I read an interesting article in yesterday's USA Today (3/25/2009) about the Conficker Worm. They claim a major action/attack is due on 1 April, in just a few days.

They suggest using WinPatrol (have that), Bufferzone Pro (Trustware.com) ($40). and Enigma SpyHunter (EnigmaSoftware.com (http://www.enigmasoftware.com/))

Enigma has put out a free tool designed exclusively to hunt and destroy Conficker. This posting concerns that tool.

Has anybody here used this program from Enigma? Does anybody feel they can recommend it? Is it going to be any better than the protection programs already listed here on this site? Is there a highly recommended program for this job?

I feel just a bit uneasy using a totally unknown program. The last time I did that I totally and completely trashed my system and had to reinstall everything. I'd like a bit of reassurance that that won't happen again.

Opinions, suggestions, experiences?

Enigma has put out a free tool designed exclusively to hunt and destroy Conficker.

"Hunt and destory" would be different then I don't want to be infected in the first place...Does it mention preventative protection?

The only good preventative protection is to unplug the system from the Internet and never download again.

I would check Trend Micros' website for removal tools. They are one of the few websites that I trust.

If Enigma was that good, we would have heard about it a lot by now.

Do your windows updates, keep you AV (Avira, perhaps?) updated, run antispyware (Malwarebytes or SuperAntispyware)

"Hunt and destory" would be different then I don't want to be infected in the first place...Does it mention preventative protection?

Preventive protection is in the sidebar, two of the three programs I mentioned. They suggest WinPatrol and BufferZone Pro, and Enigma SprHunter in the event you're already infected.

I don't know that my system is infected. I believe it is not. I'm looking for a way to check on the possibility before the April 1st event.

Here's a link to the article.

USAToday Article (http://www.usatoday.com/tech/news/computersecurity/wormsviruses/2009-03-24-conficker-computer-worm_N.htm)

I'll look also at the Trend site. You're right, they probably have a removal tool. A 'known-good' site is better than a 'sounds-good' site.

The Microsoft Windows Malicious Software Removal Tool has been updated to scan for it.
http://support.microsoft.com/?kbid=890830

Combofix also seems to be able to detect and remove this sneaky lil worm.. :x

I ran Trend Micro HouseCalls last night, overnight. I set it in motion and went to bed. It ran for 5 hours and 10 minutes, scanned resources = 176802. This morning I was greeted with "Trend Micro HouseCall Error Page. HouseCall client cannot be executed due to internal errors..." It went on to tell me to contact my system admin people.

TM HouseCalls seems to be Trend's solution for Conficker search and removal. I couldn't find that they had a removal tool specifically for Conficker.

Anyone care to guess what happened? I've run HouseCalls before, successfully. I'll try it again tonight.

Does the MS Malicious Removal Tool work as well as we might hope? I'll take a look at that one too.

Thanks for the help and replies.

The Microsoft Windows Malicious Software Removal Tool has been updated to scan for it.
http://support.microsoft.com/?kbid=890830

I just ran this, and got a clean report. I would guess at this point that my system is clean.

The question now is concerning TM HouseCalls, and it's error message.

Did you run the Trend scan using Firefox or IE?

It only runs correctly on IE.

I tried numerous times to run HouseCalls under IE, and it would not work on my system. It would not complete the "install" portion. Perhaps I have a too old version of IE, since I never run it, much prefer FireFox. My IE is v6.0.

HouseCalls seems to have run okay under FireFox, though it's always hard to tell, as long as it runs to completion.

I ran the MS Malicious Software Removal Tool first, so I think that between the two of them I should be safe.

Many thanks for your help and guidance in this.

60 Minutes, the CBS Sunday night news show, just ran their lead story about Conficker. That's an indication of it's seriousness. They brought out the point that you're at risk every time you turn your computer on, every time you go online.

Their own computer system, there at CBS, was infected by Conficker. They've worked long and hard to clean it up, and think they have. But they're not absolutely sure that they really got it all. Their people admit that it may still be lurking, buried deep within their system. They're just not sure.

I saw 60 minutes too....Pretty Interesting. Think I'll do a little more scanning on the office computers..

Microsoft help with Conficker:

Microsoft Help (http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx)

MS has some suggestions, help, background, links...

All the major security program companies offer a removal tool, ex. Symantec, Kapersky, McAfee, TrendMicro, Avira, Sunbelt and so on . So keep that in mind if you really believe you are infected with Conficker. If your AV is updated and Windows is patched / updated , your fine. Its the folks with network pc's that are not patched and protected that have to worry.

http://sunbeltblog.blogspot.com/2009/03/please-world-is-not-ending-on-april-1.html

If you want an easy way to check if you are infected just open your c:\ make sure show hidden files and folders is checked.

And see if there is a folder either called
Resycled Or Resycler

don't mistake it for the normal Recycled.. ;)

This is a good argument for turning on auto update. Are there that many people that don't keep their software up to date? I don't know of anyone infected with this. So simple to prevent. :t

http://tech.slashdot.org/article.pl?sid=09/04/02/1721252&art_pos=13

The easiest test yet to see if you are infected.

http://tech.slashdot.org/article.pl?sid=09/04/02/1721252&art_pos=13

The easiest test yet to see if you are infected.

That is a very clever device. You have to wonder how something so simple can work so well against something as sophisticated as conficker.
Using OpenDNS is another simple solution which blocks conficker. You don't have to create an account to be protected, but if you are a network admin, doing so enables you to monitor your network for conficker attempts to phone home.

What's the latest on the worm? I've kept my eyes open for a week, and haven't seen one news article or anything about what the worm did (if anything) on April 1. Was that the joke by itself?

Because it was discovered early, the threat was minimized. It was no joke. MS wouldn't put up a $250k reward if it was.

http://voices.washingtonpost.com/securityfix/2009/04/confickers_april_fools_fizzled.html?wprss=security fix

glad I've always liked layers of security, so I don't worry much about something like this.:t

Regarding the error with TM's Housecalls it has been a long time since I have run it but I seem to remember that it requires an active connection to their website to be able to display the final report. If you left it running overnight that connection might not be active when the went to display the final report.

Note that this thread is over one YEAR Old;)

I noticed that. But I have found information that old on these forums to still be useful.