Want to format, will conficker kill me?

S

sitnet

Senior Member
Joined
Apr 4, 2008
Messages
850
So I want to format my Laptop tomorrow because it got infected with a very-hard-to-remove worm. But now with all this conficker talk going around I don't know if it is safe. The thing about the conficker infection is that it targets people who don't have the latest updates for windows and their anti-viruses. The first thing I am going to install is ESET NOD32 and Malwarebytes Antimalware but will that small window of time before I update be long enough?

One advantage I do have though is that I am going be doing it through a HUGE server with extreme security, I got contacts at out municipality's server. I know one of the techies there and he is going to let me use their internet (going through their server) to do the updates etc. Convenient isn't it?:)

But will this be enough? What do you guys think?
 
gregmcc

gregmcc

Honorary Master
Joined
Jun 29, 2006
Messages
25,512
The April 1st thing is a complete media hype. Make sure you have MS08-067 installed and your AV is up to date and you will be fine.
 
B

Bule

Well-Known Member
Joined
Feb 4, 2006
Messages
208
Do not forget to spend some RRR on AV, register your copy of win32 ...
Those worms are best advertising campaign for AV?
 
S

sitnet

Senior Member
Joined
Apr 4, 2008
Messages
850
Bule said:
Do not forget to spend some RRR on AV, register your copy of win32 ...
Those worms are best advertising campaign for AV?
Click to expand...

Don't worry, W32/Virut has now killed me instead.
 
gregmcc

gregmcc

Honorary Master
Joined
Jun 29, 2006
Messages
25,512
the virut is a nasty one but you can rid of it!

You never (in 99%) of the cases have to reformat to get rid of a virus. I've cleaned 100's of machines and have never lost one to the dark side yet. With the right tools all malware can be removed.
 
L

ld13

Honorary Master
Joined
Oct 28, 2005
Messages
12,997
Win32.virut.56 : jL.chura.pl

gregmcc said:
the virut is a nasty one but you can rid of it!
Click to expand...

Yea. You can say that again! It is one heck of a nasty virus. But how do you get rid of the stuff it leaves behind? I had to tackle it head on with DrWeb CureIt after some people in the house went to a LAN :rolleyes:. CureIt ate all them 'virut.56' stuffies for breakfast.

But now I am stuck with some leftover trojans/worms running amok - killed most of them and now using a mix of AVG8.5/BartPE+CureIt/Malwarebytes/etc. I'm just having some trouble with killing the last one:

I cannot start Firefox at all. Got a clean setup file and reinstalled firefox. Same thing. It shows up in the task manager but does not open up. On closer inspection running the 'netstat -b' command shows firefox trying to connect to jL.chura.pl . None of my AV apps is showing anything. It must be some file that FF uses that is probably infected with some undetected virus/exploit of some kind. Portable FF opens up fine but it seems like it still tries to connect to jL.chura.pl :confused:

Any tips would be highly appreciated! Thx
 
gregmcc

gregmcc

Honorary Master
Joined
Jun 29, 2006
Messages
25,512
There are a few tools I've used before to track down new malware that nothing picks up - try autoruns for starters, then look at filemon, regmon and tcpview from Sysinternals (MS) - you can normally track down the program causing the problem with a bit of patience.
 
L

ld13

Honorary Master
Joined
Oct 28, 2005
Messages
12,997
I'm watching filemon like a hawk already - just wish I could slow down the pc a bit to "see" where the jL.chura.pl link is stored/called from in the first place. Everything just flies by at the speed of light :/

ooh, tcpview - thats new! *drools* ... *downloads* :cool:
 
T

thisgeek

Expert Member
Joined
Apr 22, 2005
Messages
3,372
Don't forget that Microsoft's Malicious Software Removal Tool is available.

Just run 'mrt.exe' from your start->run.

It can take several hours to do a full scan though.

Latest edition is March 2009, fwiw.
 
gregmcc

gregmcc

Honorary Master
Joined
Jun 29, 2006
Messages
25,512
ld13 said:
I'm watching filemon like a hawk already - just wish I could slow down the pc a bit to "see" where the jL.chura.pl link is stored/called from in the first place. Everything just flies by at the speed of light :/

ooh, tcpview - thats new! *drools* ... *downloads* :cool:
Click to expand...

Its easier if you use the filter and exclude the common stuff.

tcpview its really cool - you can see exactly what goes where.
 
D

daWolf

Well-Known Member
Joined
Dec 20, 2007
Messages
338
one of my laptops was so badly infected with the W32.Virut and I think the conficker as well, infected everything that was connected to it. USB Drives, external hdd's, Ipods and now the laptop does not boot. can only acess safe mode!

Why did people create viruses???? Malicious F**KS!!!!
 
gregmcc

gregmcc

Honorary Master
Joined
Jun 29, 2006
Messages
25,512
daWolf said:
Why did people create viruses???? Malicious F**KS!!!!
Click to expand...

Originally....because they can.

Now its all business related - incoming generating software. Want to buy 10 000 bots for $100
 
I

icsoka

Active Member
Joined
Jul 25, 2006
Messages
37
Win32/Virut

Hi there, this is an awesome virus.
It is a bit of a headache to solve manually but i have finally discovered that Symantec Antivirus does not get rid of this virus, at least the variant Win32/Virut.ce.
The following which i have tested does not detect and clean it also:
Microsoft Malicious Software Removal Tool
AVG Free
Superantispyware
Ad-Aware
SpyBot Search & Destroy
Dr!Cureit
Avast
Avira - deletes the files

Kaspersky was the only one i found to remove this virus successfully.
Trial version works just okay.

Go here to read the amazing stories you hear, which at first seem tempting, but then again also funny.

http://www.symantec.com/connect/forums/readersexe-variant-here-what-i-did-resolve-it
 
O

[OUPA]MrNutz

Expert Member
Joined
Jan 21, 2005
Messages
1,788
bump

I got this freaking thing yesterday - yeah yeah - keygens i know!! :)

Luckily i have backup strategy but WOW - this thing is HORRIBLE.

Kaspersky can block this thing - but to "repair" and undone the damage - NOTHING works! (kaspersky,nod32,antivir,avast, trend,CA ect)

AVG's virut repair util doesn't work - dll's are screwed..

So watch out for win32.virut.56 / win32.virut.ce - hands down worst virus/worm for 2009 imho!!
 
T

The_Unbeliever

Honorary Master
Joined
Apr 19, 2005
Messages
103,196
ld13 said:
Yea. You can say that again! It is one heck of a nasty virus. But how do you get rid of the stuff it leaves behind? I had to tackle it head on with DrWeb CureIt after some people in the house went to a LAN :rolleyes:. CureIt ate all them 'virut.56' stuffies for breakfast.

But now I am stuck with some leftover trojans/worms running amok - killed most of them and now using a mix of AVG8.5/BartPE+CureIt/Malwarebytes/etc. I'm just having some trouble with killing the last one:

I cannot start Firefox at all. Got a clean setup file and reinstalled firefox. Same thing. It shows up in the task manager but does not open up. On closer inspection running the 'netstat -b' command shows firefox trying to connect to jL.chura.pl . None of my AV apps is showing anything. It must be some file that FF uses that is probably infected with some undetected virus/exploit of some kind. Portable FF opens up fine but it seems like it still tries to connect to jL.chura.pl :confused:

Any tips would be highly appreciated! Thx
Click to expand...

I know it's a bit late, but...

put the following into your hosts file :

127.0.0.1 jL.chura.pl

that should sort it out :D

Gah, pesky kuk, these nasty buggers :sick:
 
T

The_Unbeliever

Honorary Master
Joined
Apr 19, 2005
Messages
103,196
Whilst on this topic - in some cases it is quicker to format and install than trying to remove malware and its hidden triggers.
 
You must log in or register to reply here.
Top