Conficker related virus?
We had a few people come in last week to our repair shop with the same malware. The malware was called Security (something) and on the same machines, conflicker was found. This malware would block any programs from running, reporting that it was infected and would prompt to download AV software. At any rate, I wanted to present the resolution I found.
Pretty much run quickkill and combofix. Because there was a brief delay before a program would be killed by the malware I found that if I ran quickkill and hit "Y" really fast it was enough time to kill the process. I later discovered that there is a script to auto confirm quickkill when launched. That's my story. I know it's simple and many of the brains here would have figured this out on their own, but I hope this helps someone else out.
For batch scripting, a "-q" parameter will supress this warning and just autokill. Run the program with a "-?" for the other option (exemption file override).
Wasn't it "Spyware Protect 2009"?
BTW Bob, it is "Conficker" so I have edited the title. It is also known as "Downadub"
Yes, that's it. I guess it's old news then, but we hadn't seen that infection come in before and we have had 5 come in so far this week. Searched fixes didn't solve the problem so I just wanted to put this out in the cloud.
Actually you have been seeing a more recent variation.
Conficker/Downadub created an enormous botnet that in its various morphs, possibly infected as many as 15,000,000 machines (not all at the same time:D) but never seemed to actually "do" anything until recently.
Could be that parts of the botnet are being sold off for scams like this scareware?
That would explain why they appear in different places at different times?
I certainly haven't encountered it being used "in anger" yet so it is a useful heads up.
I don't think the application you found is really a malware, just a Rogue Antivirus, probably 1 out of 100000 payloads Conficker installs to earn some money
Originally Posted by CyberB0b
Also known as Downandup & Kido :)
Originally Posted by nihil