Conficker Worm's Infected Over 9 Million PCs - Is Your Work or Home PC One of Them?

8

Comments

+ Add a Comment
avatar

Lord Omega

For me I never use the auto run feature. Instead I just go and browse the file/drive myself., but since this is the case where it can be executed, I will not. Is there any way to disable autorun in Vista?

avatar

jackhope123

The easiest way to tell if you're infected is to look at the writeups on the various antivirus vendors' information pages and see if the signs of infection are occuring on your system. For example, if you are unable to bring up antivirus websites in your browser, or if your system registry has the registry key used by some variants to speed up network propagation of the worm. Follow the links to the removal tools to get to pages with this information.

application personal statement

avatar

Marcus_Soperus

Make sure you have installed the patch available from http://support.microsoft.com/kb/953252 (KB953252), and then follow the instructions in that document to disable Vista's AutoRun.

-------------------------------------------------------------------------------------------------------------------------- 

It's amazing how illogical a business built on binary logic can be.

avatar

Marcus_Soperus

It's amazing how illogical a business built on binary logic can be.

avatar

Block_Dude

Wow that US-CERT article tells you literally how to DESTROY the autorun.inf file...never knew you could tell windows to literally ignore it. That's a very unique way to mitigate attacks.

Some people know that simply by double-clicking the icon in my computer for the drive will execute the autorun.inf program associated with it, so they right-click and select "Explore" instead - thinking that will only EXPLORE the drive. However, I did some testing and you can modify the shell context menu items and set an "Explore" value to do whatever you want LOL...see the autorun.inf code here:

[autorun]
open="hidden\trojan.exe"
action=Open folder to view files
icon=hidden\folder.ico
label=Removable Disk
shell=View
shell\View\command=hidden\trojan.exe
shell\Explore\command=hidden\trojan.exe
shell\Open\command=hidden\trojan.exe
shell\Search...\command=hidden\trojan.exe

In this situation, if you right-click the drive's icon, the first option will be "View" (it will be bold) and that executes code in "trojan.exe." The options "Explore, Open, Search..." will also do the same thing. You can't change "Autoplay" and if you change "Search...", there will be another "Search..." near the bottom of the list will in fact actually open the Search menu in windows. So the only way you could legitimately explore the drive is by selecting "Open folder to view files, using Windows Explorer" in the autoplay menu (it WON'T be the first option.)

avatar

ghot

good look, Max PC   :)

avatar

Marcus_Soperus

The easiest way to tell if you're infected is to look at the writeups on the various antivirus vendors' information pages and see if the signs of infection are occuring on your system. For example, if you are unable to bring up antivirus websites in your browser, or if your system registry has the registry key used by some variants to speed up network propagation of the worm. Follow the links to the removal tools to get to pages with this information.

------------------------------------------------------------------------------------------------------------------------------------------------- 

It's amazing how illogical a business built on binary logic can be.

avatar

hammerfell

how would i know if i'm infected? does the virus show up in antivirus scans?

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.