More here

Here is a link that might be useful: time-is-of-essence

yes it may be quite serious since they are saying that millions of computers have been infected with Conficker and do not know it. There are a lot of articles out there about it and what might happen when the new payload hits on April 1st.

They are urging people to make absolutely certain you have visited windows update and have the update patch in place to stop from getting Conficker and also one of the Malicious removal tools that MS put out in the updates is a removal tool for this infection so if you are offered the removal tools as updates do those too. It is also called Downadup by some sources.

here are some links to keep handy
Remove Downadup from infected computers
Conficker Cabal Information
that is an awesome link compiled by Sans of all of the info and removal tools thus far available for conficker.
Microsoft Security Bulletin MS08-067 Â Critical
and the link to Corrine's blog article about it.
Time is of the essence

LOL zep we are sharing a brain again! Corrine will be pleased we are reading her blog!

You're only safe as your last update, an she is always updated.....

For all the reading that anyone would ever want on this topic just Google "April Virus" (sans quotes).

DA

In the run up to April 1st, McAfee is offering a special build of its stand-alone cleaning tool christened Stinger which will be updated on a daily basis to include any undetected Conficker variants from the wild.

Please ensure that your copy of Microsoft Windows is patched and security software is fully up to date to ensure that April 1st 2009, is a day like any other day!

Nice tool easy scan

Here is a link that might be useful: stand-alone cleaning tool

House of Commons network hit by Conficker computer worm
Parliamentary computers have been infected by the Conficker worm, like an estimated 10m PCs worldwide - and experts fear next week will see problems worsen.

As everyone's been saying just make sure you updated

Here is a link that might be useful: conficker

There was something similar a few years ago when the world was more naive. It was due on a specific date. May of us simply moved our computers ahead date wise and after the date passed we corrected them. Doubt that will work this time - unless this is a huge hoax

I have a new system with McAfee, mozilla Firefox. I am not techy so do I need more protection. Your help is appreciated.
Jean

No, the big deal is to make sure you have all critical up dates installed for windows update, Make sure your anti virus McAfee is up date.

Ravens link above covers it all...

Reading and trying to digest all the info, which refers to getting "all" the Windows updates. I still haven't gotten the infamous SP3. Should I or not before doing anything else?

Sue

ALL CRITICAL UPDATES.....NOT...... "all" the Windows updates.

You do not need to install Service Pact 3..

There is only 1 up date to be concerned with really an that's in ravens link above. Microsoft ...Security Bulletin..

And stay away from Snopes April 1st page.
Something there just set off my virus program.
Trojan/something

Microsoft has put up an excellent info page on this issue.
Protect yourself from the Conficker computer worm

in case any one is looking for the MS page on stopping auto run here is the link.

How to disable the Autorun functionality in Windows

Don't see anything about Vista in the info links...what about it, will it be affected as well?

I found a list of systems not vulnerable now I lost it. Really, really lost it. I can't remember____. LOL

My desktop was list as non vulnerable, but forgot to check my Vista laptop. There were 2 Vista's listed.

lotodig,

This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated Important for all supported editions of Windows Vista and Windows Server 2008.

Do I need SBC Yahoo Online Protection for Windows + AVG + Spybot, (which are all automatically updated, I think) to be safe?

Only use 1 Anti virus program so AVG would be enough, Spybot does not offer protection less the Teatimer function is on..

ON Line Protection:

Only 1 Anti Virus running

Only 1 Fire wall running

Only 1 Spyware program running

While you're at it, disable autorun and file sharing.

I am having trouble doing what you say, when I typed 'Gpedit.msc' in Run. I get a message saying Windows cannot find it to look in search.
I have IE 7-sp2.
also looked in add/remove and have KB 967715 on the list.
I don't know where to find Autoplay/autorun or file sharing.
What do I do?

Group policy editor:

Gpedit.msc Isn't Available On XP Home.. Pro Only...

Let me see if I can get you an easy set of instructions for disabling auto runs in xp home.

there are directions for xp home on the link I provided as well as xp pro, scroll down to find the ones for xp home.

So its crystal clear in Zep's post, you can have more than one spyware application installed, but only one should be configured to be realtime if so desired. The remaining applications should be configured to run on-demand.

DA

Well followed some instructions from Zep's post.
I found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies(could not see)\Explore(was there)
right clicked in right side pane in New clicked DWORD Value.
Did not have to type in HonorAutorunSetting it was already there. In the Value data box I typed 1 Hexadecimal was already marked,clicked OK, it showed 0X00000001(1)
Did I do alright?
Gillian.

Sounds right to me will check, what I was looking for was a registry script so you would not have to go in the registry at all.

You get the script paste it in Notepad, save the script to the desktop as a (fixme.reg file) then double click the fixme.reg file that you saved to the desktop and merge it to the registry. There must be one looking around for next user....

You're comfortable in the registry that's fine too....

from the how to disable autorun link I gave these are the directions for xp HOME (pro has a different one shown)
and as always you may just want to back up the registry first. (there is a link for that too on that page)

For operating systems that do not include Gpedit.msc, follow these steps:

1. Click Start, click Run, type regedit in the Open box, and then click OK.
2. Locate and then click the following entry in the registry:
   HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutorun
3. Right-click NoDriveTypeAutoRun, and then click Modify.
4. In the Value data box, type 0xFF to disable all types of drives. Or, to selectively disable specific drives, use a different value as described in the "How to selectively disable specific Autorun features" section.
5. Click OK, and then exit Registry Editor.
6. Restart the computer.

xp home

I have the reg fixes in script if needed, for cd/dvd,

and for autorun .inf

I,m confused now do I start all over again or am I going to be ok? I have nothing to back up on (thumb drive or cds) I can get some tomorrow when I go to town, am sorry I thought I followed the right instructions.
Gillian.

"Did not have to type in HonorAutorunSetting it was already there. In the Value data box I typed 1 Hexadecimal was already marked,clicked OK, it showed 0X00000001(1)
Did I do alright? "

Like I said sounds right to me.....

This is with out doubt the best info coverage of the conficker issue I have seen, and it suggests methods to get assistance if you are in fact infected and not able to access the sites that you would normally go to for the patches and the removal tools.
Run a Conficker removal tool before April 1

If you are experiencing time outs on your browser when trying to go to security sites or the browser giving an error message that may mean you are infected, if you can not get to windows update to get the patch or the removal tool that also may indicate you are infected. That article is a must read if you have these issues. I think it is a must read period.
Anyone looking for an excellent newsletter to register for Windows Secrets is definitely one, I get the paid version and every time I get it I find so much valuable info.

Anyone that had the problem with the auto run windows update 967715 being offered multiple times please go to this link and scroll down to the area near the bottom which addresses this problem. Try their solutions and see if it will fix that for you.

Update 967715 is reoffered multiple times

Do I really need to go through all the AutoRun stuff, which is totally greek to me, or will the update mentioned in the link that is supposed to run today in many of the security programs suffice?

Here is a link that might be useful: Today's ComputerWorld article on Conflicker

Here is an interesting article which claims they have now found a way to stop the worm.

Here is a link that might be useful: conficker worm

I have XP Home and did the "regedit" procedure. However, when I right-clicked NoDriveTypeAutoRun and clicked Modify, I ran into trouble. In the Value data box I was unable to type OxFF. My pc would beep if I tried to type anything after the first character. I tried using Capital "O" as well as the zero "0". The beep sounded when I tried to type the "xFF".

What am I doing wrong??? Thanks.
abreeze

BTW I have KB967715 and KB958690 installed.

Scammers are taking advantage of the huge interest in the impending "activation" of the Conficker.
Don't be suckered into buying anything to fix, repair or prevent this.
I mean how many of you are on a network with file sharing.

I have a Gateway computer with Vista. It was purchased in Dec. of '07. The protection is from Charter and is free with high speed connection. I had refreshed a couple times after my grandson messed something up and when I had a weird box another time. I checked to see if I needed updates and I did. The four updates are installed now. There was a place that listed that I had firewall protection on but I found another that showed it off. I think a firewall that came in my computer is off because Charter's free firewall is on. There's a green button saying it is on but there's another place showing it off with the little icon from vista. The first hanging tab said that having 2 firewalls on can make them less effective so I left it as it was. Am I getting it right? Do I have good protection now that I have all of the updates? Anita

Hi Everyone,

MS XP Home

I checked my Windows Updates and there are no "Critical Updates" for me. So am I okay as far as windows goes? Do I still need to do that registry editing as suggested, if so is this a zero or letter O in the Value Data that I have to type in. "In the Value data box, type 0xFF to disable all types of drives." Thank you.

Sapphires

I checked to make sure I had all the latest updates especially with this latest go around.

I have all the updates but am a bit confused about KB958644. Yesterday when I was checking the Microsoft site, it advised me to download and install KB958644X86-Env.exe. I did so and put it on the desktop and executed like the instructions said. In checking my update the only thing I come across is KB958644 installed on the 24th of October 2008. So do I have the right update installed? I don't show the one ending inX86-E just the one in October.

From what I gather in checking my updates, I should be o.k. but that last one has me puzzled.

Thanks

secsteve,

KB958644 installed on the 24th of October 2008. that's the right up date KB958644

If you can reach Microsoft Updates, ESET, Sophos, Symantec, etc., then your computer is not infected with this worm.

in answer to the question it is a zero 0 not a letter capital O, you are putting a number value in that number is zero.

those with xp pro or other OS refer to the MS link I gave for the directions for anything other than xp home which is what I posted.

For the life of me I don't know how but I posted this on the wrong thread.

From what I am reading at noon EDT here in the USA the worm has so far been more bluster than anything else. Credit is being given to users for their awareness, and proactive approach using the established resources provided to them ahead of time. Hopefully this will continue now and in the future.

DA

I was wondering about that DA, here is a quick & easy test you can run to see if your infected see link.

And this also from McAfee http://vil.nai.com/vil/averttools.aspx

Here is a link that might be useful: Test

DA that is truly what I was hoping to hear, it means that as a group the word is being spread and more and more people are becoming aware of the need to patch windows and do their updates and install proper security programs, as helpers that is always the best news when we see people doing the right things and the bad guys not making the mark they hoped for.