-=PCTechTalk=- Re: The final word on Confickr/Downadup/Kido including removal instructions

egads, lots to read.  So since I found the file in question that we should 
have, the patch, do I still need to download the update according to this 
and also download the removal tool just in case?

thanks,
christy

----- Original Message ----- 
From: "Gman" <gman.pctt@xxxxxxxxx>
To: "PCTechTalk Group <FreeLists>" <PCTechTalk@xxxxxxxxxxxxx>
Sent: Monday, March 30, 2009 3:26 PM
Subject: -=PCTechTalk=- The final word on Confickr/Downadup/Kido including 
removal instructions


> From Windows Secrets newsletter:
>
> How to update your PC and remove Conficker
>
> The following steps should prevent infection by Conficker and eliminate 
> the
> worm, if your PC has it. One positive side effect is that you'll enjoy a
> computer with up-to-date patches:
>
>  a.. Step 1. Attempt to run Microsoft Update. The Conficker worm can 
> infect
> vulnerable computers merely by connecting to them remotely via the 
> Internet.
> For this reason, you should first try to patch Windows before removing
> Conficker, lest your machine quickly become infected again. It's
> particularly important to install Microsoft patch 958644 (security 
> bulletin
> MS08-067). This patch closes a hole in Windows' Remote Procedure Call, 
> which
> Conficker exploits.
>
>  If you can't find Microsoft Update (or the more limited Windows Update) 
> on
> your PC's Start menu, visit the Microsoft Update page on the Web. Internet
> Explorer is required.
>
>  Microsoft Update might complete successfully, or you might not be able to
> access Microsoft.com at all. In either case, do Step 2.
>
>
>  b.. Step 2. Attempt to update your third-party security software. Having
> the latest antivirus signatures will help eradicate Conficker and other
> malware that may be lurking on your PC. Use your security software's menu 
> to
> manually update to the latest defenses.
>
>  Have no security software? Read the WS Security Baseline, which 
> summarizes
> the products that are currently rated the highest by respected reviewers.
>
>  • If your updated security software deems your PC to be cleaned up, but
> you couldn't previously access Microsoft.com, go back to Step 1 and run
> Microsoft Update.
>
>  • If you couldn't access your security vendor's site at all, do Step 3.
>
>  • If you finished both Steps 1 and 2 successfully, you should be able to
> skip Step 3 and do Step 4.
>
>
>  c.. Step 3 (optional). Run a standalone Conficker removal tool, if need
> be. The Conficker Working Group — a coalition of Microsoft, Cisco, SRI,
> F-Secure, Kaspersky, and many other security vendors — maintains a list of
> certified detection and repair tools, any of which should remove 
> Conficker.
> (My thanks to Susan Bradley for her help with this tip.)
>
>  Unfortunately, most the links in the Working Group's list are 
> inaccessible
> on a Conficker-infected PC. A victim can't even reach the Working Group's
> site, because it has in its URL the string conficker, which triggers the
> worm's blocking behavior.
>
>  As I mentioned earlier, security firm BitDefender has set up a new domain
> from which users can download free Conficker disinfectant utilities. This
> site, BDTools.net, is not currently blocked by the worm, to the best of my
> knowledge. The site offers three options: (a) a free online scan; (b) a
> free, downloadable Single PC Removal Tool for individual users; and (c) a
> free Network Removal Tool, an .exe file that IT admins can use to 
> disinfect
> an entire LAN.
>
>  BDTools.net: Visit BitDefender's download site.
>
>  If you can't access BDTools.net or any other security site from your PC,
> find a machine that isn't infected (such as a public-access workstation at 
> a
> library). Don't use a search engine to look for removal tools, some of 
> which
> are bogus. Instead, download a removal tool from the Working Group's
> certified list onto a USB drive, and then use that drive to run the 
> software
> on the infected PC.
>
>  • After removing Conficker, if you couldn't previously complete Steps 1
> and 2 successfully, go back now and finish those steps to update Windows 
> and
> your security software.
>
>  • Once you've completed Steps 1 and 2, do Step 4.
>
>
>  d.. Step 4. Run Secunia's Software Inspector to catch missing application
> patches. Third-party applications, especially media players, are more 
> likely
> to suffer from security holes than Windows itself is. The security firm
> Secunia.com offers a free scan, informing you when your PC is running an
> insecure version of an application that has a security patch available.
>
>  Like BDTools.net, the Secunia Software Inspector offers three options: 
> (a)
> a free online scan; (b) a free download for individual users; and (c) a 
> LAN
> utility for IT admins. Unlike BDTools' network tool, which is free,
> Secunia's LAN product costs €5,000 (U.S. $6,500) per year and up, 
> depending
> on the size of your company.
>
>  To run Software Inspector, see Secunia's vulnerability scanning page.
>
>  In my opinion, everyone should use Software Inspector at least once a
> month, right after installing Microsoft's patches the week of Patch 
> Tuesday.
>
>
>  e.. Step 5 (optional). Advanced users — use OpenDNS to restrict infected
> PCs. OpenDNS, a San Francisco–based company, provides a free, real-time
> service that prevents PCs from accessing phishing and hacker sites, among
> others. Admins of small and large LANs can use OpenDNS as a Domain Name
> System server.
>
>  The firm introduced on Feb. 9 a new, Conficker-specific feature. If an
> infected PC on a LAN somehow evaded detection, OpenDNS will prevent it 
> from
> contacting Conficker's control servers. Best of all, admins can read a
> report showing which PC tried to connect to a Conficker server.
>
>  For details, read Dan Gookin's Register article and OpenDNS's
> announcement.
>
>
> New instructions from the worm's author will probably make the bots 
> disable
> a PC's access to BDTools, Secunia, and many other sites that were not on
> Conficker's original block list. Some security researchers have speculated
> that an update to Conficker will even prevent infected PCs from installing
> MS08-067.
>
> It's best to strengthen your defenses before April 1 rather than waiting 
> to
> see what bad things might happen.
>
>
> Peace,
> Gman
> http://www.bornagainamerican.org
>
> "The only dumb questions are the ones we fail to ask"
>
> ---------------------------------------------------------------
> Please remember to trim your replies (including this sentence and 
> everything below it) and adjust the subject line as necessary.
>
> To subscribe, unsubscribe or modify your email settings:
> http://www.freelists.org/webpage/pctechtalk
>
> To access our Archives:
> http://groups.yahoo.com/group/PCTechTalk/messages/
> http://www.freelists.org/archives/pctechtalk/
>
> To contact only the PCTT Mod Squad, write to:
> pctechtalk-moderators@xxxxxxxxxxxxx
>
> To join the PCTableTalk off-topic group, send a blank email to:
> pctabletalk+subscribe@xxxxxxxxxxxxxxxx
> ---------------------------------------------------------------
>
> 


---------------------------------------------------------------
Please remember to trim your replies (including this sentence and everything 
below it) and adjust the subject line as necessary.

To subscribe, unsubscribe or modify your email settings:
http://www.freelists.org/webpage/pctechtalk

To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
http://www.freelists.org/archives/pctechtalk/

To contact only the PCTT Mod Squad, write to:
pctechtalk-moderators@xxxxxxxxxxxxx

To join the PCTableTalk off-topic group, send a blank email to:
pctabletalk+subscribe@xxxxxxxxxxxxxxxx
---------------------------------------------------------------

Other related posts: