Am I infected with the April 1st virus (Conficker C)?

Question

What is the April 1st virus that everyone is talking about and how do I tell if I am infected?

- Kevin

Answer

This question was answered on March 26, 2009. Much of the information contained herein may have changed since posting.

A very stubborn Internet worm known as the Conficker (aka Downup, Downadup & Kido) has been in circulation since late 2008 and specifically targets most of Microsoft’s operating systems.

The third generation of this pest is being labeled Conficker C and it is far more dubious than the previous two versions.

The primary intent of the Conficker worm family is to infect computers with an agent that will turn them into a ‘zombie’ on a large network of infected computers referred to as a botnet.

Botnets are a collection of compromised Internet connected computers that can be remotely controlled by a single computer referred to as the command and control center to act as a group.

Once infected, any computer on a botnet can be given instructions from the command center to perform whatever function the remote hacker desires, including sending spam, infecting other computers or tracking keystrokes for the purposes of ID theft.

Conficker C is especially disconcerting because it is specifically designed to bypass and disable hundreds of popular security programs and websites and it has a trigger date of April 1st with a yet unknown payload.

To make things worse, Conficker C is very good at hiding from you and your security programs and has code that allows it to ‘evolve’ its ability to be detected and removed.

One of the first things it will attempt to do is turn off the automatic updates in Windows because it is exploiting a known hole in Windows If your computer has not been patched, Conficker can take advantage of the hole and make sure your system doesn’t automatically download the patch by disabling your automatic updates.

To check if the automatic updates have been turned off, go to the Windows Control Panel and double click on the Security Center icon to get to the Automatic updates link.

If you find that your automatic updates have been turned off, it doesn’t necessarily mean that you are infected, however, if you know that it was previously set to automatically update and now it’s turned off, you would be wise to have a technically savvy person do a deeper evaluation of your computer.

The rest of the symptoms for detecting Conficker C requires a working knowledge of the Windows Registry and many of the anti-virus and security firms on the Internet have posted very detailed technical instructions for detection and removal (search Google for “Conficker C removal”).

If you don’t have a tech savvy resource available and are near any of our Data Doctors locations (www.datadoctors.com/locations), we provide free checkups to help those with concerns determine their computer’s status.

One of the many ways that your system can get infected in the first place is from the usual suspects: e-mail attachments, rogue links in e-mails or on malicious websites and from downloading files from P2P networks such as Limewire and KaZaa, but a most recent exploit seems to be where many folks are getting infected.

The popularity of online video and especially YouTube has created a new trick for malware writers to get into your system If you click on a link that presents itself as a video, but when you go to play the video you get an alert stating that you need to update your “Flash Player” or you need a new ‘codec’, the chances are real good that it’s a trick.

If you routinely view online video and you are suddenly told you need something new to view online videos, especially from a no-name website, be suspicious.

If a message comes up saying you need a new version of the Flash Player, don’t accept the file that the website offers as an update Instead, go to http://get.adobe.com/flashplayer to install the latest version of the free video player, then go back and try viewing the video again.

If the same message comes up with a prompt to download an updated Flash Player, you will know it’s a scam for sure.

In the same respects, if you get a message telling you that you need a new ‘codec’ to view a video, the safe response is to take a pass until someone technical you trust can see if you’re video playback software is really that old.

Need Help with this Issue?

We help people with technology! It's what we do.
Schedule an Appointment with a location for help!

Author

Posted by Ken of Data Doctors on March 26, 2009