Don’t let this happen to you…

by DanB

It’s scary. Here you are just looking for information on the Internet and the next thing you know your computer is infected with something nasty. Even worse maybe your computer has become a Zombie on a Botnet. You install programs to combat this and they slow you down even more. What can you do?

First take the obvious steps:

* Keep your virus scanner and operating system up to date.
* Run a firewall.
* Don’t open email attachments unless you were expecting them.
* Scan all email attachments for viruses before you open them.

This week I ran across a couple of people infected with a recent Internet worm called Win32/Conficker. It was surprising because the group we are in is technically savvy. They had the worm and were having trouble getting rid of it. This particular worm targets Microsoft Windows. Microsoft has a good page on how to deal with the worm and what to look for if you think you have it.

The most visible and obvious symptom of the worm is your web browser will not take you to the website you think it should. More specifically you won’t be able to access secure sites like anti-virus updates. You will type in the right address but find yourself somewhere else.

Here is a link to the Microsoft page about the worm. It has links to the software updates you need to protect yourself or someone you know.

http://www.microsoft.com/security/portal/Entry.aspx? Name=Win32/Conficker

If you’ve had experience with this worm or other bad stuff then click this link now and post your comments on the blog:

http://www.tnpcnewsletter.com/blog/

Stay safe out there!

  • Willard A Minns
    I confirm the statement by Joshua Proschan! I also had a problem with both Drives and Folders, when doubled clicked they would try to open in the first program listed in my "open with" list. They could only be opened by right clicking and selecting "open". Then my printers disappeared when the print spooler service was inhibited from starting. It took almost 2 weeks from first noticing the problems to final cleaning of of the residual problems.
  • Joshua Proschan
    Microsoft's advice is not adequate. See:

    http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9126478&source=rss_news

    Also the US-CERT advisory:

    http://www.us-cert.gov/cas/techalerts/TA09-020A.html

    According to US-CERT you must also apply a little-known MS update (KB953252) that Microsoft does not mention on the page you mention. Without this update, Windows ignores the registry settings for NoDriveAutoRun and NoDriveTypeAutoRun. Once this patch is installed, Windows will enforce the NoDriveAutoRun and NoDriveTypeAutoRun settings.

    I can confirm from my own experience (two XP Pro PCs) that, at least for USB drives, the No...AutoRun settings are ineffective without the KB953252 update. The update is version-specific; the link to these is in the last paragraph ("update") of the US-CERT advisory. After applying the update, the No...AutoRun values must be added to the registry as described by CERT.

    One thing hinted at in the advisory: the registry changes should be made to HKLM, and not HKCU. HKLM over-rides any HKCU settings, and need only be changed once on each PC (from an admin login). HKCU changes must be made user-by-user, which must be promoted to administrator to make the changes. For almost all PCs, having the same settings for all users is the best way to protect the system as well as the simplest.

    Thanks for the great newsletter; I look forward to the next issue.
blog comments powered by Disqus

Previous post:

Next post: