Taurus Car Club of America : Ford Taurus Forum banner

1 - 4 of 4 Posts

328 Posts
Discussion Starter #1
Before you chastise me, yes, I know, all the damned virii that are supposed to activate on April Fool's Day........so passe.

But I'm more worried about what this one is doing to the machinery. If you aren't aware, Conficker C is a nifty little worm that is an evolution of Conficker A and B, only this one is a lot more resilient with regards to detection and removal. Yes, it is supposed to activate on April 1, but what exactly it is supposed to do, no one knows. Here's a few things it does when it gets on your system to cloak itself.......

* Inserting itself into as many as five Windows-related folders such as System, Movie Maker, Internet Explorer, and others (under a random name, of course)
* Creating access control entries and locking the file(s)
* Registers dummy services using a "one (name) from column A, one from column B, and two from column C" method

Now, once it's in there, the payload........

* Deactivates Windows Security Center notifications
* Prevents restart in Safe Mode
* Prevents Windows Defender from running at system startup
* Deletes all system restore points
* Disables various error-reporting and security services
* Terminates over twenty security-related processes
* Blocks DNS queries
* Blocks access to security and antivirus websites
* And, to top it all off, Conficker.C can choose from a list of 500 domains to contact out of a pool of 50,000 (way up from Conficker.B's 32 out of 250).

So, you are probably asking yourself how do I find out if I have this, and how do I get rid of it?

Start here:


They have a checker, and a disinfection utility.

Then, go here:


Get the patch from Microsoft to plug the hole that the worm uses to infect your machine.

1 - 4 of 4 Posts