Conflicker.C

Anyone know if EAV is capable of handling Conflicker.C? I had a quick look on the virus encyclopedia and on this very forum but, could only find references to Conflicker.A

~M

 

Since every AV company uses its own nomenclature for naming threats, I cannot answer your question. What one detects as Conficker.A or C, it can be detected as a variant of Conficker.X by ESET which is the case I assume, as probably all new variants are detected under that name.

 

Thanks for the reply Marcos and I appreciate that different companies use different names.

I was referring to the nasty worm variant which is supposedly dormant until 1st April and which has been reported recently in articles such as

http://www.theregister.co.uk/2009/03/30/conficker_signature_discovery/
http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm

(Please excuse the use of SARC link but, it was one of the few good links I could find)

 

Wow I'd certainly hope so. Everyone knows Conflicker currently has 3x variants..A, which came out last fall, B, which came out this past Feb, and the current and vastly improved variant..C.

This one isn't being treated as "generic" by anyone else....nor lightly.

 

We'll know in a couple of days, won't we?

 

Yup..countdown.

Good little article....

http://windowssecrets.com/2009/03/30/01-Run-a-Conficker-removal-tool-before-April-1

Like most big prior worms....maintaining your Microsoft updates helps your PC shrug it off.

Also using OpenDNS as your opendns servers..interesting good perc..I've been using them for years for clients as an added layer of protection.

 

Not a very impressive response, considering all the press this bugger has gotten in the last week - hell, it made 60 Minutes last night...

Please answer the question, Marcos...

Does NOD32, in all its different versions (2.7 thru 4.0), with up to date sigs, detect AND STOP this bugger?

Thanks for not being so flippant this time.

 

I watched that 60 minutes episode and boy did Symantec ever take the opportunity for some serious PR work on that one. I bet a lot of people went out and bought Norton Internet Security 2009 today.

 

Thanks again for the info Ron!

Cheers,

TH

 

on the eset homepage http://www.eset.com/

there is a warning in red

i have a question , i have xp pro sp2 with tha last patches hotfix , update with xp update feature

and nod32 2.7 updated

should i be safe?
or should i do something else?

thanks

 

V2 ain't good at cleaning Conficker once you've got your computer infected.

 

thanks Marcos

bye the way in my desktop i have nod32 V3 last built
and in my laptop nod32 2.7

at last are able to detect it and stop it

 

Ron thanks for the link very informative.

Marcos - out of interest, how does your statement about cleaning fit in with XMON which is limited to NOD32 v2.7? If the mail server got infected, could there be problems cleaning it?

~M

 

but should i download further fixes or windows update built in in xp does it dowload automatically ?

 

http://blogs.technet.com/mmpc/archive/2009/03/27/information-about-worm-win32-conficker-d.aspx

Dunno why my fingers keep adding an "l" in there...conficker...not conflicker.
Conficker.D, Downadup.C.

 

I do that every single time too... I have no idea why...

Anyway, mantra just make sure you have all the windows updates and go to secunia.com get the personal scanner and do a scan and you're fine.

 

Now I am confused!

If v2/v3 & v4 all already detection conficker then why does the changelog for the new v4.0.417 say :
■Fixed several issues in firewall module:
■Detection for Conficker added"

~M

 

Like it says... improvement on the firewall module has detection for conficker...

The antivirus module had it for a long time, but since there has been improvement of research, ESET can now detect the traffic signature RPC requests that are happening to or from your machine now, which means the firewall module will be able to detect conficker too.

 

Hello All,

For those who read this thread and are looking to protect themselves against the Conficker threat or remove it please see our Knowledgebase article here: http://kb.eset.com/esetkb/index?page=content&id=SOLN2209

For further information, you can read our various blogs here: http://www.eset.com/threat-center/blog/

Thank you,
Richard