Last-minute Conficker survival guide

Tue Mar 31, 2009 1:42PM EDT

See Comments (3065)

Tomorrow -- April 1 -- is D-Day for Conficker, as whatever nasty payload it's packing is currently set to activate. What happens come midnight is a mystery: Will it turn the millions of infected computers into spam-sending zombie robots? Or will it start capturing everything you type -- passwords, credit card numbers, etc. -- and send that information back to its masters?

No one knows, but we'll probably find out soon.

Or not. As Slate notes, Conficker is scheduled to go "live" on April 1, but whoever's controlling it could choose not to wreak havoc but instead do absolutely nothing, waiting for a time when there's less heat. They can do this because the way Conficker is designed is extremely clever: Rather than containing a list of specific, static instructions, Conficker reaches out to the web to receive updated marching orders via a huge list of websites it creates. Conficker.C -- the latest bad boy -- will start checking 50,000 different semi-randomly-generated sites a day looking for instructions, so there's no way to shut down all of them. If just one of those sites goes live with legitimate instructions, Conficker keeps on trucking.

Conficker's a nasty little worm that takes serious efforts to bypass your security defenses, but you aren't without some tools in your arsenal to protect yourself.

Your first step should be the tools you already have: Windows Update, to make sure your computer is fully patched, and your current antivirus software, to make sure anything that slips through the cracks is caught.

But if Conficker's already on your machine, it may bypass certain subsystems and updating Windows and your antivirus at this point may not work. If you are worried about anything being amiss -- try booting into Safe Mode, which Conficker prevents, to check -- you should run a specialized tool to get rid of Conficker.

Microsoft offers a web-based scanner (note that some users have reported it crashed their machines; I had no trouble with it), so you might try one of these downloadable options instead: Symantec's Conficker (aka Downadup) tool, Trend Micro's Cleanup Engine, or Malwarebytes. Conficker may prevent your machine from accessing any of these websites, so you may have to download these tools from a known non-infected computer if you need them. Follow the instructions given on each site to run them successfully. (Also note: None of these tools should harm your computer if you don't have Conficker.)

As a final safety note, all users -- whether they're worried about an infection or know for sure they're clean -- are also wise to make a full data backup today.

What won't work? Turning your PC off tonight and back on on April 2 will not protect you from the worm (sorry to the dozens of people who wrote me asking if this would do the trick). Temporarily disconnecting your computer from the web won't help if the malware is already on your machine -- it will simply activate once you connect again. Changing the date on your PC will likely have no helpful effect, either. And yes, Macs are immune this time out. Follow the above instructions to detect and remove the worm.

Comments on Last-minute Conficker survival guide

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 2226 Posted by victorcreed420 on Thu Sep 3, 2009 10:34PM EDT Report Abuse

    TO FIND OUT IF YOU HAVE CONFICKER!!!! For Windows XP Go to the Start Menu and open the Run dialog box and type in 'mrt' this will open the Windows Malicious Software Removal Tool. Run a Full Scan and if it finds nothing then you are OK!!!

  • 2227 Posted by floortechadams on Thu Sep 3, 2009 4:00PM EDT Report Abuse

    my computer will not let me go to any anti virus sites whats going on?

  • 2228 Posted by kamiru_san on Thu Sep 3, 2009 4:46PM EDT Report Abuse

    The people who write these things for no other reasons than to just be total dicks should be dragged out onto the street and shot between the eyes. Then their corpses should be hung from the nearest traffic light to be a lesson for other would-be ----- s.

  • 2229 Posted by kamiru_san on Thu Sep 3, 2009 4:46PM EDT Report Abuse

    The people who write these things for no other reasons than to just be total dicks should be dragged out onto the street and shot between the eyes. Then their corpses should be hung from the nearest traffic light to be a lesson for other would-be ----- s.

  • 2230 Posted by jayeh724 on Thu Sep 3, 2009 4:29PM EDT Report Abuse

    Everyone is saying that Macs are better, and kind of rubbing it in PC users faces, but for many, including a college student like myself, Macs are out of my price range.

  • 2231 Posted by heatherm218 on Thu Sep 3, 2009 4:17PM EDT Report Abuse

    Try Comodo. It's free and works much better than AVG in my opinoin.

  • 2232 Posted by victorcreed420 on Thu Sep 3, 2009 10:34PM EDT Report Abuse

    post #2222 they know because people that know what they are doing have looked at the source code of the malware and they can see it is set to receive new instructions on April 1st. Until then it is sitting dormant on your PC.

  • 2233 Posted by penguinwithin on Thu Sep 3, 2009 8:06PM EDT Report Abuse

    Beware, AVG has a nasty tendency of wiping the ----- out of your computer by deleting dll files. Nasty program

  • 2235 Posted by izzydaknight on Thu Sep 3, 2009 4:26PM EDT Report Abuse

    #2236, my guess is that you have the virus (if it exists.)

  • 2236 Posted by izzydaknight on Thu Sep 3, 2009 4:26PM EDT Report Abuse

    #2236, my guess is that you have the virus (if it exists.)

  • 2237 Posted by wazahat on Thu Sep 3, 2009 10:42PM EDT Report Abuse

    Are PCs running Vista Home Premium immune from Confilcker?

  • 2238 Posted by justin13892002 on Thu Sep 3, 2009 4:44PM EDT Report Abuse

    Although it may cause problems for companies, couldnt EVERY IP address be blocked?

  • 2240 Posted by jbfanhannah on Thu Sep 3, 2009 4:30PM EDT Report Abuse

    The link to a MS online scanner is not right. It's only a download.

  • 2242 Posted by ny_cty911 on Thu Sep 3, 2009 7:42PM EDT Report Abuse

    This better be some kind of April Fool's joke.

  • 2243 Posted by jazz2214 on Thu Sep 3, 2009 4:30PM EDT Report Abuse

    i don't think that this is for reals. i mean april 1st?? i'm not buying it, or else i would have heard it from somewhere else

  • 2244 Posted by victorcreed420 on Thu Sep 3, 2009 10:34PM EDT Report Abuse

    trey_clash13 I work in an IT dept. and while we are not feaking out over this, it is still a concern. Several e-mails have been sent stating that our anti-virus server is up-to-date and we should be protected from this and e-mails have been sent teling users how to check their PCs to make sure it is free of the worm.

  • 2245 Posted by calvin.barcelona on Thu Sep 3, 2009 3:16PM EDT Report Abuse

    what happens if i unplug the ethernet or internet cord from my pc? will it prevent the conficker? don't tell me this is a joke? is this conficker going to happen at midnight?Does the conficker crash your pc or will it make me lose my data in my pc?

More Posts: First Prev 111 112 113 114 115 Next Last

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.