Forgot your password?
typodupeerror
Worms Security Operating Systems Software Windows IT

Romanians Find Cure For Conficker 145

Posted by timothy
from the cheer-goes-up dept.
mask.of.sanity writes "BitDefender has released what it claims is the first vaccination tool to remove the notorious Conficker virus that infected some 9 million Windows machines in about three months. The worm, also known as Downadup, exploits a bug in the Windows Server service used by Windows 2000, XP, Vista, Server 2003 and Server 2008. It spreads primarily through a buffer overflow vulnerability in Windows Server Service where it disables the operating system update service, security center, including Windows Defender, and error reporting. The Romanian security vendor said its removal tool will delete all versions of Downadup and will not be detected by the virus."
This discussion has been archived. No new comments can be posted.

Romanians Find Cure For Conficker

Comments Filter:
  • by idiotwithastick (1036612) on Friday March 13, 2009 @02:13AM (#27177811)
    TFA even says that the worm can update itself, so how does BitDefender plan to distribute the worm if the worm can be updated to shut down everything that may harm it?
    • by wizardforce (1005805) on Friday March 13, 2009 @02:49AM (#27177949) Journal

      they are not "distributing a worm", it's a tool for disinfection and I suspect that they'll need to take a page out of biology's book on dealing with dangerous microbes and evolve along with the worm. In other words, constantly update their tool as the worm adapts. So it's likely going to be quite dynamic.

    • by NeverVotedBush (1041088) on Friday March 13, 2009 @07:46AM (#27179119)
      I'm more curious why Microsoft itself can't do something like this and why a third-party company, presumably without benefit of Microsoft's source code, is able to diagnose the problem, remove the infection, and "fix" Windows.

      Instead, Microsoft is laying off workers. Perhaps they should concentrate on fixing these issues even faster -- which would probably be better for their public perception of being a virus haven -- instead of cutting staff to appease stockholder's lust for profits.

      In the long run, producing a quality OS and fixing these kinds of vulnerabilities promptly would do far more good for their bottom line.
      • Re: (Score:3, Insightful)

        by Anonymous Coward

        Microsoft does. They release a utility about once a month that targets and removes malware from a system. It is distributed automatically via Windows Updates but can also be downloaded and run manually. Of course since worms like this often disable Windows Update the automatic clean up vector is closed.

        Vulnerabilities exist in every system. If by "quality" you mean that it has no vulnerabilities then you are limited to running software that has only about 10 lines of code produced by the upper level stu

        • by dunng808 (448849)

          Currently the parent is modded +4 Insightful. What is going on here? Wishful thinking hardly qualifies as insightful. Or even informative. Foward-looking wishful thinking -- like ideas on how to improve something -- can be considered "interesting," but this is intended as an explanation. It is backwards facing pablum.

          It's not like Microsoft sits there and ignores these issues when they are reported.

          Cough. Gasp. Get me some water, I'm choking. (Simutaneously the person next to be is laughing so hard their face is turning blue.)

          That line about worms disabling automatic updates, so matter-of

          • Many organizations do not enable automatic updates because often they do not work with other necessicary software. If an update stops work for a couple of days that sort of shoots down productivity for that organization. Usually in these sort of organizations the system administrators test updates in sand boxes, a mini network that isn't connected to the rest of the network, to see if they will interfere with network or computer functions. AG
        • by ps2os2 (1216366)

          Yea RIGHT....... when has MS EVER thoroughly tested *ANYTHING* ???

          They end up fixing bugs and forgetting to pick up the fixes for the last bug. I know large corporations (LIKE MS, IBM and others) have issues with items like this but at least IBM almost never (1 in 10,000 roughly) drops a previous fix. If IBM can do a good job why can't MS?

      • by houghi (78078)

        Companies think short term.
        On the one hand you have others that solve your problems without your need to invest anything. On the other hand you can lay of people that saves you money. Sounds like a scale with on one side lead and helium on the other side.

    • Re: (Score:1, Insightful)

      by Anonymous Coward

      I checked and the bd_rem_tool isn't available on ubuntu.com, particularly that page. Perhaps you are mistaken or fucking stupid?

    • by thatskinnyguy (1129515) on Friday March 13, 2009 @03:45AM (#27178159)
      I used that same tool on another virus. Haven't had an issue since!
      • Re: (Score:3, Interesting)

        by Jurily (900488)

        I used that same tool on another virus. Haven't had an issue since!

        Me too. I can't find drive C: ever since.

      • by Computershack (1143409) on Friday March 13, 2009 @05:56AM (#27178631)

        I used that same tool on another virus. Haven't had an issue since!

        I found that non of my games would work and my wifi is now broken too.

        • by Cowmonaut (989226) on Friday March 13, 2009 @08:44AM (#27179417)
          Sad but true. The pain that is WiFi on Linux is a bigger hurdle than the games IMO. I'd take Linux on my laptop if I could do so without extensive work to get the WiFi working. And the laptops with Linux that the WiFi works on don't meet my needs.
          • Re: (Score:3, Interesting)

            by Culture20 (968837)
            I have a broadcom card in my laptop. Since 8.04 LTS, I haven't even had to touch the command line to set up the wifi (I obviously do for other reasons). After logging in, it popped up an icon for restricted drivers (poor name, that. I thought it was drivers I _shouldn't_ install). Clicked my graphics card and wifi card. Done.
            • I second that. Broadcom cards work perfectly with Ubuntu.

              I'm curious as to why you had to use the command line for other reasons. Other than software development and SSHing to other machines, I've not had to use the command line in a long time.

          • What exactly doesn't work? The two (three?) most-common brands (Intel, Broadcom, Maxwell) have open-source drivers (with a firmware blob in the case of broadcom)

            Is it an external card, by USB or something?

            • Re: (Score:3, Insightful)

              by Colonel Korn (1258968)

              What exactly doesn't work? The two (three?) most-common brands (Intel, Broadcom, Maxwell) have open-source drivers (with a firmware blob in the case of broadcom)

              Is it an external card, by USB or something?

              My very common internal Broadcom card didn't work in 8.04 a couple months ago until I spent an evening on the internet finding and trying a few different sets of command line fixes. The problem was that most of them that were in Ubuntu help pages included a typo (or more than one) somewhere that didn't let me just copy/paste each line. I did manage to get it to work, but a few days later I stopped using Ubuntu because my laptop was too sluggish with it.

          • Just a note, when Dell first brought out Ubuntu laptops a few years ago, I bought one. With the exception of an update bug when it first came out that near bricked it (but which was easily fixed), I've had hardly any problems with it. The biggest issue I have with linux on my laptop is that, unlike my desktop machine (which runs XP Pro 64bit) I can't just go to, say, the openoffice website, download an installer, double click it, click next a few times, and have some new software to play with. The lack of a

            • by cp.tar (871488)

              You can also add the repository with OO.o 3 and install that, too.

            • by Patch86 (1465427)

              Can you not?

              Whats stopping you going to http://download.openoffice.org/other.html [openoffice.org] and clicking "download"? I really am actually asking, by the by- I can't remember how easy or difficult it was when I installed OO.o 3.0 on my Ubuntu machine last.

              • OOo 3.0 does require a bit of tweaking to upgrade in 8.10, but there are lots of hints on the user forums, including several step-by-step tutorials, very clearly written. You can't be afraid of opening a terminal session, if you want it to work right, though.

                I haven't done this in over a month, and I'm pretty sure that Synaptic should be able to take care of this by now pretty easily. Or, you could just wait another month or so and download Jaunty, which should have OOo 3.0 included as a standard package

                • Oh sure, I did some searching, saw some tutorials, but my point is that it isn't ready for grandma until you've moved past these issues and she can go download software for "linux" and have it just work (at least most of the time), at least as well as it does for windows.

                  • But if "Grandma" is going to be running Linux, I suppose she can probably get along quite well with OpenOffice 2.4, that comes already set up for her out of the box in Ubuntu 8.04 and 8.10. Point is kind of moot there.

                    And point of whole thread is finding a way to avoid Windows worms, and easiest path to success in this is switching to Linux. Problem solved.

                    • But if "Grandma" is going to be running Linux, I suppose she can probably get along quite well with OpenOffice 2.4, that comes already set up for her out of the box in Ubuntu 8.04 and 8.10. Point is kind of moot there.

                      The point is only moot if you missed it. The point wasn't open office, open office was an example to illustrate a point: you can't download software and install it as easily on linux as you can on windows.

                    • The other point (going back to the original topic of TFA) is that is that you can't download and install the Conficker Worm as easily on linux as you can on windows. :-)

          • Strange. I've not had any issues getting WiFi to work on my Linux boxes. I dual-boot one between XP and XUbuntu, and it worked great first time out. I have another system booting between Vista/Win7/Intrepid_8.10 and it works just dandy, too under all 3 OS environments. Never had a problem myself, though I have seen many posts in the forums where people complain about WiFi support under different distros of *nux.

    • Dang! I thought that would take me to Paul Allen's personal web page!

      What's this ubuntu thingy?
    • www.ubuntu.com/getubuntu/download

      This gets old.

      It is worth nothing more than a gratuitous +5 mod-up on Slashdot and a 0.83% share of the client desktop for Linux.

      Time to dig deeper I think.

      Cornflicker was dealt with in the January release of the Microsoft Windows Malicious Software Removal Tool [microsoft.com]

      Deployment of the Microsoft Windows Malicious Software Removal Tool in an enterprise environment [microsoft.com]

  • [...]some 9 million Windows machines [...]. The worm [...] exploits a bug in the Windows Server service...

    Without elaborating what Windows Server service that might be... Are there really that many vulnerable, not firewalled Windows servers connected to the Internet? Or is this a Server function that has no business on a Desktop that is getting infected?

    In the first case blame the administrators (for not knowing how to properly protect a Windows server), in the second case blame Microsoft (for running servers on a desktop that should not be there in the first place). I would expect the second case as that I re

    • by A Friendly Troll (1017492) on Friday March 13, 2009 @02:52AM (#27177965)

      In the first case blame the administrators (for not knowing how to properly protect a Windows server), in the second case blame Microsoft (for running servers on a desktop that should not be there in the first place). I would expect the second case as that I recall we have seen before, a virus exploiting a bug in a server function that can not even be stopped on a desktop.

      Description of the Server service:

      Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

      Dependant services: Computer Browser ("Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained.")

      I think it starts automatically.

      It can probably be disabled, but who knows...

      • by wvmarle (1070040)

        OK thanks for the info.

        Sounds like that having the Server service listen to localhost/loopback (assuming there is such a thing in Windows) only would close the infection vector... it should definitely not be listening to incoming connections from other computers without being explicitly instructed to do so. So we can shove this on Microsoft's poor design.

        And after the recent discussion here on /. about User Access Control in XP/Vista/Win7 it again makes me wonder whether Windows as it is can be fixed at a

        • Re: (Score:2, Informative)

          by Anonymous Coward

          You don't need the Server service. Or at least, I haven't needed it in the last 6 months or so. I even run IIS on my Windows box for ASP.NET development. Seems like something called 'Server' would be needed for that, right? Nope.

          I would certainly disable it on all desktops. In fact, Google 'unnecessary windows services' for a list of other services that seem to serve no practical purpose.

          • Re: (Score:1, Informative)

            by Anonymous Coward

            Regarding "stalling" CONFICKER specifically:

            ( From http://www.xtremepccentral.com/forums/showthread.php?s=265edfd9cff2fd6ef1993571b23d1598&t=28430&page=3 [xtremepccentral.com] )

            ----

            "A.) STALL SERVER SERVICE (if you don't need a LAN/WAN to connect to & all you do is hit the internet on a single standalone machine)...

            AND

            B.) It recommends you stall out indiscriminate usage of javascript also!

            Between those 2 measures (&, possibly ALSO, a HOSTS file that stops access to this CONFICKER worm's control servers -> http [opendns.com]

          • which is an additional service that increases the latencies greatly in Xp pro and vista and up. ie, it can bring down a 400 ms world of warcraft connection to 120 ms ping in average case.

            • Out of curiosity, what software installed that service on your computer? I don't have it on my XP, nor at a Win2k3 workstation I'm using at work...

              • by unity100 (970058)

                Xp Pro. MQS is installed not by default - you have to install it from windows xp pro cd.

          • by PReDiToR (687141)
            I think you're pushing people towards this [blackviper.com] site, or another like it.

            I found BV's list years ago and it helped me turn off a lot of services that I didn't need. I was under the impression that my copy of WindowsXP was faster and more stable than other peoples'.
            At least, it got to 7 years old without needing to be reformatted and reinstalled. Pretty good for Windows if you ask me.

            I stopped using Windows a couple of years ago so it doesn't matter to me now, but for all those people that haven't gone Linux
      • Sounds like this permits sharing of those items over SMB?

        So, if you're not "sharing" anything on that server, then you can turn this off, yes?

        Also, I wonder if this service's interaction w/ the SMB Browsers would cause any adverse affects WRT browsing "Network Neighborhood" from a machine with this service disabled.

      • Been disabled on my company laptop for three years running. I've only seen two things affected by disabling the server service - 1) I can't connect to my machine from another for file tranfer (works the other way around) and 2) Network administration cannont take control of my machine or access my hard drive ....sad
    • by Opportunist (166417) on Friday March 13, 2009 @03:46AM (#27178167)

      This "server" service has nothing to do with what you might expect from a "server", i.e. being a big machine that hosts a lot of stuff like mail or webpages. This "server" service is an integral portion of Windows' ability to share files through the local network and access network printers. Also, some other services (IIRC the whole bunch that deals with networking, from WiFi to telephony) depends on it.

      In other words, the term "server" is maybe a bit preposterous. It's just the thingie that enables networking on Windows machines.

      So, IMO, it's neither. It's neither a "real" server crappily configured by admins that should get their hands tied and pushed into administration where they can't do no harm, nor is it MS's fault for putting something that only a server OS should have on a desktop. It's simply the network thingamajig gone bad.

      • by smoker2 (750216)
        As in Linux, you have servers whose job it is to provide services. This can be internally or externally. X server, mail server, print server etc.
      • It handles RPC requests. That makes it a server.

        Nothing in a desktop/workstation needs to be listening on a real network interface for RPC requests. Having it do that, especially on a network interface connected to the Internet, is a really bad idea.

    • by s13g3 (110658) on Friday March 13, 2009 @04:51AM (#27178367) Journal

      You seem to be working under the assumption that most servers have real admins.

      Fact of the matter is, outside the very largest of companies, a very large majority of internet connected servers are run by small to medium size business who do not have a full-time IT department and/or often cannot either afford all the necessary equipment and software and man-hours necessary to secure against these threats, esp. since good security often winds up annoying a high-level manager who insists that they should be able to log in to the network and all their apps without a password and insists they have passwords to every computer in the building and that they can use myspace messenger and browse the web from the DNS server if they want to (which they will).

      Also, many many many web servers are hosted with hosting companies like the one I work for where less than 5% of the 10,000+ physical servers have anything like a knowledgeable admin and are instead run by idiots in India who use cracked VoipSwitch software (which is itself virus infected, but they keep using it anyway even though the virus causes them to have to re-install every week or two). Or you get people who want to run their own website but simply don't have the skills to maintain it properly, but are convinced they don't need a real admin either... or a firewall... or anti-virus.

      Oh, and the desktop has nothing to do with anything - these services would exists and be just as exploitable regardless of a GUI, as it's not the GUI that is being exploited - it's the poorly coded system services and libraries that aren't subject to any kind of external or peer review that are written by people who usually don't even know exactly what they are coding, leaving plenty of room for exploits to bad code crop up.

      Funny, now that I think about it, MS treats the coding of it's OS similar to a terrorist operation, small groups of people working on compartmentalized tasks, never knowing who is doing exactly what or what the desired end-product actually is. This may be a great idea if you're a terrorist organization trying to get away with something and trying to prevent a loss of the whole project due to the capture of one or more cells, but this is not a good way to write software - I think the past 10+ years of shoddy performance and infection/exploit history of MS products should be a clear enough sign of the problem, but the MS execs are obviously too blind or ignorant to figure this out for themselves.

      • by wvmarle (1070040) on Friday March 13, 2009 @05:13AM (#27178449)

        Funny, now that I think about it, MS treats the coding of it's OS similar to a terrorist operation, small groups of people working on compartmentalized tasks, never knowing who is doing exactly what or what the desired end-product actually is.

        Funny, now I think of it, this is EXACTLY how the whole Linux development goes on. You have a bunch doing the kernel, doing X, doing Gnome, doing Gimp, doing OOo, etc. All doing little parts of what is going to be the operating system, without having a clue of what the end product even could be. They just make sure that their little piece works fine. And for the software to communicate with each other they use some standard protocols.

        Microsoft has at least some top management that will define the final look and feel (at least I assume so, any reasonable OS company would do so). So the little parts do not need to know the total, they just need to know what THEY have to do.

        For example the printer server (like CUPS). They have to make sure they can address all kinds of printers on all kinds of ports, and then produce some interface for other software to talk to the printer server. The printer server people don't need to know the total picture. They just have to make sure their printer server works, and that they can answer requests according to specifications.

        It seems the problem of Windows development may be that they do NOT work like that. That they want to keep it as a whole, finding interfaces to talk to all different programs in different ways, instead of standardising and creating independent components. Like Linux where you can add the components you need, and depending on the components you have a business work station (include word processor, image viewer, e-mail software), a multimedia station (install Gimp, some video editor, video and music players), or a server (do not install any GUI, instead Postfix, Apache and the rest).

        The reason all these little programs can talk to each other is that they use certain standards. All open standards, official or not, some may have developed their own standard. But they use standard file formats, standard interfaces (named pipe, sockets, network) that other software also uses, and thus they can be patched together and generally work fine with each other. And then the distro producers (Mandriva, Ubuntu, Debian) test and make sure all works as expected, and optionally add bits of glue or eye candy to the whole.

        Microsoft could be well off by starting to work like that. Kernel and GUI separate. Split off IE and Media Player. Set some goals for the new version, plan for each part what functionality it has to provide and how it is going to provide this to the outside world (e.g. API), and when the parts are done, glue them together. It may just work.

      • by scubamage (727538)
        QFT Parent. My current company is small, and I've been literally begging them for months to...
        • a) Put AV on all machines that leave our premise (because most of them connect back in, trusting it to the customer isn't good enough).
        • b) Let me install an IDS/IPS, (but have been told that the benefits don't outweigh the 10K it'll cost for 3 GigE taps, and a server that can deal with that much data without croaking).
        • c) Get on a one month delay before installing windows updates on all servers/workstations. Time f
      • by budword (680846)

        I thought "Snow Crash" was fiction ?

      • Especially when you see so many .net remakes of the same function over and over again, from one
        namespace to another, exactly doing the same thing, but with a different function name.

    • Re: (Score:2, Informative)

      by jonnyt886 (1252670)

      Without elaborating what Windows Server service that might be... Are there really that many vulnerable, not firewalled Windows servers connected to the Internet? Or is this a Server function that has no business on a Desktop that is getting infected?

      The Server service provides file/print sharing in Windows. Technically that means it should only run on servers, but think of the number of Windows boxes (e.g. on home networks) where people use file sharing between machines. You can stop it, though.

      If you de-select 'File and Print sharing' in the Windows firewall exceptions page, you block access to the Server service. (If memory serves correctly, Windows XP SP2 and Windows Server 2003 SP1 block file/print sharing by default.)

  • by juventasone (517959) on Friday March 13, 2009 @02:49AM (#27177951)
    Until the next variant which is likely due out in the next 24 hours.
  • so what? (Score:4, Interesting)

    by dblackshell (1450807) on Friday March 13, 2009 @02:51AM (#27177959) Homepage
    ESETs ThreatSense technology (heuristically) recognizes all the variants... F-Secure did a conflicker removal tool in 27th of February...

    And above all that I'm skeptic about the "delete all versions" phrase, because BidDefender as a (bloated) AV that it is, is pretty much signature based, and has very weak heuristic detection...
  • by advocate_one (662832) on Friday March 13, 2009 @02:54AM (#27177981)
    yesterday I was forced to dust off and nuke a Vista laptop from orbit... (afer using Knoppix to rescue the data first)

    We need a removal tool that can be run from a safe Linux environment (ie boot using a live disk etc., then run the tool from a USB drive)... not running it from inside windows where the Conficker is already running

    • Re: (Score:1, Informative)

      by Anonymous Coward

      Then use a live Windows CD such as BartPE or other preinstallation environment, together with the USB drive, and nuke the malware from there.

    • by sami_potirca (464900) on Friday March 13, 2009 @04:59AM (#27178409)

      We need a removal tool that can be run from a safe Linux environment (ie boot using a live disk etc. ...)

      Well, the guys at bitdefender do have a rescue cd [bitdefender.com] that can be used to disinfect a windows machine.

    • by Magada (741361)

      not running it from inside windows where the Conficker is already running

      Why not? It seems to work allright.

  • It's good to see something involving Romania and security that's positive for a [ic3.gov] change [www.ziua.ro]. Wait, do we know where the authors of Conficker came from? Hmmmm...

  • Romania (Score:5, Funny)

    by psergiu (67614) on Friday March 13, 2009 @03:11AM (#27178039)
    In case you don't know where Romania is, here's a link:
    http://www.youtube.com/watch?v=itidLk5Dd3k [youtube.com]

    Please tag story as romaniaftw
  • Romulans. (Score:4, Funny)

    by Twide (1142927) on Friday March 13, 2009 @03:23AM (#27178077)
    Well, usually the Romulans keep to themselves instead of sharing all this information, for all we know, it could be them that started it!

    Something must be up in the Star Empire.

    *Appends To Trek Journal*
    • Hey Romulans are like the Cardassians, lie while telling the truth, then no one can accuse you of lying :-)
    • by SeaFox (739806)

      Sadly, I also read it as "Romulans". But I just finished watching a random Star Trek TNG clip on YouTube, so I have an excuse.

  • "Vaccination" (Score:1, Informative)

    by Anonymous Coward

    Vaccination tool to remove...

    I do not think it means what you think it means.

  • on bdtools.net there seems to be a link to a sister site that can perform a quick check on your system. However I'd suggest using the IP address (http://91.199.104.31/)instead of the link since it points to bd.com which will most likely be filtered the virus
  • So confusing! (Score:1, Insightful)

    by Anonymous Coward

    How exactly do you prevent this worm?

    Disable autoplay? Autoplay is a feature though.
    Disable network sharing? How annoying.
    The KB958644 patch? Does that protect you, or does it simply prevent one method of catching it?

    A cold is a cold, and although preventing it from entering your computer is an idea, the goal should be making the computer immune to whatever the vulnerability is.

    I should have a say on what programs (what a computer virus is) are allowed to run.

    What's worse is Microsoft's apparent unwillingne

    • You prevent the worm by keeping your system properly updated. Microsoft released a fix way back in October 2008 (See MS08-067, or KB958644 from the MS Knowledgebase). Anyone who ran Windows Update even once since Halloween of last year should be safe from this worm. I had to spend two days updating my network of 700+ workstations to safeguard my employer's computer assets and keep my job, but that's what I am paid to do. Of course, I didn't have to lift a finger to protect my Macintosh or Linux clients.

  • "It spreads primarily through a buffer overflow vulnerability in Windows Server Service where it disables the operating system update service, security center, including Windows Defender, and error reporting."

    I disabled all that shit, myself, intentionally. I'm serious.

    After I realized that one of the recent "hotfixes" from Microsoft installed a spyware "plugin" in Firefox, off that shit went. For good.

    • I usually disable all those services too, if your at home and only run one computer, you don't need all the network stuff running, making sure all the ntfs files on all computers within the network are indexed, etc....

      We should have a full out optimization tool from M$ that goes through each service and asks the obvious question (as in Linux install of mandrake or red hat etc...)

      This service enables you to run an ftp server, do you want to allow this...
      This service allows you to share files within a network

      • Kind of surprised I got modded "Troll" for that post. Was it the post title?

        I was QUITE serious. I use good AV/Firewall software, and the most serious threat to my Windows machine is Microsoft itself, it seems. In order to get anything GOOD from them, in the form of "hotfixes", I have to let them fuck around in my machine. I actually found proof of them fucking around, and the only way to make sure they wouldn't do it again was to sever all ties with their servers.

        An explanation and fix, for those of you th

  • Is the correct term "cure" for removing a software virus?
    The first 10 seconds after reading this I was trying to figure out "what's the conficker virus, who is it killing?" etc.

    I would've thought fix / solution / tool / patch / antivirus routine would be better than 'cure'

    I could be wrong though, I've been using PC's for 18years now and despite plenty of piracy I've never had a virus, so I've never had to cure one.

  • But it was also the Romanians that managed to get the mainframe of their jail system infected with Downandup and the whole database was wiped out. At least that's how the media here reoprted it. "Luckily" there was a back-up plan. A very "old-school" back-up plan.

    That's right. The back-up was on dead trees. So now they have put all that data in by hand.

    Talk about a bipolar country.
  • inb4 Conficker evolves to evade and/or destroy this tool.

    Seriously, there was already a fix pushed out for this. Conficker grew to overcome it, which is why the problem still exists today. There is no way this project is going to be this simple. These Romanians are in for a fight if they truly want to cure the Conficker epidemic.

  • ComboFix anyone? (Score:2, Informative)

    by BenFenner (981342)
    So apparently no one has heard of ComboFix?

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix [bleepingcomputer.com]
  • Hello,

    Here is a list of Conficker removal programs:

    BitDefender - http://www.bdtools.net/#
    Enigma Software - http://www.enigmasoftware.com/conficker_removal_tool_more_info.php
    ESET - http://www.eset.eu/encyclopaedia/conficker_anet_worm_kido_t_downadup_conficker_worm?lng=en
    F-Secure - http://www.f-secure.com/v-descs/worm_w32_downadup_al.shtml
    Kaspersky - http://support.kaspersky.com/wks6mp3/error?qid=208279973
    McAfee - http://vil.nai.com/vil/stinger/default.aspx
    Microsoft - http://support.microsoft.
  • "The Romanian security vendor said its removal tool will delete all versions of Downadup and will not be detected by the virus." .. Uhm well it got detected by /dot.

HELP!!!! I'm being held prisoner in /usr/games/lib!

Working...