Author Topic: Conficker scanner! (Read 1399 times)

decepticon · « **on:** March 30, 2009, 08:32:14 PM »

I am sure most if not all of you have heard of the Conficker virus that is supposed to unleash holy hell in the computing world on 4/1/2009. It's the biggest internet/virus scare since Y2K. Anywhoo, supposedly there is no way to scan for the virus....until now.

From the Hack-a-day article:
http://hackaday.com/2009/03/30/containing-conficker/

Quote

With all the noise about Conficker turning your computer into liquid hot magma on April 1st, there’s actually some positive news. Researchers from the HoneyNet Project have been following the worm since infections started in late 2008. They recently discovered an easy way to identify infected systems remotely.

There is a tool available that will scan a remote system via it's IP or a range of IP's and will report whether or not the system shows signs of an infection. If you even remotely think you may have an infection, it's worth it to run this scan!

For the file and some basic instructions:
http://www.doxpara.com/?p=1291

or for just the file:
http://www.doxpara.com/scs.zip

Czar · « **Reply #1 on:** March 30, 2009, 09:07:58 PM »

Thanks for the link. I appear to be clean!

h4gg4rd · « **Reply #2 on:** March 30, 2009, 09:12:30 PM »

hmmm interesting.

thank you for the heads up sir.

sully! · « **Reply #3 on:** March 30, 2009, 09:30:37 PM »

Saw a similar thing on Slashdot earlier today...

http://it.slashdot.org/article.pl?sid=09/03/30/090224&from=rss

Wednesday has the potential to be a very bad day in the IT world, but we've been pretty thorough in our preparedness of our IT systems in preparation of ConFudgeer. I just hope our engineering department has been too.

{ShadowWX} · « **Reply #4 on:** March 31, 2009, 06:34:37 AM »

now my question is will my norton be able to find and eliminate this thing if I have it?

decepticon · « **Reply #5 on:** March 31, 2009, 07:18:31 AM »

Quote from: ShadowWX on March 31, 2009, 06:34:37 AM

now my question is will my norton be able to find and eliminate this thing if I have it?

Not sure. As of now, I heard that the av companies have no way to scan for the virus until maybe after it get's "activated" on 4/1.

decepticon · « **Reply #6 on:** March 31, 2009, 07:52:06 AM »

Oh, if anyone is interested: here is a whitepaper on the deconstruction and detection of Conficker.

http://www.honeynet.org/files/KYE-Conficker.pdf

h4gg4rd · « **Reply #7 on:** March 31, 2009, 10:24:21 AM »

I am clean! Also I am wondering if NOD32 can detect and eliminate it as well.. It should though NOD32 is leet.

decepticon · « **Reply #8 on:** March 31, 2009, 01:09:40 PM »

Quote from: h4gg4rd on March 31, 2009, 10:24:21 AM

I am clean! Also I am wondering if NOD32 can detect and eliminate it as well.. It should though NOD32 is leet.

You'll have to check NOD32's website to see if they have a definition update that can check for this.

The Shoctor · « **Reply #9 on:** March 31, 2009, 03:06:52 PM »

Go get the easy tool.

http://www.f-secure.com/v-descs/worm_w32_downadup_al.shtml

h4gg4rd · « **Reply #10 on:** March 31, 2009, 11:33:47 PM »

Half hour into April 1st...

all quiet on the eastern front. =]]

{ShadowWX} · « **Reply #11 on:** April 01, 2009, 06:50:09 AM »

through the tool you posted shado I appear to be clean.

Author Topic: Conficker scanner! (Read 1399 times)

decepticon

Conficker scanner!

Czar

Re: Conficker scanner!

h4gg4rd

Re: Conficker scanner!

sully!

Re: Conficker scanner!

{ShadowWX}

Re: Conficker scanner!

decepticon

Re: Conficker scanner!

decepticon

Re: Conficker scanner!

h4gg4rd

Re: Conficker scanner!

decepticon

Re: Conficker scanner!

The Shoctor

Re: Conficker scanner!

h4gg4rd

Re: Conficker scanner!

{ShadowWX}

Re: Conficker scanner!