Consumer tips for combatting Conficker

March 25th, 2009

Quicky Conficker infection test

To  quickly find out if your PC might be one of the millions infected by Conficker, try clicking to Microsoft.com. Next try Symantec.com. Now try McAfee.com. If you can get to these sites, you are not infected.  But if your browser will not let you access any of these websites, as shown below, then you very likely are infected with Conficker.

You can also conduct a visual version of this text by using this eye-chart tool created by SecureWorks’ Joe Stewart. Click here to get the full eye-chart.

conficker_eyechartThese tests key off the fact that Conficker blocks you from reaching any web address that includes Microsoft, Symantec, McAfee, AVG, Kaspersky, Trend Micro, F-Secure, Defender, Panda, Sophos, SecureWorks or Sunbelt in the URL. It also blocks URLs that contain 103 other names and phrases that relate to security. You can see the full list by clicking to SRI International’s report here and scrolling down to the table listed under “domain lookup prevention.”

To get a full understanding of how jammed-packed Conficker is with sophisticated self-spreading and self-preserving features see F-Secure’s comprehensive  FAQ and LastWatchdog’s timeline, which has been significantly updated since the original posting.

You definitely want to check — and disinfect — before April 1. On that date all Conficker-infected PCs will begin trying to connect to 50,000 web domains, via 110 different Top Level Domains, to receive further instructions. Two schools of thought exist about what Conficker will do next.

User-friendly scan-and-clean tools

That’s why you should make haste to check your PC and disinfect it, if you’ve got  Conficker.   You have a couple of options.

One is to use BitDefender’s free scan- and-removal tool. This is one of the few major security sites that Conficker does not block at the moment.

A similar free tool is available from Enigma Software. Enigma is obscure enough that the bad guys did not include it on the list of blocked URLs.

You should be aware that Enigma could not pass up the opportunity to attach a promotion to buy a $30 subscription directly alongside its free tool. Several readers have gotten misled into thinking that they must buy the subscription to activate the clean-up tool. Enigma CEO Alvin Estevez is unapologetic. He insists that the Conficker tool is completely free; he supplied this video showing what a free clean-up session should look like.

Another option is to click to this Microsoft malicious software removal site, which you can get to on an infected machine because the URL does not  contain “Microsoft.” You’ll find a free all-purpose malicious software scanner. However, I could not get it to work on my Firefox 3 browser, nor on my Internet Explorer 7 browser.

Microsoft says they are checking into this and suggested this last-ditch option: contact Microsoft Customer Service and Support at no charge, using the PC Safety hotline at 1-866-PCSAFETY.

Security tools from  WinPatrol and BufferZone Pro won’t detect or clean-up Conficker. But they should be effective in stopping any Conficker  executable code from running on your harddrive.

  • WinPatrol. This free tool, long popular with techies, blocks and alerts you to any malicious program that tries to install itself on your hard drive. WinPatrol Plus, designed for consumers, costs $30 for a lifetime subscription.
  • BufferZone Pro. This tool sends all Internet traffic to a virtual buffer zone, stopping any malicious program from running on your hard drive. Cost is $40 for an annual subscription, with a free one-month trial now available.

–Byron Acohido

 
Sort by:   newest | oldest | most voted
ary
Guest

bdtools.net, the BitDefender’s site, is the only site that can be accessed if you are infected. on site you can also find the only removal tool dedicated to networks.

Bender
Guest

I’m sure glad the guys over at BitDefender have came up with the idea of hosting a removal tool on an accessible domain.

I’ve got all the updates up from November, but still I had some friends that already got infected and the tool helped.

David
Guest

I run a security software program called Sitehound

http://www.firetrust.com/en/products/sitehound

which itself calls Enigma a dangerous or malicious website to visit. I just tried it after reading your article.

I have used Sitehound for a couple of years, and if it says a website is no go, I just don’t go.

Don Power
Guest

By all means, prepare your computer with updates to your operating system and your antivirus programs, etc. but to be completely safe and secure online these days requires a completely new paradigm:

Assume your PC has already been compromised and fortify your PC and your online activities accordingly.

Secure your sensitive information BEFORE it even gets to your compromised PC.
It is now possible to do this with available, patented technology.

Don Power
smartswipe.ca

wpDiscuz