Warning: Virus Season

[Moderator]

Yes, I am totally invading this board with a sticky for a few days. Any moderator/specialist, feel free to desticky this around ~April 3rd or so.


This note is for everyone:
April 1st has often been a target day for malware programmers.
Recently, news of one particular virus that antivirus companies are getting stumped  over has caused a lot of fear.

Though you should do these things weekly, now is time to pay special attention:

• Install antivirus if you dont already have antivirus. AVG and Avast are both free, www.avast.com http://free.avg.com/download-avg-anti-virus-free-edition
• Update your antivirus scanner, manually. Even if your scanner usually does this by itself, some viruses disable this feature.

If your updates are not working properly, reinstall your scanner ASAP. Dont wait.

• Scan your entire computer, including archive files ("Thorough scan"). This is something that you should do at least once a month, it takes time. Leave it running overnight.
• Check Windows Updates. If automatic updates are enabled, check for updates anyways. Often, viruses will disable automatic updates. If automatic updates just arent working, attempt to use the update program in Internet Explorer.
• Backup your files. Viruses are devastation to your data, and they often to wipe things out.
• If your computer gets a virus, disconnect it from your home or work network until the problem is fixed. Cease sharing of files, even if the person you are sharing with has antivirus installed.

[Malware Removal Specialist]

Good post

Just to add to the above suggestions, the best ways to be prepared for this upcoming threat is really something that should be done on a regular basis. Here are some easy solutions to help.

- Keep Windows up to date.( I know Zystra already mentioned it ) Microsoft has released many security updates to help block known exploits. Visit Microsoft Windows Update and get all critical updates.
- Keep your antivirus and other security software up to date. The Secunia Personal Software Inspector (PSI) is a great free tool that will inform you of out of date and end of life software.
- Disable autoruns. While AutoRuns are convenient they are also very easily exploited by this type of malware. Use the free Panda USB and AutoRun Vaccine to disable autoruns.

Good post

Just to add to the above suggestions, the best ways to be prepared for this upcoming threat is really something that should be done on a regular basis. Here are some easy solutions to help.

- Keep Windows up to date.( I know Zystra already mentioned it ) Microsoft has released many security updates to help block known exploits. Visit Microsoft Windows Update and get all critical updates.
- Keep your antivirus and other security software up to date. The Secunia Personal Software Inspector (PSI) is a great free tool that will inform you of out of date and end of life software.
- Disable autoruns. While AutoRuns are convenient they are also very easily exploited by this type of malware. Use the free Panda USB and AutoRun Vaccine to disable autoruns.

Might I add Java and Flash Player 

[Malware Removal Specialist]

Might I add Java and Flash Player 

Yep!

Secunia should find any out of date files for you from Java and Flash.

[Moderator]

It always amazed me how insecure FlashPlayer and Java can be for a system... there's a reason we dont have either running on this forum : )

It always amazed me how insecure FlashPlayer and Java can be for a system... there's a reason we dont have either running on this forum : )

Thats why i use javascript. 

The april 1st virus (Conficker or Downandup) supposedly has infected over 15m PCs but harder data suggests the infection is in around 10m PCs.

[Moderator]

Its speculated that Conficker isnt going to do anything right now...
(Also, it could be a time zone issue... wherever the programmers are living, it might not be April 1st yet? Who knows)

Its said they might be waiting for public concern to die down.


Conficker apparently updated itself today though, however, it continues to remain inactive.
I'm just glad I didnt arrive at school today with 300 computers staring at me with some weird virus message that I would have to try and fix.

Here is what I read:

http://www.crn.com/security/216402353

[Malware Removal Specialist]

Local news reports are saying users have been getting infected by fake Facebook emails. But this is all before today so no telling what the "zombie masters" are planning.

Its speculated that Conficker isnt going to do anything right now...
(Also, it could be a time zone issue... wherever the programmers are living, it might not be April 1st yet? Who knows)

Its said they might be waiting for public concern to die down.


Conficker apparently updated itself today though, however, it continues to remain inactive.
I'm just glad I didnt arrive at school today with 300 computers staring at me with some weird virus message that I would have to try and fix.

Here is what I read:

http://www.crn.com/security/216402353

Ditto, when i first logged onto one of the PCs i updated Sophos. 

Like I say- a lot of things are going to be blamed on this that are completely unrelated.

[Malware Removal Specialist]

Agreed. That's why I want logs in malware removal. I'm infected with "fill in the blank" is only accurate about 10% of the time...

watch, "OH NOES! Balloon tips aren't appearing! BLAST YOU CONFICKER!" *attaches clean log*

LOL

[Malware Removal Specialist]

Also depending on what scanner it is there could be multiple names for the same infection. The Conficker worm is also referred to as Downloadup. Then there is Conficker A, B, C, D and Win32 Conficker and on and on.

    * Win32/Conficker.A (CA)
    * W32.Downadup (Symantec)
    * W32/Downadup.A (F-Secure)
    * Conficker.A (Panda)
    * Net-Worm.Win32.Kido.bt (Kaspersky)
    * W32/Conficker.worm (McAfee)
    * Win32.Worm.Downadup.Gen (BitDefender)
    * Win32:Confi (avast!)
    * WORM_DOWNAD (Trend Micro)
    * Worm.Downadup (ClamAV)

http://en.wikipedia.org/wiki/Conficker

Hey evil, are these like the file names of conficker?

Just wondering

[Malware Removal Specialist]

It's what different companies call it.

* Win32/Conficker.A (CA) <- http://www.ca.com/us/anti-virus.aspx
* W32.Downadup (Symantec) Norton/Symantec
* W32/Downadup.A (F-Secure) <- http://www.f-secure.com/en_EMEA/security/
* Conficker.A (Panda) <- http://www.pandasecurity.com/infected_or_not/us/

And so on. The same infection may have multiple names. Depends on what scanner you are using.

[Moderator]

I wish antivirus companies would use a better naming system... it does *look* confusing to newer computer users.
But, its usually easy to search for... still, I wish they would also use universal names so that solutions could be found easier.


But, competition prevents this from happening.