Warning: Security related E-Mail Hoax stating that network is infected.
Microsoft has recently become aware of an email hoax that begins like the following:
"Starting 18/10/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected..."
This is not a legitimate communication from Microsoft and the link within that communication points users to a 'rogue' security program. These rogue programs generate misleading alerts and false detections of malicious code to convince users to purchase the illegitimate security software. Some rogues may display product names or logos in an apparent unlawful attempt to impersonate Microsoft products or other legitimate software applications.
If you believe your machine has become infected, we encourage you to use the Windows Live OneCare Safety scanner to check your PC for malware and to help remove them from your system. In addition, we encourage you to submit any other suspicious files to the MMPC team for analysis.
If you do not have an antivirus/antispyware software on your machine, you download Microsoft Security Essentials or choose from a list of other software providers: Windows 7 security software providers, Windows Vista security software providers, Windows XP security software providers.
You can also find out how to get free virus-related assistance from Microsoft here: http://www.microsoft.com/protect/support/default.mspx.
Thank you1 person needs an answerI do too
All Replies
Hi,
For any that think they might have Conficker :
Can you get to Microsoft.com, McAffee.com, Symatec.com? Thinking you could have a conficker.
Check with this site
http://www.confickerworkinggroup.org/infection_test/cfeyechart.html
Virus alert about the Win32/Conficker worm
http://support.microsoft.com/kb/962007
Protect yourself from Conficker
http://www.microsoft.com/security/worms/conficker.aspx
How to remove the Downadup and Conficker worm (Uninstall Instructions)
http://www.bleepingcomputer.com/virus-removal/remove-downadup-conficker
How to Remove Conficker Worm Manually
http://www.411-spyware.com/conficker-worm-removal#how-to-remove
BDTool to remove
http://www.bdtools.net/
-----------------------------------------------
Run the Microsoft Malicious Removal Tool, Scan with Malwarebytes and run Prevx to be sure it is gone. (If needed
use UnHackMe below.)
Start - type in Search box -> MRT find at top of list - Right Click on it - RUN AS ADMIN.
You should be getting this tool and its updates via Windows Updated - if needed you can download it here.
Download - SAVE - go to where you out it - Right Click on it - RUN AS ADMIN
(Then run MRT as above.)
Microsoft Malicious Removal Tool - 32 bit
http://www.microsoft.com/downloads/details.aspx?FamilyID=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
Microsoft Malicious Removal Tool - 64 bit
http://www.microsoft.com/downloads/details.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en
--------------
Run these :
Malwarebytes - an on-demand scanner - update on Updates tab and run when ever you suspect malware.
http://www.malwarebytes.org/
also install Prevx to be sure it is all gone.Prevx - Home - Free - small, fast, exceptional CLOUD protection, works with other security programs. This is
a scanner only, VERY EFFECTIVE, if it finds something come back here or use Google to see how to remove.
http://www.prevx.com/PCmag - Prevx - Editor's Choice
http://www.pcmag.com/article2/0,2817,2346862,00.asp
--------------------------------------------
Here are some online free scanners to help if needed (skip if not) :
http://www.eset.com/onlinescan/
http://www.kaspersky.com/virusscanner
Other Free online scans
http://www.google.com/search?hl=en&source=hp&q=antivirus+free+online+scan&aq=f&oq=&aqi=g1
--------------------------------------------
Also do these to cleanup general corruption.
Run DiskCleanup - Start - All Programs - Accessories - System Tools - Disk Cleanup
Start - type this in Search Box -> COMMAND find at top and RIGHT CLICK - RUN AS ADMIN
Enter this at the prompt - sfc /scannow
How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program
generates in Windows Vista cbs.log
http://support.microsoft.com/kb/928228
Run checkdisk - schedule it to run at next start and then Apply OK your way out then restart.
How to Run Check Disk at Startup in Vista
http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html
-------------------------------------------------
Run Malwarebytes when you can.
IE - Tools - Internet Options - Advanced Tab - click Restore then click Reset - Apply / OK
IE - Tools - Internet Options - Security - Reset all Zones to default level - Apply / OK
Close IE
IE - Tools - Manage Addons (for sure disable SSV2 if it is there, this is no longer needed but Java still installs it
and it causes issues - you ever update Java go back in and disable it again.) Look for other possible problems.
Windows Defender - Tools - Software Explorer - look for issues with programs that do not look right. Permitted
are usually OK and "not permitted" are not always bad. If in doubt about a program ask about it here.
Could be a BHO - BHOremover - Free - standalone program, needs no install, download and run - not all
are bad however some can cause your issue. (Toolbars are BHO's)
http://securityxploded.com/bhoremover.php
Startup Programs
http://www.vistax64.com/tutorials/79612-startup-programs-enable-disable.html
Be sure to do this :
Logon as AdminStart - type in Search box -> COMMAND - find on list above - RIGHT CLICK - RUN AS ADMIN
Enter each of these one at a time and hit enter after each
ipconfig /flushdnsnbtstat -R
nbtstat -RR
netsh int reset all
netsh int ip reset
netsh winsock reset
Reboot
------------------------------------------------------
Here are some for rootkits if they were an issue :
SpyDLL Remover - Free
http://securityxploded.com/spydllremover.php
Advanced Windows Service Manager
http://securityxploded.com/winservicemanager.php
Run Rootkit Revealer - Free
http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx
UnHackme - trial 5.5 or later
http://www.greatis.com/unhackme/
This tells you how to use UnHackme and has a link to version 2.5 - use it as a guideline with
the current version available as above is 5.5 or later
http://safecomputing.umn.edu/guides/scan_unhackme.html
IceSword - Free
http://www.antirootkit.com/software/IceSword.htm
Instructions and Pictorial
http://securityxploded.com/icesword.php
Tutorial for using IceSword
http://translate.google.com/translate?hl=en&sl=zh-CN&u=http://soft.zol.com.cn/2004/0803/145163.shtml&prev=/search%3Fq%3Dicesword%26hl%3Den%26lr%3D
Revo Uninstaller - Free
http://www.revouninstaller.com/
Hope this helps.
Rob - Bicycle - Mark Twain said it right.- Edited bySpiritX Saturday, January 09, 2010 8:16 PM
- Try downloading macafe! (If haven't done!)
T.Laptop
