duncan Posted January 3, 2011 Report Share Posted January 3, 2011 Tricky Christmas Present. After a few months with no malware detections. Running MSE, Immunet and Comodo as well as various on-demand scanners. I started getting an error on bootup which refered to ‘autochek.exe not found’. After a few hours on the net researching this error I managed to download a batch file that replaced ‘BootExecute’ in the registry (which was what the problem seemed to refer to). This got rid of the error and all seemed ok. Meanwhile ‘this error’ had stopped me doing a system backup as the backup software I was using reboots the system and starts backup from startup. This would not work as the ‘autochek error’ was stopping a normal reboot. So I downloaded ‘Easeus Backup’ and did a full system backup to a spare drive from windows. After running autoruns and disabling a few suspect autostart programs. I then ran 3 scanners at the same time and went to bed. The next morning I checked the scanner logs and there was a virus deleted namely ‘Worm:Win32/Conficker.B!inf’ log states: Category: Worm Description: This program is dangerous and self-propagates over a network connection. Recommended action: Remove this software immediately. Items: containerfile:E:\autorun.inf file:E:\autorun.inf->(UTF-16LE) "" Info on this ‘Worm’ below To cut a long story short, it infected my main system drive, stopped me making a backup, then disabled and made unusable my spare drive (backup drive). So I was left with an infected drive and an unusable backup drive. It took a lot of messing around to remount my backup drive and then format it. I also had to use windows recovery console from CD to do a proper chkdsk as the worm disabled chkdsk from working on my system drive. I then made a complete backup with ‘Easeus’ to my remounted backup drive. Had I not caught, removed and fixed the damage that this worm did. I could be sitting here now with no system drive, no backup drive, months of work and data lost, etc.... Close shave and thats with full security software, firewall etc. And a full recent system backup. Well I have a clean up-to-date, working system and a full clean, working, up-to-date backup again now. Watch the video which shows 3 malware scanners running at the same time on my fairly basic system and note that MSE, Immunet and comodo are all running as well. (video is only 4meg so is low res) http://www.youtube.com/watch?v=bAgbDuP5YNM Read the virus report and bulletin and notice how it stops you from accesing anti-malware etc. http://www.microsoft...n/MS08-067.mspx http://www.microsoft...atid=2147618577 One last thing > running these 2 anti-virus and 1 firewall programs does not use much system resources and other than a slow startup you would not really know that they are active. get all the good free security software here Have a Happy and Safe New Year. Windows XP - sp3 AMD Sempron 2600+ 1.5 gig ram 128mb video card 3G internet connection Opera 11 Link to comment Share on other sites More sharing options...
ritchie58 Posted January 3, 2011 Report Share Posted January 3, 2011 Sorry to hear you got infected with the Conficker worm. As the Microsoft link that you provided states that a security patch was indeed issued for the malware and I'm sure you had your system installed with the latest updates. So I'm a little surprised that you still got infected. Any guess on how your system became compromised? A bad download or a web site with a malicious link maybe? I have read that the Conficker worm can be spread via an infected USB external or flash drive. An insidious mode of propagation for this malware. For instance, a friend stops over and wants you to see some of the newest digital photos he took. So he hands you his flash drive that contains the jpeg photos. Unbeknown to you or him, his PC is infected and so is his flash drive. You plug in the drive and "BAM" your also infected. That's why I have autorun disabled for USB drives. So I can scan any flash drive or external HDD that gets connected to my system for malware before opening any files on the drive. Link to comment Share on other sites More sharing options...
duncan Posted January 3, 2011 Author Report Share Posted January 3, 2011 I think it came from a malicious web-site. I do get targeted by hackers coz of security related stuff, as in they want to get past my security to prove a point. Its all good, because I sorted it out before it got out of hand. Still its a wake-up call in general. Malware is like a lot of things these days, getting smarter and more sneaky. Windows XP - sp3 AMD Sempron 2600+ 1.5 gig ram 128mb video card 3G internet connection Opera 11 Link to comment Share on other sites More sharing options...
Guest Orlando Posted January 3, 2011 Report Share Posted January 3, 2011 I am grateful to you for sharing this experience. Orlando Link to comment Share on other sites More sharing options...
ritchie58 Posted January 4, 2011 Report Share Posted January 4, 2011 You hit the nail on the head Duncan. As new threats emerge it's up to the security vendors to try and circumvent malicious code, thus keeping it from proliferating and adapt to the ever changing security environment. As far as the Conficker worm is concerned, just because a malware threat is no longer in the headlines doesn't mean it has magically disappeared from the world wide web. Something you certainly can attest to. So that's a lesson for us all. "The price for security and privacy in this "wild, wild west" we call the internet is constant vigilance!" Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.