Skip to content
View in the app

A better way to browse. Learn more.

Thailand News and Discussion Forum | ASEANNOW

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Three Million Hit By Windows Worm

Featured Replies

Three million hit by Windows worm

A worm that spreads through low security networks, memory sticks, and PCs without the latest security updates is posing a growing threat to users.

The malicious program, known as Conficker, Downadup, or Kido was first discovered in October 2008. Although Microsoft released a patch, it has gone on to infect 3.5m machines.

Anti-virus firm F-Secure says that the worm uses a complicated algorithm to generate hundreds of different domain names every day, such as mphtfrxs.net, imctaef.cc, and hcweu.org. Only one of these will actually be the site used to download the hackers' files. On the face of it, tracing this one site is almost impossible.

Microsoft says that the malware has infected computers in many different parts of the world, with machines in China, Brazil, Russia, and India having the highest number of victims.

More: http://news.bbc.co.uk/2/hi/technology/7832652.stm

-- Webmasterworld.com 2009-01-20

Estimates of upward to 8+ million computers infected in 4 days. Sleeper Virus

Exploits Microsoft MS08-067 vulnerability.

McAfee information

F-Secure information with removal instructions

Mozilla information

Up to 10 Million now infected in 4 days time

Removal Information

Be sure MS updates are current but if not be sure to install the MS08-067 Vulnerability patch from Microsoft. Located here.

If you do not have Microsoft Windows Malicious Software Removal Tool you can download it from here > Microsoft

Also Microsoft Windows Defender

Thanks for the tip guys.

Where's Reimar when u need him ?

Surely a major recent Microsoft Windows 'event' yet no 'heads-up' on this ?

OK I suggest they dock his pay.

Where's Reimar when u need him ?

There are two of us that head up the Computer forum. :o I jumped on this one quickly due to having been researching the issue for the last few days because it has hit our university pretty hard. Still cleaning up the mess at our research facility where probably half the computers have been infected. Being IT manager it is an uphill battle trying to get the staff to follow policies I've introduced and will be implementing a more "heavy handed" approach to improve the system security.

Can be very frustrating, especially when I had just sent out a memo a few days before this issue to "lock down" their computers.

If you do not have Microsoft Windows Malicious Software Removal Tool you can download it from here > Microsoft

Also Microsoft Windows Defender

Last week, I did have MS update go through and according to the windows update website download history shows that the above Tool KB890830 and a security patch KB958687 were successful installed. I see the usual entries in "add/remove programs" page, log and the $uninstall folder in windows for KB958687, but not for KB890830, so where do I check on my laptop to see if KB890830 was successfully installed.

Should I download and install it again?

tywais ----thanks--- you're a gentleman!

I followed your instructions easily enough (and I know jack about computers)

and all's well :o

but not for KB890830, so where do I check on my laptop to see if KB890830 was successfully installed.

From Microsoft:

"If you have Automatic Updates turned on, you have already been receiving new versions of this tool monthly. The tool runs in quiet mode unless it finds an infection. If you have not been notified of an infection, no malicious software has been found that needs your attention."

You can use the Run command and enter Regedit to open the registry editor. Click on Edit > Find and type in RemovalTools in the search box. You should then see an entry called RemovalTools and under it will be MRT. Or directly it is located here > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemovalTools\MRT

You will then see a key called Version Number and will have a number like this > 2B730A83-F3A6-44F5-83FF-D9F51AF84EA0. Look at the bottom of this page to see the version number and the update date and you can see if it is updating.

The program is under Windows\System32 and name is MRT.exe. Under Windows\Debug are the log files called MRT.log and MRTeng.log and they will tell you when it was last run.

Also, if you wish to run it manually just bring up the Run box and enter MRT in the box.

Thanks Tywais. The MRT log provided the information.

Edited by vagabond48

Being IT manager it is an uphill battle trying to get the staff to follow policies I've introduced and will be implementing a more "heavy handed" approach to improve the system security.

Security? :o But it not broken yet!

I have a feeling this may be the first of a new generation of worms that don't play nice anymore.

I am wondering about one thing though - where is the UAC when you need it? I am totally shocked that this feature doesn't work as advertised.... not. :o

Beeb article here: http://news.bbc.co.uk/2/hi/technology/7842013.stm

This worm is very innovative when it comes to downloading updates. Other worms before it used two or five domains which were then quickly blocked by ISPs. But not this one, this one generates thousands of different domain names at random every day, and checks them. The hackers now need to only register one of these domains to spread their malware while the ISPs would need to block all of them to prevent this. Very clever.

Edited by nikster

Great thanks!

Create an account or sign in to comment

Recently Browsing 0

  • No registered users viewing this page.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.