Conficker related virus?
Results 1 to 5 of 5

Thread: Conficker related virus?

  1. #1
    Senior Member
    Join Date
    Nov 2001
    Posts
    127

    Exclamation Conficker related virus?

    We had a few people come in last week to our repair shop with the same malware. The malware was called Security (something) and on the same machines, conflicker was found. This malware would block any programs from running, reporting that it was infected and would prompt to download AV software. At any rate, I wanted to present the resolution I found.

    Pretty much run quickkill and combofix. Because there was a brief delay before a program would be killed by the malware I found that if I ran quickkill and hit "Y" really fast it was enough time to kill the process. I later discovered that there is a script to auto confirm quickkill when launched. That's my story. I know it's simple and many of the brains here would have figured this out on their own, but I hope this helps someone else out.

    Notes:
    For batch scripting, a "-q" parameter will supress this warning and just autokill. Run the program with a "-?" for the other option (exemption file override).
    http://www.anappaday.com/downloads/2...quickkill.html

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    sandwich.

  2. #2
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Wasn't it "Spyware Protect 2009"?

    http://news.zdnet.co.uk/security/0,1...9640215,00.htm

    BTW Bob, it is "Conficker" so I have edited the title. It is also known as "Downadub"

    Last edited by nihil; May 22nd, 2009 at 08:52 PM.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    127
    Yes, that's it. I guess it's old news then, but we hadn't seen that infection come in before and we have had 5 come in so far this week. Searched fixes didn't solve the problem so I just wanted to put this out in the cloud.
    sandwich.

  4. #4
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Actually you have been seeing a more recent variation.

    Conficker/Downadub created an enormous botnet that in its various morphs, possibly infected as many as 15,000,000 machines (not all at the same time) but never seemed to actually "do" anything until recently.

    Could be that parts of the botnet are being sold off for scams like this scareware?

    That would explain why they appear in different places at different times?

    I certainly haven't encountered it being used "in anger" yet so it is a useful heads up.

    Cheers
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  5. #5
    Junior Member
    Join Date
    Mar 2003
    Posts
    12
    Quote Originally Posted by CyberB0b View Post
    We had a few people come in last week to our repair shop with the same malware. The malware was called Security (something) and on the same machines, conflicker was found. This malware would block any programs from running, reporting that it was infected and would prompt to download AV software. At any rate, I wanted to present the resolution I found.

    Pretty much run quickkill and combofix. Because there was a brief delay before a program would be killed by the malware I found that if I ran quickkill and hit "Y" really fast it was enough time to kill the process. I later discovered that there is a script to auto confirm quickkill when launched. That's my story. I know it's simple and many of the brains here would have figured this out on their own, but I hope this helps someone else out.

    Notes:
    For batch scripting, a "-q" parameter will supress this warning and just autokill. Run the program with a "-?" for the other option (exemption file override).
    http://www.anappaday.com/downloads/2...quickkill.html

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    I don't think the application you found is really a malware, just a Rogue Antivirus, probably 1 out of 100000 payloads Conficker installs to earn some money

    Quote Originally Posted by nihil View Post
    Wasn't it "Spyware Protect 2009"?

    http://news.zdnet.co.uk/security/0,1...9640215,00.htm

    BTW Bob, it is "Conficker" so I have edited the title. It is also known as "Downadub"

    Also known as Downandup & Kido
    silent play in the shadow of power...

Similar Threads

  1. Abbr: history of the computer virus
    By E5C4P3 in forum AntiVirus Discussions
    Replies: 12
    Last Post: April 30th, 2013, 08:05 PM
  2. Virus Research Information: What Are The Different Kinds?
    By Spyder32 in forum The Security Tutorials Forum
    Replies: 18
    Last Post: September 3rd, 2004, 11:23 PM
  3. The Bulgarian and Soviet Virus Factories
    By foxdie in forum AntiVirus Discussions
    Replies: 11
    Last Post: April 4th, 2004, 01:52 AM
  4. Black Wolf's Guide to Memory Resident Viruses.
    By ahmedmamuda in forum AntiVirus Discussions
    Replies: 2
    Last Post: March 20th, 2002, 01:03 AM
  5. So you want to learn about Viruses.
    By 3ntropy in forum AntiOnline's General Chit Chat
    Replies: 10
    Last Post: March 4th, 2002, 10:32 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides