Consumer tips for combatting Conficker

March 25th, 2009

Quicky Conficker infection test

To  quickly find out if your PC might be one of the millions infected by Conficker, try clicking to Microsoft.com. Next try Symantec.com. Now try McAfee.com. If you can get to these sites, you are not infected.  But if your browser will not let you access any of these websites, as shown below, then you very likely are infected with Conficker.

You can also conduct a visual version of this text by using this eye-chart tool created by SecureWorks’ Joe Stewart. Click here to get the full eye-chart.

conficker_eyechartThese tests key off the fact that Conficker blocks you from reaching any web address that includes Microsoft, Symantec, McAfee, AVG, Kaspersky, Trend Micro, F-Secure, Defender, Panda, Sophos, SecureWorks or Sunbelt in the URL. It also blocks URLs that contain 103 other names and phrases that relate to security. You can see the full list by clicking to SRI International’s report here and scrolling down to the table listed under “domain lookup prevention.”

To get a full understanding of how jammed-packed Conficker is with sophisticated self-spreading and self-preserving features see F-Secure’s comprehensive  FAQ and LastWatchdog’s timeline, which has been significantly updated since the original posting.

You definitely want to check — and disinfect — before April 1. On that date all Conficker-infected PCs will begin trying to connect to 50,000 web domains, via 110 different Top Level Domains, to receive further instructions. Two schools of thought exist about what Conficker will do next.

User-friendly scan-and-clean tools

That’s why you should make haste to check your PC and disinfect it, if you’ve got  Conficker.   You have a couple of options.

One is to use BitDefender’s free scan- and-removal tool. This is one of the few major security sites that Conficker does not block at the moment.

A similar free tool is available from Enigma Software. Enigma is obscure enough that the bad guys did not include it on the list of blocked URLs.

You should be aware that Enigma could not pass up the opportunity to attach a promotion to buy a $30 subscription directly alongside its free tool. Several readers have gotten misled into thinking that they must buy the subscription to activate the clean-up tool. Enigma CEO Alvin Estevez is unapologetic. He insists that the Conficker tool is completely free; he supplied this video showing what a free clean-up session should look like.

Another option is to click to this Microsoft malicious software removal site, which you can get to on an infected machine because the URL does not  contain “Microsoft.” You’ll find a free all-purpose malicious software scanner. However, I could not get it to work on my Firefox 3 browser, nor on my Internet Explorer 7 browser.

Microsoft says they are checking into this and suggested this last-ditch option: contact Microsoft Customer Service and Support at no charge, using the PC Safety hotline at 1-866-PCSAFETY.

Security tools from  WinPatrol and BufferZone Pro won’t detect or clean-up Conficker. But they should be effective in stopping any Conficker  executable code from running on your harddrive.

  • WinPatrol. This free tool, long popular with techies, blocks and alerts you to any malicious program that tries to install itself on your hard drive. WinPatrol Plus, designed for consumers, costs $30 for a lifetime subscription.
  • BufferZone Pro. This tool sends all Internet traffic to a virtual buffer zone, stopping any malicious program from running on your hard drive. Cost is $40 for an annual subscription, with a free one-month trial now available.

–Byron Acohido