I’ve been reading about the Conficker/DownAdUP Worm over the past few days on Yahoo News. However, due to some articles saying that “some” experts don’t consider it as too much of a threat, I didn’t worry much about it.
I read a couple of articles about it again last Wednesday morning (April 1) and decided to check and see if my computer at the office has been infected. And it was (and probably still is I cannot say with finality as of this very moment)!
How did I find out? Well, as mentioned in the articles, I wouldn’t be able to access any of the Antivirus companies’ websites (particularly those concerning Conficker) and Microsoft’s updates and that’s exactly what happened. Every time I clicked on a link on Google’s search results that’s supposed to take me to an Antivirus Company’s website, I’d get redirected to another website (which looks like a sort of “dummy” of the real website as it has the root URL of the real website on its header, i.e., “Symantec.com”).
I was starting to feel uneasy about the infection as the Conficker Worm may possibly used to steal data (most alarmingly, passwords and other sensitive/personal information), or so they say.
One of the articles also mentioned that the Worm blocks any link or program that has the word “Conficker” in its filename (or something like that). Therefore, one would need to ask someone whose computer is not infected by the worm to send him/her the removal tool(s) through email. In addition, the article also mentioned that one would need to change the removal tool’s filename to be able to run it. (!)
Out of desperation, I continued my search (on Google) and (quite luckily) got through to techknowl.com which had links for the removal tools. All the download links worked except for the Windows updater.
Since I was unable to get through to the Microsoft website, I continued to search the web for Microsoft’s KB921883 patch (Note: KB921883 is for Windows XP SP2, check the required patch for other versions of Windows).
During my search, I started to feel that the worm is very much like a criminal mastermind/crooked politician who covers up his/her tracks and takes every measure to prevent him/herself from getting caught. Why, you ask? Well, it seems that I couldn’t get to any website that has download links for the patch (even the mirrored ones). But, then again, it might just be the proxy server in our office.
Anyway, after having gotten nothing, I went to our IT department and asked if they had that particular patch, and luckily they did.
And so, I installed the patch and ran all the removal tools I had. And for good measure, I downloaded Symantec’s DownAdUP removal tool and had it run through my files. But then, a few seconds into the scan, the removal tool quit prematurely giving me no warnings whatsoever.
Naturally, I tried it again… and it happened again. I tried rebooting my PC in Safe Mode but it wouldn’t… it just kept restarting over and over. By that time, I started to think that there must be something seriously wrong with my PC.
And so, I called up our IT people and asked them to see what’s wrong.
The findings were grim… it was found that my PC’s got a lot of corrupted system files and it had to be reformatted and have Windows reinstalled. However, I don’t think Conficker had anything to do with that as we’ve experienced a few power outages before and I’ve also done a few hard reboots due to my PC freezing while doing some heavy operation.
Not all is lost, though… I still have all my files and my PC’s now in tip top shape.