Bobby Mikkelson
Had this question 6
Question
Bobby Mikkelson asked on
| 3805 views

Warning: Security related E-Mail Hoax stating that network is infected.

Microsoft has recently become aware of an email hoax that begins like the following:

"Starting 18/10/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected..."

 

This is not a legitimate communication from Microsoft and the link within that communication points users to a 'rogue' security program.  These rogue programs generate misleading alerts and false detections of malicious code to convince users to purchase the illegitimate security software.  Some rogues may display product names or logos in an apparent unlawful attempt to impersonate Microsoft products or other legitimate software applications.

 

If you believe your machine has become infected, we encourage you to use the Windows Live OneCare Safety scanner to check your PC for malware and to help remove them from your system.  In addition, we encourage you to submit any other suspicious files to the MMPC team for analysis.

If you do not have an antivirus/antispyware software on your machine, you download Microsoft Security Essentials or choose from a list of other software providers:  Windows 7 security software providers, Windows Vista security software providers, Windows XP security software providers.

 

You can also find out how to get free virus-related assistance from Microsoft here: http://www.microsoft.com/protect/support/default.mspx.

 

Thank you
SpiritX MS MVP
Found this helpful 0

Hi,

For any that think they might have Conficker :

Can you get to Microsoft.com, McAffee.com, Symatec.com? Thinking you could have a conficker.

Check with this site
http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

Virus alert about the Win32/Conficker worm
http://support.microsoft.com/kb/962007

Protect yourself from Conficker
http://www.microsoft.com/security/worms/conficker.aspx

How to remove the Downadup and Conficker worm (Uninstall Instructions)
http://www.bleepingcomputer.com/virus-removal/remove-downadup-conficker

How to Remove Conficker Worm Manually
http://www.411-spyware.com/conficker-worm-removal#how-to-remove

BDTool to remove
http://www.bdtools.net/


-----------------------------------------------

Run the Microsoft Malicious Removal Tool, Scan with Malwarebytes and run Prevx to be sure it is gone. (If needed 
use UnHackMe below.) 

Start - type in Search box -> MRT  find at top of list - Right Click on it - RUN AS ADMIN.

You should be getting this tool and its updates via Windows Updated - if needed you can download it here.

Download - SAVE - go to where you out it - Right Click on it - RUN AS ADMIN
(Then run MRT as above.)

Microsoft Malicious Removal Tool - 32 bit
http://www.microsoft.com/downloads/details.aspx?FamilyID=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

Microsoft Malicious Removal Tool - 64 bit
http://www.microsoft.com/downloads/details.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

--------------
Run these :

Malwarebytes - an on-demand scanner - update on Updates tab and run when ever you suspect malware.
http://www.malwarebytes.org/

also install Prevx to be sure it is all gone.

Prevx - Home - Free - small, fast, exceptional CLOUD protection, works with other security programs. This is
a scanner only, VERY EFFECTIVE, if it finds something come back here or use Google to see how to remove. 
http://www.prevx.com/

PCmag - Prevx - Editor's Choice
http://www.pcmag.com/article2/0,2817,2346862,00.asp

--------------------------------------------

Here are some online free scanners to help if needed (skip if not) :

http://www.eset.com/onlinescan/

New Vista and Windows 7 version
http://onecare.live.com/site/en-us/center/whatsnew.htm

Original version
http://onecare.live.com/site/en-us/default.htm

http://www.kaspersky.com/virusscanner

Other Free online scans
http://www.google.com/search?hl=en&source=hp&q=antivirus+free+online+scan&aq=f&oq=&aqi=g1

--------------------------------------------

Also do these to cleanup general corruption.

Run DiskCleanup - Start - All Programs - Accessories - System Tools - Disk Cleanup

Start - type this in Search Box ->  COMMAND   find at top and RIGHT CLICK  -  RUN AS ADMIN

Enter this at the prompt - sfc /scannow

How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program
generates in Windows Vista cbs.log
http://support.microsoft.com/kb/928228


Run checkdisk - schedule it to run at next start and then Apply OK your way out then restart.

How to Run Check Disk at Startup in Vista
http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html

-------------------------------------------------

Run Malwarebytes when you can.

IE - Tools - Internet Options - Advanced Tab - click Restore then click Reset - Apply / OK

IE - Tools - Internet Options - Security - Reset all Zones to default level - Apply / OK

Close IE

IE - Tools - Manage Addons (for sure disable SSV2 if it is there, this is no longer needed but Java still installs it
and it causes issues - you ever update Java go back in and disable it again.) Look for other possible problems.

Windows Defender - Tools - Software Explorer - look for issues with programs that do not look right. Permitted
are usually OK and "not permitted" are not always bad. If in doubt about a program ask about it here.

Could be a BHO - BHOremover - Free - standalone program, needs no install, download and run - not all
are bad however some can cause your issue. (Toolbars are BHO's)
http://securityxploded.com/bhoremover.php

Startup Programs
http://www.vistax64.com/tutorials/79612-startup-programs-enable-disable.html


Be sure to do this :

Logon as Admin

Start - type in Search box ->   COMMAND   - find on list above - RIGHT CLICK - RUN AS ADMIN

Enter each of these one at a time and hit enter after each

ipconfig /flushdns

nbtstat -R

nbtstat -RR

netsh int reset all

netsh int ip reset

netsh winsock reset

Reboot
------------------------------------------------------

Here are some for rootkits if they were an issue :

SpyDLL Remover - Free
http://securityxploded.com/spydllremover.php

Advanced Windows Service Manager
http://securityxploded.com/winservicemanager.php

Run Rootkit Revealer - Free
http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

UnHackme - trial 5.5 or later
http://www.greatis.com/unhackme/

This tells you how to use UnHackme and has a link to version 2.5 -use it as a guideline with
the current version available as above is 5.5 or later
http://safecomputing.umn.edu/guides/scan_unhackme.html

IceSword - Free
http://www.antirootkit.com/software/IceSword.htm
Instructions and Pictorial
http://securityxploded.com/icesword.php
Tutorial for using IceSword
http://translate.google.com/translate?hl=en&sl=zh-CN&u=http://soft.zol.com.cn/2004/0803/145163.shtml&prev=/search%3Fq%3Dicesword%26hl%3Den%26lr%3D

Revo Uninstaller - Free
http://www.revouninstaller.com/

Hope this helps.


Rob - Bicycle - Mark Twain said it right.
Rob Brown - Microsoft MVP - Windows Expert - Consumer : Bicycle - Mark Twain said it right.
Thomas is cool
Found this helpful 0
Thomas is cool replied on

Reply

Try downloading macafe! (If haven't done!)
T.Laptop