# New virus/worm has infected millions of PCs



## Steve615 (Feb 5, 2006)

From Yahoo:
Yet another virus/worm has made its way into alot of folks PCs recently.
The virus is known as Downandup/Conficker.
According to the following link to the article,it has already infected 9 million PCs,but that number could easily be in the 15-20 million range by now.

http://tech.yahoo.com/blogs/null/116396

A patch has been issued via Windows Update for the issue.
Consumers being urged to run Windows Update ASAP,if the PC is not configured for automatic updates.


----------



## larryk (Aug 17, 2006)

This was patched by MS08-067 (October of 2008).
It's amazing how many people don't update their PC's...


----------



## Mark Holtz (Mar 23, 2002)

Standard Operating Procedure when I fix a person's computer is to run Windows and Office update. It amazes me how many people have turned off Windows update, especially those on dial-up.


----------



## CoriBright (May 30, 2002)

I remember fixing one teen's PC that had never been updated, had no antivirus etc etc, ran AdAware and found 14,400 nasties! That is my all time record. And the young lguy had the nerve to say it had never been connected to the internet! When questioned further, he fessed up and said it used to have a NIC but he fried it! 

I suggested a nice clean install WITH antivirus and antispyware and charged him $50 provided he told all his friends that I do a very good job. I always fix kids' PCs for $50 the first time.... then I tell them that next time it's $50 per hour. Nothing leaves my house without Updates turned ON, full a/v and a/s.


----------



## xIsamuTM (Jul 8, 2008)

I know I shouldn't, but I keep mine off as well. updates like to reset your computer. resetting computer + seeding torrents = doesn't help my ratio on some sites


----------



## houskamp (Sep 14, 2006)

I always set mine to download/notify only... prevents that "need to restart" nag..
At least the win7 beta has the ability to tell it to wait hour or more.. great improvement..


----------



## wilbur_the_goose (Aug 16, 2006)

Make sure you run the Windows Malicious Software Removal software!!!!!!


----------



## MikeW (May 16, 2002)

How 'bout some advice...? I manage about 40 computers and need them to be updated on a regular basis. Aside from trusting others to manually click through the process, how does one perform Windows Updates on a group of remote computers (ie one computer per location spread out over 500 miles of geography?)


----------



## LarryFlowers (Sep 22, 2006)

If the computers are part of a domain and server based, you can use Windows Server Update Service (WSUS), if not, then your best bet would be to use a program like GoToAssist. This program is a remote assistance program and has an option to make connections even when the PC is unattended (it must be turned on). I use this software for my smaller clients and handle all of their updates remotely myself. The software even has the ability to reboot the PC and restore the session after the reboot without any intervention by you. They have pretty flexible pricing, with per use, day and my preference, I subscribe to a monthly plan.

Larry



MikeW said:


> How 'bout some advice...? I manage about 40 computers and need them to be updated on a regular basis. Aside from trusting others to manually click through the process, how does one perform Windows Updates on a group of remote computers (ie one computer per location spread out over 500 miles of geography?)


----------



## xIsamuTM (Jul 8, 2008)

So I started it up, catching up on Ranma and Slayers, and all night it would keep chiming like I a new device was attached, then disconnected, then attached again, over and over. at totally random times, then after about an hour it stopped for the night. assuming I didn't get a bug, what would cause it. taskbar says a usb device is being connected.


----------



## MikeW (May 16, 2002)

Thanks Larry. I do have remote access through a third party app. I'm looking for a best practice to update the PCs automatically. Currently, the machines are logged on without admin rights 99% of the time, so they do not take the updates. It's difficult to touch over 40 pcs on a regular basis just to apply updates. MS/Java/Adobe are always prompting for updates along with SAV which does work properly without my attention.


----------



## harsh (Jun 15, 2003)

MikeW said:


> MS/Java/Adobe are always prompting for updates along with SAV which does work properly without my attention.


Anything (anyone?) that needs constant supervision needs to be uninstalled and replaced with something that doesn't. I use an antivirus product that is almost entirely self maintaining with local server pushed updates and unless the user encounters a real virus, it keeps its mouth shut.

The software I use will also identify clients that aren't protected by it and offer to do a remote install.

A giant help for me was to go to a spam and e-mail borne malware filtering service. It all but stopped the spam and viruses coming in via e-mail.


----------



## Ron Barry (Dec 10, 2002)

I work for a large company. I was told about 85% of the mail that comes in we don't see and is classified as SPAM. 

They also run Symantec End Point protection on our boxes and I have to say that based on my experience it is a huge performance hog and it appears Virus Scan software as a whole is getting bigger and more of a pig as it tries to outsmart Virus writers. 

Since I develop and have things compiling and do a lot of checking in/checking out, I tend to pick up really quickly when my box feels sluggish. I started to look at the processes running and I all I have to say is "UGH". These things tend to feel need to real time scan ever file you click on, Have processes trying to figure out if a new Virus pops up, and I am sure a number of other things. I believe VS software's pendulum has swung way to fair to the side of ultimate protection. 

I know... It can configure it differently to make it more performance friendly but since there goal is protection and control there is no incentive to make sure my machine can perform how it should and you know they are going to give the user the ability to do so either in fear we might abuse that privilege. Better to keep the machine safe and the user less productive. 

I mean.. on my box. the End point install is just under 500MB. That is just nuts.. Virus Scan software needs to be smarter at using resources period as does the software that updates your computer. 

I fully understand why people turn this stuff off. I don't know how many times we have been in a meeting when you have gotten the "Updated your computer rebooting now" message with the cancel button disabled. After a 10 to 20 minute reboot cycle we are back to being able to be productive. 

Virus issues are a growing problem.. Sucks to see one, but as I see it the solution to me at times also appears to be a Virus that is growing.


----------



## MikeW (May 16, 2002)

harsh said:


> Anything (anyone?) that needs constant supervision needs to be uninstalled and replaced with something that doesn't.


Uninstalling Windows is not an option. Java/Adobe won't update unless you are logged on to the machine with administrative rights. I try to keep the boxes locked down as much as possible to prevent end users from doing anything on the machines that I don't want them to do. The problem then becomes they are not patched with the latest Windows updates.

I administrate our mail server and utilize a spam filter that seems to work pretty well. Over 90% of our messages are filtered out before they are seen. Beyond that, I've also filtered out many IP ranges from foreign countries that produce spam. I'm finding that the majority of spam we recieve now comes from a Verizon network.

I've not had a serious issue with any of the workstations I administrate, I'm just looking to feel better about my skills by automating Windows updates.


----------



## harsh (Jun 15, 2003)

Ron Barry said:


> I started to look at the processes running and I all I have to say is "UGH". These things tend to feel need to real time scan ever file you click on, Have processes trying to figure out if a new Virus pops up, and I am sure a number of other things. I believe VS software's pendulum has swung way to fair to the side of ultimate protection.


Most respectable AV solutions only check files of certain types. Obviously you don't need to check most files involved in a compile/translation/linking. It should test the executable though.


----------



## peaches (Jan 9, 2009)

I run avg along with router encryption/ really all you need.


----------



## Greg Alsobrook (Apr 2, 2007)

wilbur_the_goose said:


> Make sure you run the Windows Malicious Software Removal software!!!!!!


Worthless....

http://www.dbstalk.com/showthread.php?p=1905945#post1905945


----------



## rudeney (May 28, 2007)

Well, this has proven to be one heck of a hard to kill worm! Our company is infected and it's been two weeks of ups and downs trying to get things under control. We have found that the Microsoft MSRT does get rid of it, but of course you have to get rid of it on all PC's on the network before it does any good. F-secure and Bit Defender also have removal tools.

One thing we discovered is that the MS security patch doesn't appear to keep your PC from _getting_ the worm, it only prevents it from _spreading_ the worm. So, even if you have the patch, you may still be vulnerable unless your antivirus software intercepts it. The worm spreads through network ports, shared drives and even "thumb" drives. The worst part is that it infects servers, which often don't have antivirus software.

In fact, that's what prompted me to bring this up again - I just spend the last two days setting up some servers (virtuals) from scratch. The moment I got them up and running and ready to download patches, they became infected! A word to the wise when setting up PC's and servers: always apply all patches, SP's and install virus software *before* connecting a newly installed O/S to the network!


----------



## CoriBright (May 30, 2002)

Many more Servers (or PCs running Server operating systems) would have antivirus software if the greedy manufacturers didn't want to charge hundreds of dollars for a single copy that worked on a Server O/S. 

Not every Server is owned by a Fortune 5000 company, or perhaps they don't realize that fact. I have two Servers running Server 2008 and have to pay out a small fortune to get a/v for them. I don't have millions to spend on them.... or even thousands. 

If just one company would make a/v software available at reasonable cost I would most certainly buy it, along with copies for my other PCs running 'consumer' operating systems. I spend a lot with ESET on an annual basis, but they won't give me a break for my two Servers, and I've done the rounds with other a/v companies as well. I just about make enough per year to cover the costs. 

CRAZY. You'd think in this day and age that ALL computers should be able to get decent a/v at an affordable cost. Or perhaps the a/v software companies are just keeping themselves in business by letting Servers without a/v infect the rest of the world.


----------



## kevinwmsn (Aug 19, 2006)

rudeney said:


> Well, this has proven to be one heck of a hard to kill worm! Our company is infected and it's been two weeks of ups and downs trying to get things under control. We have found that the Microsoft MSRT does get rid of it, but of course you have to get rid of it on all PC's on the network before it does any good. F-secure and Bit Defender also have removal tools.
> 
> One thing we discovered is that the MS security patch doesn't appear to keep your PC from _getting_ the worm, it only prevents it from _spreading_ the worm. So, even if you have the patch, you may still be vulnerable unless your antivirus software intercepts it. The worm spreads through network ports, shared drives and even "thumb" drives. The worst part is that it infects servers, which often don't have antivirus software.
> 
> In fact, that's what prompted me to bring this up again - I just spend the last two days setting up some servers (virtuals) from scratch. The moment I got them up and running and ready to download patches, they became infected! A word to the wise when setting up PC's and servers: always apply all patches, SP's and install virus software *before* connecting a newly installed O/S to the network!


I slipstream the service packs into the windows deployment server at work so at least they will be at win2k3 sp2, then I would point them to a WSUS and they get updated pretty quick. It also helps to have servers in a separate network than the client workstations.


----------

