Conficker Search and Removal

**4breezes** · 03-26-2009, 12:15 PM

I read an interesting article in yesterday's USA Today (3/25/2009) about the Conficker Worm. They claim a major action/attack is due on 1 April, in just a few days.

They suggest using WinPatrol (have that), Bufferzone Pro (Trustware.com) ($40). and Enigma SpyHunter (EnigmaSoftware.com)

Enigma has put out a free tool designed exclusively to hunt and destroy Conficker. This posting concerns that tool.

Has anybody here used this program from Enigma? Does anybody feel they can recommend it? Is it going to be any better than the protection programs already listed here on this site? Is there a highly recommended program for this job?

I feel just a bit uneasy using a totally unknown program. The last time I did that I totally and completely trashed my system and had to reinstall everything. I'd like a bit of reassurance that that won't happen again.

Opinions, suggestions, experiences?

***Steve R Jones*** · 03-26-2009, 12:57 PM

Enigma has put out a free tool designed exclusively to hunt and destroy Conficker.

"Hunt and destory" would be different then I don't want to be infected in the first place...Does it mention preventative protection?

**Sterling_Aug** · 03-26-2009, 02:49 PM

The only good preventative protection is to unplug the system from the Internet and never download again.

I would check Trend Micros' website for removal tools. They are one of the few websites that I trust.

***Midknyte*** · 03-26-2009, 03:27 PM

If Enigma was that good, we would have heard about it a lot by now.

Do your windows updates, keep you AV (Avira, perhaps?) updated, run antispyware (Malwarebytes or SuperAntispyware)

**4breezes** · 03-26-2009, 03:30 PM

Originally Posted by Steve R Jones

"Hunt and destory" would be different then I don't want to be infected in the first place...Does it mention preventative protection?

Preventive protection is in the sidebar, two of the three programs I mentioned. They suggest WinPatrol and BufferZone Pro, and Enigma SprHunter in the event you're already infected.

I don't know that my system is infected. I believe it is not. I'm looking for a way to check on the possibility before the April 1st event.

Here's a link to the article.

USAToday Article

I'll look also at the Trend site. You're right, they probably have a removal tool. A 'known-good' site is better than a 'sounds-good' site.

***Steve R Jones*** · 03-27-2009, 06:44 AM

The Microsoft Windows Malicious Software Removal Tool has been updated to scan for it.
http://support.microsoft.com/?kbid=890830

**t34b4g5** · 03-27-2009, 07:10 AM

Combofix also seems to be able to detect and remove this sneaky lil worm..

**4breezes** · 03-27-2009, 11:16 AM

I ran Trend Micro HouseCalls last night, overnight. I set it in motion and went to bed. It ran for 5 hours and 10 minutes, scanned resources = 176802. This morning I was greeted with "Trend Micro HouseCall Error Page. HouseCall client cannot be executed due to internal errors..." It went on to tell me to contact my system admin people.

TM HouseCalls seems to be Trend's solution for Conficker search and removal. I couldn't find that they had a removal tool specifically for Conficker.

Anyone care to guess what happened? I've run HouseCalls before, successfully. I'll try it again tonight.

Does the MS Malicious Removal Tool work as well as we might hope? I'll take a look at that one too.

Thanks for the help and replies.

**4breezes** · 03-27-2009, 02:07 PM

Originally Posted by Steve R Jones

The Microsoft Windows Malicious Software Removal Tool has been updated to scan for it.
http://support.microsoft.com/?kbid=890830

I just ran this, and got a clean report. I would guess at this point that my system is clean.

The question now is concerning TM HouseCalls, and it's error message.

**Sterling_Aug** · 03-27-2009, 03:06 PM

Did you run the Trend scan using Firefox or IE?

It only runs correctly on IE.

**4breezes** · 03-29-2009, 01:48 PM

I tried numerous times to run HouseCalls under IE, and it would not work on my system. It would not complete the "install" portion. Perhaps I have a too old version of IE, since I never run it, much prefer FireFox. My IE is v6.0.

HouseCalls seems to have run okay under FireFox, though it's always hard to tell, as long as it runs to completion.

I ran the MS Malicious Software Removal Tool first, so I think that between the two of them I should be safe.

Many thanks for your help and guidance in this.

**4breezes** · 03-30-2009, 12:09 AM

60 Minutes, the CBS Sunday night news show, just ran their lead story about Conficker. That's an indication of it's seriousness. They brought out the point that you're at risk every time you turn your computer on, every time you go online.

Their own computer system, there at CBS, was infected by Conficker. They've worked long and hard to clean it up, and think they have. But they're not absolutely sure that they really got it all. Their people admit that it may still be lurking, buried deep within their system. They're just not sure.

***Steve R Jones*** · 03-30-2009, 06:44 AM

I saw 60 minutes too....Pretty Interesting. Think I'll do a little more scanning on the office computers..

**4breezes** · 03-31-2009, 05:16 PM

Microsoft help with Conficker:

Microsoft Help

MS has some suggestions, help, background, links...

**Rocketmech** · 04-01-2009, 10:42 PM

All the major security program companies offer a removal tool, ex. Symantec, Kapersky, McAfee, TrendMicro, Avira, Sunbelt and so on . So keep that in mind if you really believe you are infected with Conficker. If your AV is updated and Windows is patched / updated , your fine. Its the folks with network pc's that are not patched and protected that have to worry.

http://sunbeltblog.blogspot.com/2009...n-april-1.html

Thread: Conficker Search and Removal

Thread Tools

Search Thread

Display

Conficker Search and Removal

Posting Permissions