Want to format, will conficker kill me?

sitnet

Senior Member
Joined
Apr 4, 2008
Messages
886
Reaction score
34
So I want to format my Laptop tomorrow because it got infected with a very-hard-to-remove worm. But now with all this conficker talk going around I don't know if it is safe. The thing about the conficker infection is that it targets people who don't have the latest updates for windows and their anti-viruses. The first thing I am going to install is ESET NOD32 and Malwarebytes Antimalware but will that small window of time before I update be long enough?

One advantage I do have though is that I am going be doing it through a HUGE server with extreme security, I got contacts at out municipality's server. I know one of the techies there and he is going to let me use their internet (going through their server) to do the updates etc. Convenient isn't it?:)

But will this be enough? What do you guys think?
 
The April 1st thing is a complete media hype. Make sure you have MS08-067 installed and your AV is up to date and you will be fine.
 
Do not forget to spend some RRR on AV, register your copy of win32 ...
Those worms are best advertising campaign for AV?
 
Do not forget to spend some RRR on AV, register your copy of win32 ...
Those worms are best advertising campaign for AV?

Don't worry, W32/Virut has now killed me instead.
 
the virut is a nasty one but you can rid of it!

You never (in 99%) of the cases have to reformat to get rid of a virus. I've cleaned 100's of machines and have never lost one to the dark side yet. With the right tools all malware can be removed.
 
Win32.virut.56 : jL.chura.pl

the virut is a nasty one but you can rid of it!

Yea. You can say that again! It is one heck of a nasty virus. But how do you get rid of the stuff it leaves behind? I had to tackle it head on with DrWeb CureIt after some people in the house went to a LAN :rolleyes:. CureIt ate all them 'virut.56' stuffies for breakfast.

But now I am stuck with some leftover trojans/worms running amok - killed most of them and now using a mix of AVG8.5/BartPE+CureIt/Malwarebytes/etc. I'm just having some trouble with killing the last one:

I cannot start Firefox at all. Got a clean setup file and reinstalled firefox. Same thing. It shows up in the task manager but does not open up. On closer inspection running the 'netstat -b' command shows firefox trying to connect to jL.chura.pl . None of my AV apps is showing anything. It must be some file that FF uses that is probably infected with some undetected virus/exploit of some kind. Portable FF opens up fine but it seems like it still tries to connect to jL.chura.pl :confused:

Any tips would be highly appreciated! Thx
 
There are a few tools I've used before to track down new malware that nothing picks up - try autoruns for starters, then look at filemon, regmon and tcpview from Sysinternals (MS) - you can normally track down the program causing the problem with a bit of patience.
 
I'm watching filemon like a hawk already - just wish I could slow down the pc a bit to "see" where the jL.chura.pl link is stored/called from in the first place. Everything just flies by at the speed of light :/

ooh, tcpview - thats new! *drools* ... *downloads* :cool:
 
Don't forget that Microsoft's Malicious Software Removal Tool is available.

Just run 'mrt.exe' from your start->run.

It can take several hours to do a full scan though.

Latest edition is March 2009, fwiw.
 
I'm watching filemon like a hawk already - just wish I could slow down the pc a bit to "see" where the jL.chura.pl link is stored/called from in the first place. Everything just flies by at the speed of light :/

ooh, tcpview - thats new! *drools* ... *downloads* :cool:

Its easier if you use the filter and exclude the common stuff.

tcpview its really cool - you can see exactly what goes where.
 
one of my laptops was so badly infected with the W32.Virut and I think the conficker as well, infected everything that was connected to it. USB Drives, external hdd's, Ipods and now the laptop does not boot. can only acess safe mode!

Why did people create viruses???? Malicious F**KS!!!!
 
Win32/Virut

Hi there, this is an awesome virus.
It is a bit of a headache to solve manually but i have finally discovered that Symantec Antivirus does not get rid of this virus, at least the variant Win32/Virut.ce.
The following which i have tested does not detect and clean it also:
Microsoft Malicious Software Removal Tool
AVG Free
Superantispyware
Ad-Aware
SpyBot Search & Destroy
Dr!Cureit
Avast
Avira - deletes the files

Kaspersky was the only one i found to remove this virus successfully.
Trial version works just okay.

Go here to read the amazing stories you hear, which at first seem tempting, but then again also funny.

http://www.symantec.com/connect/forums/readersexe-variant-here-what-i-did-resolve-it
 
bump

I got this freaking thing yesterday - yeah yeah - keygens i know!! :)

Luckily i have backup strategy but WOW - this thing is HORRIBLE.

Kaspersky can block this thing - but to "repair" and undone the damage - NOTHING works! (kaspersky,nod32,antivir,avast, trend,CA ect)

AVG's virut repair util doesn't work - dll's are screwed..

So watch out for win32.virut.56 / win32.virut.ce - hands down worst virus/worm for 2009 imho!!
 
Yea. You can say that again! It is one heck of a nasty virus. But how do you get rid of the stuff it leaves behind? I had to tackle it head on with DrWeb CureIt after some people in the house went to a LAN :rolleyes:. CureIt ate all them 'virut.56' stuffies for breakfast.

But now I am stuck with some leftover trojans/worms running amok - killed most of them and now using a mix of AVG8.5/BartPE+CureIt/Malwarebytes/etc. I'm just having some trouble with killing the last one:

I cannot start Firefox at all. Got a clean setup file and reinstalled firefox. Same thing. It shows up in the task manager but does not open up. On closer inspection running the 'netstat -b' command shows firefox trying to connect to jL.chura.pl . None of my AV apps is showing anything. It must be some file that FF uses that is probably infected with some undetected virus/exploit of some kind. Portable FF opens up fine but it seems like it still tries to connect to jL.chura.pl :confused:

Any tips would be highly appreciated! Thx

I know it's a bit late, but...

put the following into your hosts file :

127.0.0.1 jL.chura.pl

that should sort it out :D

Gah, pesky kuk, these nasty buggers :sick:
 
Whilst on this topic - in some cases it is quicker to format and install than trying to remove malware and its hidden triggers.
 
Top
Sign up to the MyBroadband newsletter
X