Announcement

Collapse
No announcement yet.

Win32/Conficker!mem trojan

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Win32/Conficker!mem trojan

    My server running Win 2k3 standard is infected with win32/conficker!mem.I have Mcafee 8.5i antivirus updated.It detecs it as trojan.But tackes no action.How can I remove this from my server as well on clients machine.kndly help me !!

  • #2
    Re: Win32/Conficker!mem trojan

    Yups a true Wall of Fame issue
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Win32/Conficker!mem trojan

      Usually when people tell me they have McAfee I tell them to upgrade to a more capable AV... in any case, in my opinion the only course of action to take after an infection is to reinstall Windows - I'm sure you take backups of your data. Antivirus products should be used for prevention rather than cure - even if you remove tehe virus, you don't know what vulnerabilities it's left behind.
      Gareth Howells

      BSc (Hons), MBCS, MCP, MCDST, ICCE

      Any advice is given in good faith and without warranty.

      Please give reputation points if somebody has helped you.

      "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

      "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

      Comment


      • #4
        Re: Win32/Conficker!mem trojan

        http://vil.nai.com/vil/content/v_153464.htm

        Did this not happen?
        Is there any more information about this server? Is it running anything else?
        If you caught the worm it implies you didn't patch it maybe?

        I agree with gforce here though, get your data onto a backup somewhere, wipe and reload the machine and then install new AV update and then copy the data back, that all depends on the servers roles though.
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: Win32/Conficker!mem trojan

          Originally posted by gforceindustries View Post
          Usually when people tell me they have McAfee I tell them to upgrade to a more capable AV...
          Mcafee is a fine descent product. Way better then Symantec.
          I completely disagree with you in this case. Mcafee has made huge mistakes back in the NT4 days (anyone remember Mcafee 4.5 and 4.0.2?)
          Nowadays they belong IMHO to one of the best out there.

          I even noticed they are way faster with blocking new virusses than the beloved Trend.
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: Win32/Conficker!mem trojan

            This too..
            http://kbalertz.com/962007/Virus-alert-about.aspx
            cheers
            Andy

            Please read this before you post:


            Quis custodiet ipsos custodes?

            Comment


            • #7
              Re: Win32/Conficker!mem trojan

              I personally agree with Dumber regarding Mcafee. They seem to be quite quick in the report/response side of fighting the bad guys.
              Anyhow, on the link Andy provided, according to Mcafee, since the worm affects the system memory, REBOOTING should get rid of it totally.
              However as Andy also pointed out you need to close the door/window where it got from initially by keeping your system up to date, especially: http://www.microsoft.com/downloads/d...displaylang=en

              Ta
              Caesar's cipher - 3

              ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

              SFX JNRS FC U6 MNGR

              Comment


              • #8
                Re: Win32/Conficker!mem trojan

                Thanx.it works

                Comment


                • #9
                  Re: Win32/Conficker!mem trojan

                  Originally posted by Dumber View Post
                  I even noticed they are way faster with blocking new virusses than the beloved Trend.
                  TrendMicro's pissing me off ATM. Their email support is less than stellar. Not asking complicated questions either (aside from why their SW isn't catching Vundo).


                  Originally posted by L4ndy View Post
                  REBOOTING should get rid of it totally.
                  Reformatting?


                  Originally posted by eman View Post
                  Thanx.it works
                  What works?
                  ** Remember to give credit where credit is due and leave reputation points where appropriate **

                  Comment


                  • #10
                    Re: Win32/Conficker!mem trojan

                    Originally posted by gforceindustries View Post
                    Usually when people tell me they have McAfee I tell them to upgrade to a more capable AV... in any case, in my opinion the only course of action to take after an infection is to reinstall Windows - I'm sure you take backups of your data. Antivirus products should be used for prevention rather than cure - even if you remove tehe virus, you don't know what vulnerabilities it's left behind.
                    Oh come on g, these things are reverse engineered to the point where the definition writers know everything the virus does. Once a fix is released that works there's really no need to redeploy your system after an outbreak.

                    Comment


                    • #11
                      Re: Win32/Conficker!mem trojan

                      Originally posted by Wired View Post

                      Reformatting?
                      Well' it all depends on on what the damage is, If any?

                      According to Mecafee once the virus/worm has been detected then It's isolated and since it resides on the memory (Hence the name given to this variation of the code) Rebooting should get rid of any leftovers.
                      Caesar's cipher - 3

                      ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                      SFX JNRS FC U6 MNGR

                      Comment

                      Working...
                      X