Jump to content

does MBAM remove Confiker/Downadup?


Recommended Posts

First let me say thank you to all the makers/contributors to Mbam. As a support Tech for OSU, I use Mbam daily to clean these silly college kids' computers and it works every time. I've only come across two infections so far that Mbam has not completely removed, and they were rootkits that I removed fine with a quick ComboFix. Again, thank you all for making such a terrific product.

So, I'm hearing a lot about this Confiker/Downadup worm lately and was wondering if Mbam can remove it? I seem to remember seeing Confiker once on a machine I was working on, and I'm pretty sure Mbam removed it, but I can;t remember for sure. Since this worm seems to be able to spread through careless use of USB sticks and the Autorun feature in Windows (and we have students working for us) I wanted to ask to make sure if Mbam can detect/remove this.

Thanks for all your hard work mbam-ers!

Link to post
Share on other sites
First let me say thank you to all the makers/contributors to Mbam. As a support Tech for OSU, I use Mbam daily to clean these silly college kids' computers and it works every time. I've only come across two infections so far that Mbam has not completely removed, and they were rootkits that I removed fine with a quick ComboFix. Again, thank you all for making such a terrific product.

So, I'm hearing a lot about this Confiker/Downadup worm lately and was wondering if Mbam can remove it? I seem to remember seeing Confiker once on a machine I was working on, and I'm pretty sure Mbam removed it, but I can;t remember for sure. Since this worm seems to be able to spread through careless use of USB sticks and the Autorun feature in Windows (and we have students working for us) I wanted to ask to make sure if Mbam can detect/remove this.

Thanks for all your hard work mbam-ers!

Hey. Yup, I recently wondered about that too. Well, I looked it up on MalwareNET on malwarebytes.org and discovered in the database "Worm.Conficker." So, I think it's safe to assume that MBAM is able to remove it.

Link to post
Share on other sites
Hey. Yup, I recently wondered about that too. Well, I looked it up on MalwareNET on malwarebytes.org and discovered in the database "Worm.Conficker." So, I think it's safe to assume that MBAM is able to remove it.

Bruce didn't tell me if it could or not, but he did say that they are working on new heuristics to ensure that MBAM can detect not only all previous variants of Conficker, but all future ones as well.

Since Bruce isn't handing out status updates on the definitions, and every moment I'm pestering him for info is taking him away from getting things added to the database, I'll leave him alone for now. :)

Link to post
Share on other sites

Isn't this worm already completely disabled (or at least the vulnerability it exploits) by an MS update released in October?:

http://en.wikipedia.org/wiki/Conficker

http://www.microsoft.com/technet/security/...n/MS08-067.mspx

note: Vista and Server 2008 users are apparently immune to this one (that vulnerability in the Server service is absent in those 2 OS's).

Link to post
Share on other sites
Isn't this worm already completely disabled (or at least the vulnerability it exploits) by an MS update released in October?:

http://en.wikipedia.org/wiki/Conficker

http://www.microsoft.com/technet/security/...n/MS08-067.mspx

note: Vista and Server 2008 users are apparently immune to this one (that vulnerability in the Server service is absent in those 2 OS's).

yes, the vulnerabilty it exploits is closed by that patch, but since the device can spread to machines via USB/autorun and bruteforcing through admin shares, it's still a worry - just less of one. having MS08-067 applied and up to date AV should insulate you pretty well, and of course strong passwords as usual.

from the wiki page:

Since the virus can spread via USB drives that trigger AutoRun, disabling the AutoRun feature for external media through modifying the Windows Registry is recommended.[13] While Microsoft has released patches for the later Windows XP Service Packs 2 and 3 and Windows 2000 and Vista, it has not released any patch for Windows XP Service Pack 1 or earlier versions, as the support period for these service packs has expired.

In addition, the worm launches a brute-force dictionary attack against administrator passwords to help it spread through ADMIN$ shares, making choice of sensible passwords advisable.[14]

Link to post
Share on other sites
... I have the server service and file and print sharing as well as default shares disabled anyway, of course most users do not.

Yea, most people have no idea. PC manufacturers need to package a booklet with new computers explaining basic PC security, because the average user gets no training at all when it comes to using a computer.

Link to post
Share on other sites
Isn't this worm already completely disabled (or at least the vulnerability it exploits) by an MS update released in October?:

http://en.wikipedia.org/wiki/Conficker

http://www.microsoft.com/technet/security/...n/MS08-067.mspx

note: Vista and Server 2008 users are apparently immune to this one (that vulnerability in the Server service is absent in those 2 OS's).

Yeah, I knew MS says they fixed it with the patch, but I have my doubts about the consistent accuracy of MS documentation. Also, working on a college campus you get to see a lot of students who have no idea that they should run updates. Just yesterday I had a user with 0 service packs for XP. Guy had just re-installing from having his system hosed by all sorts of malware and never bothered to run any updates at all. Them he comes to us to clean his laptop once more after gettign another virus two days after reinstalling. Ridiculous.

Link to post
Share on other sites
... Them he comes to us to clean his laptop once more after gettign another virus two days after reinstalling. Ridiculous.

It took 2 days? With no Service Packs the guy is lucky he lasted 30 seconds...

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.