you have any problems when you run the tool, or it does nor appear to remove the threat, restart the computer in Safe mode and run the tool again.
10. Restart the computer.
11. Run the removal tool again to ensure that the system is clean.
12. If you are running Windows Me/XP, then reenable System Restore.
13. If you are on a network or if you have a full-time connection to the Internet, reconnect the computer to the network or to the Internet connection.
14. Run LiveUpdate to make sure that you are using the most current virus definitions.
What’s cool about Conficker is that its easy to detect and obvious like the warning you got. You can always visit this page since they block access to antivirus sites and such http://www.confickerworkinggroup.org/infection_test/cfeyechart.html
Hope your computer is fine now though
LoLs.. I thought that was serious not until I noticed the date.