Pets.ca - Pet forum for dogs cats and humans 

-->

April Fools day "Worm" attack

Luvmypitgirls
March 25th, 2009, 10:41 AM
I just heard on Global News that there is a very sofisticated computer "worm" that will be hazardous to your computer on April 1st. Apparently it latches on to unreliable websites and downloads (Windows).
A patch is available from Microsoft, to prevent damage to your PC.

I'm not computer savvy, and really don't understand how these things work (ie: worms) but I thought I would pass this info on.

Sidenote: Microsoft is offerring 250,000 dollars for information that leads to the arrest to the "creator" of this worm.

:confused: there are people that actually create these things?:frustrated:

Melinda
March 25th, 2009, 11:19 AM
this went on last year also, they ended up arresting a student in china.

Bina
March 25th, 2009, 01:51 PM
Last summer my computer picked up a very nasty virus and I had to have a specialist overhaul my machine.
So, I guess April first is a really good time to be extra vigilant. Thanks for the reminder. :)

Diamondsmum
March 26th, 2009, 11:27 AM
I just wanted to bump this with a lil bit more info..

http://www.bdtools.net/technical-details-downadup.php

There is a scan there as well to check

http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx <this is the patch you should have to protect your PC's click your Operating system.

When in doubt check your windows update history.

The removal of this worm if you get it is a PITA. (pain in the A$$) As it blocks access to antvirus sites.

Love4himies
March 26th, 2009, 12:18 PM
I wanted to do that on my personal computer but wasn't sure how to :confused:

Diamondsmum
March 26th, 2009, 11:45 PM
L4,

You can download that patch and install it (if it says already installed your ok)

:thumbs up

If you need any help do PM me I will be happy to assist. (Iv patched/ensured that 42 PC's are good to go in the last 3days) and as well ensured that all my clients all over are protected. and downloaded the removal tool JUST IN CASE!

to date this worm has infected 9million PC's so far..

hazelrunpack
March 27th, 2009, 12:03 AM
So does this patch remove the worm if you've already got it, or just block it from being downloaded if you're still clean?

TacoGrl
March 27th, 2009, 12:38 AM
So does this patch remove the worm if you've already got it, or just block it from being downloaded if you're still clean?


It doesn't remove it...it patches the hole in your system the worm uses to get in...

If you register your system with Microsoft, they will automatically update it when these things come along...sometimes it's scary how much they actually can do with your system...makes me wonder about hte whole Big Brother thing, however, I like the protection...I have paid a lot for my system and between MS and my anti-virus, I feel protected...knock on wood! :whistle:

hazelrunpack
March 27th, 2009, 12:39 AM
Anyone know how to check to see if the worm is present already and awaiting activation?

TacoGrl
March 27th, 2009, 12:42 AM
Anyone know how to check to see if the worm is present already and awaiting activation?


What system are you running?

Do you have Windows Defender in your Program list?

You can also open your anti-virus and ask to do a scan...most products offer a scan for spyware, malicious, etc.

If you are looking for a free progarm...AVG is a great one! I have McAfee professional and love it, but AVG free will do the job for basic scans and should pick this worm up...MS also has a scan tool on their site...I just mention AVG in case you don't have an anti-virus already...

On a side note...I don't believe the worm in question is dormant...I believe it will be sent out via e-mail on April 1st and by opening it and doing what it asks will activate the worm instantly...most worms are like that.

hazelrunpack
March 27th, 2009, 12:53 AM
In that case, I'm probably safe :thumbs up :D

Running XP Pro; can't run AVG--really slows down the computer; so I use Symantec and Spybot. Used to use Adaware, too, but the updates kept getting bigger and eventually I couldn't download them over my connection any more :shrug:

TacoGrl
March 27th, 2009, 01:00 AM
In that case, I'm probably safe :thumbs up :D

Running XP Pro; can't run AVG--really slows down the computer; so I use Symantec and Spybot. Used to use Adaware, too, but the updates kept getting bigger and eventually I couldn't download them over my connection any more :shrug:


I had Symantec on my 2000 system (liked it), but it had some compatability issues with Vista in the beginning so I switched to McAfee and no probs...Spybot is a good prog too, but Symantec should have spyware detect included, no?

hazelrunpack
March 27th, 2009, 01:03 AM
I think it has some, but it's not as good imo. Symantec updates are also getting quite large, so I'm thinking I may have to drop it, as well :sad:

TacoGrl
March 27th, 2009, 01:26 AM
I think it has some, but it's not as good imo. Symantec updates are also getting quite large, so I'm thinking I may have to drop it, as well :sad:

Don't drop it...upgrade either your computer or connection...now days, you can't surf without protection...sounds like an after school show LoL!

I hate to recommend Dell, but they do have some decent computers at decent prices...their customer service bites, but there are enough sites to get help from. You can also create a "partition" to help speed things up...basically you create another internal drive and devote memory to it, but it functions quicker because it is devoted to only say your anti-virus program...it helps a bit with dial up too because the more on a drive, the slower it processes things...if you move your anti-virus to the "new" drive and include it in your protection, downloads will be a bit quicker...

You may just need to do some maintenance on your system though...when was the last time you used your disk cleanup and/or defrag programs...located in your Programs menu...yes, I leave the easiest for the last! :D

Luvmypitgirls
March 27th, 2009, 09:43 AM
I backed up all my files just incase, and I'm going to call our computer tech today to make sure all the security they put in my computer will be enough to protect me. And if not, then I'll take my PC in and he can upgrade whatever it is I need.

hazelrunpack
March 27th, 2009, 03:18 PM
Don't drop it...upgrade either your computer or connection...now days, you can't surf without protection...sounds like an after school show LoL!

The only way to upgrade the 18 miles of obsolete triply-redundant spans between here and the substation is for me to purchase a ton of fiber optic, rent an excavator and do it myself. :laughing: We have 65 potential end-users out here, which means it's not cost-effective for the phone company to act on it. We're in a dead zone for cell, most radio and most TV. Satellite can be spotty because we're in the woods...but also because they want SSN and we refuse to give it to them.

I hate to recommend Dell, but they do have some decent computers at decent prices...their customer service bites, but there are enough sites to get help from. You can also create a "partition" to help speed things up...basically you create another internal drive and devote memory to it, but it functions quicker because it is devoted to only say your anti-virus program...it helps a bit with dial up too because the more on a drive, the slower it processes things...if you move your anti-virus to the "new" drive and include it in your protection, downloads will be a bit quicker...

My computer is a Dell, and it runs plenty fast. It's the connection that sucks :sad:

You may just need to do some maintenance on your system though...when was the last time you used your disk cleanup and/or defrag programs...located in your Programs menu...yes, I leave the easiest for the last! :D


My disk is only 12% used, gets defragged 1-2 times a week if I'm doing a lot of photoprocessing and deletion, at least once every 2 weeks if I'm not. I rarely let my files get past 6% total fragmentation, so that isn't the problem either.

It's just crappy phone lines.... :frustrated:

Actually, we're pretty thankful when we have phone service at all! :o

TacoGrl
March 27th, 2009, 03:24 PM
Okkk then, you are simply SOL! :D

hazelrunpack
March 27th, 2009, 03:49 PM
Okkk then, you are simply SOL! :D
:laughing: Yep. Welcome to hazel's world! :laugh:

But, on the plus side, what we lost in convenience, we more than made up for in life style when we moved :thumbs up

Diamondsmum
March 28th, 2009, 12:22 PM
Anyone know how to check to see if the worm is present already and awaiting activation?

Hazel if you dont have SP2 or SP3 you are suspetiable. On april 1st if your antivrus is not loading or active That is a possible sign your infected.

The link I posted the bdtools one you can run the scan there and it will let you know if its on the system. as well as grab the removal tool.

It is NOT from email but from visiting a site or from a USB drive that was orginally plugged into a infected machine. (Auto-run enabled) and the trigger is April 1st. As well for networked PC's an infected machine can infect ALL the PC's that it has shared folder/files with.

hazelrunpack
March 28th, 2009, 04:17 PM
I think we've got SP3, or at least SP2. So that means I can stop worrying? :D

Diamondsmum
March 28th, 2009, 08:14 PM
LOL Good hazel you shoudl be good :)

SP2 I think included the patch at the time :)

Chris21711
March 29th, 2009, 05:11 PM
This worm will it only activate itself on April 1st?

I don't grasp the ins and outs of computers at all, any help would be sppreciated :o

I have never used the disc cleaner...should I?....what are the benefits?

CearaQC
March 29th, 2009, 05:49 PM
Easy way to avoid a virus/worm at all times, not just when you hear about something on the news:

Don't open any email when you do not recognize the sender. I automatically delete all unknown emails unless I know the sender personally or expecting an email reply.

Don't download and install anything off the internet until you've scanned it with anti virus software AND a Malware/Spyware scanner/removal software. These would be files with something like .exe at the end of the file name, which means it's "executable," meaning a program to run on your computer.

Run a firewall. There are some good free ones online like Zone Alarm.

If you don't have anti virus program, a free one is AVG Anti Virus.

Both Zone Alarm and AVG offer paid versions (with extra bells & whistles) as well as free versions (bare bone). But I've been using both free versions for years and haven't had one bit of trouble.

rainbow
March 29th, 2009, 07:12 PM
This worm will it only activate itself on April 1st?

I don't grasp the ins and outs of computers at all, any help would be sppreciated :o

I have never used the disc cleaner...should I?....what are the benefits?


The Conficker worm is programmed to activate on April 1 and I think this is the third year it is expected to do so. Here is some information ....

http://www.cira.ca/conficker-faq/


Yes you should use the disc cleaner as well as defrag .....how often you do it depends on how often you use your computer, I think. Here is some info from www.microsoft.com/atwork/getstarted/5computinghabits.mspx ....


Clean up your hard disk

Now that you've organized your files and folders, and cleaned up your desktop, you can organize the data itself. Windows includes two utilities—Disk Cleanup and Disk Defragmenter—that help you free up more space on your hard drive and help your computer work more efficiently.

• Disk Cleanup compresses your old files so you can free up storage space.

• Disk Defragmenter scans your hard drive and consolidates files that may be scattered across the disk


Not sure how often to run these utilities? It's really up to you—some people like to run both weekly, others prefer monthly, and a few only run them every few months. It's not a bad idea to do both at least once a month. Windows Vista users take note: Disk Defragmenter is automatically scheduled to run once a week (Sunday at 4 a.m.). You can change the scheduled time for this feature or turn it off, if you prefer.

To find both programs, click Start, point to All Programs, then point to Accessories, and then choose System Tools.



You should also run Check Disk regularly.

1. Click on My Computer
2. Right click on Local Drive C
3. Click on Properties
4. Click on the Tool Tab
5. Under Error Checking click on Check Now
6. Put check marks in both options
7. Click start

Then go enjoy a coffee and relax cuz it takes awhile. :D

14+kitties
March 30th, 2009, 11:32 AM
I just got an email from my daughter. Her hubby is an IT guy who has 7 years at Virginia Tech (worked for the university while he was there) and is now manager of the IT department with an investment firm in London.
He says as long as your comp has been patched that you will be fine. Just thought I would send it along to anyone it could help. I run a Dell with WindowsXP. Don't want Vista yet.

http://windowsupdate.microsoft.com/

rainbow
March 31st, 2009, 01:45 PM
My computer has the Microsoft patch installed but I downloaded the removal tool "just in case" anyways ....

http://www.bdtools.net/how-to-remove-downadup.php

Love4himies
March 31st, 2009, 01:51 PM
I am all updated, thanks for the help DM :grouphug:

rainbow
March 31st, 2009, 07:34 PM
I second that ......I wouldn't have known about the bdtools website if DM hadn't posted it. :thumbs up

And, thanks also to LMPG for starting the thread. :thumbs up

:thankyou::thankyou:

Diamondsmum
March 31st, 2009, 10:34 PM
http://krisabel.ctv.ca/post/So-Far-No-Activity-From-The-Conficker-Worm.aspx

UPDATED - Computers Infected With Conficker Are Starting To Activate
March 31, 2009 10:29 by Kris Abel
April 1st has already crossed the International Date Line and has moved into Sydney, Australia where it's now 1:30 am. In just 30 minutes it will be Tokyo's turn to greet the 1st of April and so far, there's been no reports of activity from the Conficker virus and its network of infected computers. The Internet Storm Center, which keeps track of viral activity across the net hasn't detected any change. I'll keep you posted.

Update: F-Secure is reporting that computers infected with the Conficker virus in countries that have switched over to April 1st have become active and are currently searching for public domains in order to receive further instructions. So far, the creators of Conficker have yet to issue any such instructions.

Update 2: It is now April 1st in London, Paris, Rome, Tokyo, and Sydney. Although an IBM report suggests that most of the infected computers are situated within Europe and Asia, and although security firms are reporting that these infected systems are actively looking for new instructions from Conficker's creators, there's still no sign of action. It's all quiet for now. Millions of enslaved computers are waiting, waiting for instructions to tell them what to do next. Will the writers of Conficker wait until North and South America transition over to April 1st? Will they act at all or is it one big bluff?

Update 3: April 1st has now arrived for Casablanca and Reykjavik. The Americas are all that's left and still no activity from Conficker. If IBM's statistics are right, more than 80% of the infected computers in the world are now active and waiting for instructions that have yet to arrive. St. John's, Newfounland, you're up next for the transition to April 1st.

just a FYI... Midnite is Almost here ... just be safe guys

hazelrunpack
April 2nd, 2009, 10:46 PM
He says as long as your comp has been patched that you will be fine. Just thought I would send it along to anyone it could help. I run a Dell with WindowsXP. Don't want Vista yet.



I didn't want Vista, either.... Don't think the worm will be an issue with ol hazel now...motherboard died on the 29th and the new machine has Vista :rolleyes: Funny how things work out. :p