Conficker.... suddenly it becomes clear. I know an organisation that was infected, and they ended up spending 2 weeks with a Microsoft consultant to clear everything up. The problem is that it spreads too quickly, so when you clear a PC and move on to the next, it re-infects the first one. Silly old Microsoft.
So, if they upgraded their PCs too.... makes perfect sense. I wouldn't have binned the old ones though, I'd have wiped the HDDs and sold them or given them away.
This thread is disappointing. So much hate. Hate leads to fear, and fear leads to the dark side.
Anyway. Conflicker. Nasty. Simple. Old. A clean up is not easy, but conflicker requires some bad baselines to be operating for it to get through and thrive. If you fix the baseline issues, the clean up can follow. A clean susyem thats updated properly isn't infectable via conflicker. So frankly a system sorted put back in should be fine. You'll obviously have to do this step by step and yes, there is a price. Mos
Anyway. Conflicker. Nasty. Simple. Old. A clean up is not easy
Are you saying that Conficker is one of those nasty bios-viruses that survive step one of any serious virus cleaning?
1. format or fdisk. If you're using MS standard tools, don't forget fdisk/mbr. 2. reinstall. Each step of course has to be done from clean media (e.g. a bootable cd).
No, conflicker has worm elements. So, the hard part of the clean up is not per se an individual machine. Its that you need to solve the baseline problems that allow conflicker to do its thing.
Re-installing 'stuff' won't make this go away. Doing it wrong just reinfects the machine. So, as I said, what has to be done is the cause and baselines that allow conflicker to replicate have to be solved (harder part) - and then machines with good baselines go through clean up and go back on the network (easier part..)
http://support.microsoft.com/kb/962007 [microsoft.com] Any tech learning about conflicker can read about it, and start to understand what needs to be fixed. Patch, correct password weakenesses, stop autorun etc etc. Today, this is somewhat simple as a lot of tools and detection tools exist.
People in threat waving around Fdisk and re-install media saying 'they could fix this' - probably in fact are clueless and need to understand the problems involved. Conflicker breeds off poor security and bad baselines. Thats how it gets in. Thats how it replicates. Thats how it hangs around and re-infects.
Or just, you know, unplugging the network cable of any machines not known to be clean until you're ready to take care of them. Downtime is still less than throwing them in the trash.
I've built Windows XP install media with SP3 and all possible patches slipstreamed in (on DVD, but it still worked), then a supplemental CD with non-slippable updates (IE8,.NET, all that stuff). It's possible to install, offline, an XP machine with all updates applied to it in two reboots after the base install. Windows 7 is even easier since you just build a custom.wim file and replace the default install.wim with your custom one and bam. Nothing is unslippable in Win7.
Aww, you're fighting the Windows haters with an insightful post. Heroic, but ultimately not effective. It's like saying "milk is good" to the notmilk.com crowd.
I didn't know such a place exists. Who doesn't like milk and cookies, cereal, chai tea, chocolate milk? Man, fuck them. Y'know it's not like anyone is forcing them to drink milk. And cows like it because they get sore if they aren't milked. In fact, modern dairy farms have milking carousel so when the cows decide they need a milking, they hop on and get cleaned, and hop off when it's done. All they have to do is eat and socialize, Mooooooo.
He does have a point, you can save time making custom windows images.
Except for the fact that on the other side of the fence, slipstreaming all the latest updates into an easy to use install image has been standard operating procedure pretty much the whole time...
Well to give Microsoft a little credit, easy to use install images have been the norm since at least Windows Vista (around 2006). There's still no good reason why this wasn't the case with XP/2000 also though.
Where did I advocate buying new machines? I didn't.
But to answer you dubious point, new machines nominally don't have some (but not all of it is answered so simply, weak passwords for example remain a problem unless that is addressed..) the bad baselines.
I believe the difficulty you ascribe to the removal task is unfounded. Especially the assertion that people HERE would have a hard time. Seriously, a bootable OS with an AV on it, and you've got the name-> google and BAM you know exactly what you're dealing with.
Most of us with non-technical friends have probably removed it once or twice years ago. Yet you say "most of you guys won't even have a clue, why you would have to read a Microsoft article! That requires mad skillz."
I believe the difficulty you ascribe to the removal task is unfounded. Especially the assertion that people HERE would have a hard time. Seriously, a bootable OS with an AV on it, and you've got the name-> google and BAM you know exactly what you're dealing with.
Most of us with non-technical friends have probably removed it once or twice years ago. Yet you say "most of you guys won't even have a clue, why you would have to read a Microsoft article! That requires mad skillz."
OK, here is what I believe. 1. You're an idiot. There. I said it. 2. Go re-read my actual input. Then re-read it until you get it. 3. People HERE in the main - in this thread have talked bollocks. I think a level well below 50% have some idea of what they deal with, the rest are the idiot majority. 4. Cleaning up conflicker off a single machine re your none technical friends is totally irrelevant. And thats before I smash you over the head and point you at baselines. What the *fuck* is the point in walking roun
"Today's robots are very primitive, capable of understanding only a few
simple instructions such as 'go left', 'go right', and 'build car'."
--John Sladek
Money well spent (Score:5, Insightful)
If its 130,000 euros to fix a virus infection and 187300 to upgrade AND fix the virus infection, then you may as well upgrade.
The real problem here is the 130,000 euros to fix a virus infection.
Re: (Score:5, Interesting)
Conficker.... suddenly it becomes clear. I know an organisation that was infected, and they ended up spending 2 weeks with a Microsoft consultant to clear everything up. The problem is that it spreads too quickly, so when you clear a PC and move on to the next, it re-infects the first one. Silly old Microsoft.
So, if they upgraded their PCs too.... makes perfect sense. I wouldn't have binned the old ones though, I'd have wiped the HDDs and sold them or given them away.
Re: (Score:4, Interesting)
This thread is disappointing. So much hate. Hate leads to fear, and fear leads to the dark side.
Anyway. Conflicker. Nasty. Simple. Old. A clean up is not easy, but conflicker requires some bad baselines to be operating for it to get through and thrive. If you fix the baseline issues, the clean up can follow. A clean susyem thats updated properly isn't infectable via conflicker. So frankly a system sorted put back in should be fine. You'll obviously have to do this step by step and yes, there is a price. Mos
Re: (Score:0)
Are you saying that Conficker is one of those nasty bios-viruses that survive step one of any serious virus cleaning?
1. format or fdisk. If you're using MS standard tools, don't forget fdisk /mbr.
2. reinstall.
Each step of course has to be done from clean media (e.g. a bootable cd).
Re:Money well spent (Score:4, Interesting)
No, conflicker has worm elements. So, the hard part of the clean up is not per se an individual machine. Its that you need to solve the baseline problems that allow conflicker to do its thing.
Re-installing 'stuff' won't make this go away. Doing it wrong just reinfects the machine.
So, as I said, what has to be done is the cause and baselines that allow conflicker to replicate have to be solved (harder part) - and then machines with good baselines go through clean up and go back on the network (easier part..)
http://support.microsoft.com/kb/962007 [microsoft.com]
Any tech learning about conflicker can read about it, and start to understand what needs to be fixed. Patch, correct password weakenesses, stop autorun etc etc. Today, this is somewhat simple as a lot of tools and detection tools exist.
People in threat waving around Fdisk and re-install media saying 'they could fix this' - probably in fact are clueless and need to understand the problems involved. Conflicker breeds off poor security and bad baselines. Thats how it gets in. Thats how it replicates. Thats how it hangs around and re-infects.
Re: (Score:2)
Or just, you know, unplugging the network cable of any machines not known to be clean until you're ready to take care of them. Downtime is still less than throwing them in the trash.
Re: (Score:3)
Re: (Score:2)
Aww, you're fighting the Windows haters with an insightful post. Heroic, but ultimately not effective. It's like saying "milk is good" to the notmilk.com crowd.
Re: (Score:2)
I didn't know such a place exists. Who doesn't like milk and cookies, cereal, chai tea, chocolate milk? Man, fuck them. Y'know it's not like anyone is forcing them to drink milk. And cows like it because they get sore if they aren't milked. In fact, modern dairy farms have milking carousel so when the cows decide they need a milking, they hop on and get cleaned, and hop off when it's done. All they have to do is eat and socialize, Mooooooo.
Re: (Score:2)
He does have a point, you can save time making custom windows images.
Except for the fact that on the other side of the fence, slipstreaming all the latest updates into an easy to use install image has been standard operating procedure pretty much the whole time...
Re: (Score:2)
Re: (Score:2)
You have a firewall or IPS on every single PC? It's being reinfected from other machines within the organization (as in, the same LAN segment)
Re: (Score:2)
Yeah, no infection. Sadly no working system either.
Fail. Go away.
New machines (Score:1)
People in threat waving around Fdisk and re-install media saying 'they could fix this
And just buying new machines solves those issues how?
Re: (Score:2)
Where did I advocate buying new machines?
I didn't.
But to answer you dubious point, new machines nominally don't have some (but not all of it is answered so simply, weak passwords for example remain a problem unless that is addressed..) the bad baselines.
Re: (Score:2)
I believe the difficulty you ascribe to the removal task is unfounded. Especially the assertion that people HERE would have a hard time. Seriously, a bootable OS with an AV on it, and you've got the name-> google and BAM you know exactly what you're dealing with.
Most of us with non-technical friends have probably removed it once or twice years ago. Yet you say "most of you guys won't even have a clue, why you would have to read a Microsoft article! That requires mad skillz."
Re: (Score:2)
I believe the difficulty you ascribe to the removal task is unfounded. Especially the assertion that people HERE would have a hard time. Seriously, a bootable OS with an AV on it, and you've got the name-> google and BAM you know exactly what you're dealing with.
Most of us with non-technical friends have probably removed it once or twice years ago. Yet you say "most of you guys won't even have a clue, why you would have to read a Microsoft article! That requires mad skillz."
OK, here is what I believe.
1. You're an idiot. There. I said it.
2. Go re-read my actual input. Then re-read it until you get it.
3. People HERE in the main - in this thread have talked bollocks. I think a level well below 50% have some idea of what they deal with, the rest are the idiot majority.
4. Cleaning up conflicker off a single machine re your none technical friends is totally irrelevant. And thats before I smash you over the head and point you at baselines. What the *fuck* is the point in walking roun