A very simple test has been developed to check and see if your pc has been infected with the Conflicker worm. If you go to confickerworkinggroup.org (http://www.confickerworkinggroup.org/infection_test/cfeyechart.html (http://www NULL.confickerworkinggroup NULL.org/infection_test/cfeyechart NULL.html)), you will get a page where you should see 6 images. There is also a chart below the 6 images showing how to interpret if your infected or not.
Monthly Archives: April 2009
Conflicker – It just wont go away. (UPDATE)
Something that was brought to my attention. In my previous post, I said to install Malwarebytes and Avast Antivirus, if your infected. If you have an already installed Antivirus you will need to uninstall it prior to installing Avast as having 2 antivirus programs could cause more problems and its not recommended ever.
Conflicker – It just wont go away.
There are reports that new payloads are being downloaded to machines infected with various versions of Conflicker. The conflicker worm will connect via p2p and download files that can be very annoying (if your lucky) and could cause you to have your information compromised (if your unlucky) once they are on your machine. One of the payloads that it seems to download is for a program called spyware protect 2009.
This program will look like a legit program telling you that your machine has been infected, but in fact, it is designed to trick you into giving up personal and credit card information. This is not a real program, if a fake program that was written by someone who wanted to get information and money out of people.
The best way you can remove Spyware Protect 2009 is to download and install Malwarebytes (http://www.malwarebytes.org/mbam.php (http://www NULL.malwarebytes NULL.org/mbam NULL.php)) and Avast (http://www.avast.com/eng/avast_4_home.html (http://www NULL.avast NULL.com/eng/avast_4_home NULL.html)) AV so that the machine installs both.
If your machine is already infected you may not be able to access those sites so you may need to download them on another pc and then burn the installs to a cd. **Do NOT put the downloads on a USB flash drive or external hard drive as those devices will also get infected as soon as you plug them into the machine that is infected. The only safe way is to burn the files to a cd as files can not be saved to cd without a 3rd party program (Nero, Roxio, etc…). Once they are installed make sure you run the software update button so that they have all the latest fixes….
Once you have completed the install and updates. Shut down your pc (NOT Reboot) and then once its completely off, turn it on and immediately start pressing the F6 key on your keyboard (Yes those keys serve a purpose). You should see a screen asking you if you want to go into safe mode as well as a number of other options. 
Select safe mode and let the pc log in safe mode. In safe mode your screen will look a little funny and not all your files will appear, that is because safe mode a version that only starts just enough of the Windows operating system to turn on, but all the additional bells and whistles that everyone is used will not be operating.
Once you are in safe mode run a full scan of your entire pc using Malwarebytes and then avast. The scans will discover most of the infects and ask if you want to remove them say yes to all. Lastly an option in avast is a scan on boot up. Configure the boot up can and reboot…..
To set up Avast boot up scan:
Boot time Avast Antivirus Scanning
Avast Antivirus offers a "boot time" virus scan of your PC. This allows the antivirus engine to scan all of the files on your hard drive before any other programs load – useful in cases where you have an infection which cannot be cleaned because the "file is in use"
To schedule a boot-time scan using Avast:
- Right click on the blue a logo at the bottom right of your taskbar and then select the "Start avast! Antivirus" option from the menu which appears
- Avast will run a memory scan on your PC and you’ll see this screen while the scan completes and the control panel opens. Just let this finish
- Once Avast! loads, you’ll see this strange looking control panel – don’t worry, we don’t need to decipher any of the buttons – we just want to click using the right mouse button anywhere in the grey area.
- When you right click on the control centre, you’ll see a new menu. From this menu, select the "Schedule Boot-Time Scan…" option:
- You’ll now get a new screen, as shown below. Select the option "Scan all local disks" and tick the "Advanced Options" box. Select the options "Move infected file to Chest" and "Allow delete or move" from the two menus in the bottom half of the window, before pressing Schedule:
- Once you have presses OK, you will be given a prompt to reboot your PC. Check that you have no unsaved work open and then click "Yes". Your PC will reboot, and before Windows reloads, Avast will perform a virus scan.
The virus scan will take about 30-45 minutes on your PC, and should be completely automatic. The scan will be complete when your PC reloads Windows, and you need take no further action.
And as always – Make sure that you go to the Microsoft Updates site (http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-US (http://update NULL.microsoft NULL.com/microsoftupdate/v6/default NULL.aspx?ln=en-US)) and make sure your system has the latest updates installed.
Commentary:
For all those who are none tech, if you had a small drip in a pipe in your house would you fix it at that moment or would you let it stay dripping so that it got bigger and then burst the pipe causing a flood and a mess. Updating your windows machine is just like that pipe, update it now and its no big deal, wait and you will have a mess.
Sweepstakes: Tiger Direct – PC A Day Giveaway
Another one of those Tiger Direct Sweepstakes, this time its an Averatec All-In-One pc. The contest can be found at http://www.tigerdirect.com/applications/campaigns/campaigntemplate.asp?CampaignID=909 (http://www NULL.tigerdirect NULL.com/applications/campaigns/campaigntemplate NULL.asp?CampaignID=909)
*As always I’m just passing on the info, I am in no way associated with this contest or Tiger Direct.
Internet Explorer 8 Blocker – For those who need time before moving to IE8
Microsoft has released a download blocker for those who need to keep their systems from moving to IE8. I am using IE8 on some of my systems, however, I have discovered that it doesn’t work properly for all the software that I currently use, so there is a need for me to stay with IE7 on some of my systems. If you have software that will not work with IE8 yet, here are the steps so that you can keep your pc from Automatically updating to IE8.
Internet Explorer 8 is being pushed by Microsoft starting this week as part of Windows Updates or Microsoft Updates.
Download the IE8 Blocker Tool from http://www.microsoft.com/downloads/details.aspx?FamilyID=21687628-5806-4ba6-9e4e-8e224ec6dd8c&displaylang=en (http://www NULL.microsoft NULL.com/downloads/details NULL.aspx?FamilyID=21687628-5806-4ba6-9e4e-8e224ec6dd8c&displaylang=en)
Once you download the file you will see the following file (make sure you know what location you picked to save the file)
Step 1 – Double click the IE8BlockerToolkit.exe and the select run.
Step 2 – You will get the agreement message – select Yes to this message.
Step 3 – You will be prompted for a location to save the files that get created from the IE8toolkit.exe file. Chose a location you can find (for my example I used C:\IE8Blocker).
Step 4 – You will be prompted that folder does not exist if it is a new folder. Select yes to this message.
Step 5 – select start – run – and in the run box that opens type CMD and hit enter
Step 6 – In the DOS window you should have C:\> if you get anything else type cd \ (there is a space between the cd and the \) and hit enter to get C:\>
Step 7 – Type the following. C:\IE80Blocker /B. If it typed in correctly you will see a message “The operation completed successfully. ** (that is IE eight zero)
**C:\IE8Blocker /B is based on the fact that I saved the files in step 3 to c:\IE8Blocker. If you choose to save your files in step 3 to another location you will need to type that location followed by a space and then /B (Capitol B).
UPDATE: Troubleshoot: pcAnywhere 12.0 / 12.1
I did receive a couple of notices that the early post about pcAnywhere did not work. There is a step that I did not mention in my original post (Sorry!). Prior to doing what I noted in the 1st pcAnywhere post of the short cut to SessionController.exe and then the original pcanywhere shortcut, you need to check in your task manager (To get to task manager either on the start menu bar at the bottom right click in an empty space and then select task manager and left click or press cntr-alt-del on your keyboard and when you get your choices select task manager). When you get to the task manager (which tells you what is running on your machine)
Look for something that says Winaw32.exe. Once you see that (and you will if my other post didn’t work for you), highlight it and select end process. This will stop the service. Once you stop the service then try the post again.
I hope this helps. Let me know if it does.