cancel
Showing results for 
Search instead for 
Did you mean: 
cyberpro
Level 7

W32/Conficker.worm!inf

Jump to solution

Hello All,

I did a scan on one of the drives and got the following results (please see attached snapshot). I am assuming that these are some remnants left and not the actual Conficker Worm, correct? So, I should not be worried about this existing as well, right? Kindly advise,

Thanks,

Cyberpro

0 Kudos
1 Solution

Accepted Solutions
secured2k
Level 11

Re: W32/Conficker.worm!inf

Jump to solution

CyberPro:

You should expect an automated response within 24 hours of the submission and if the detection needs to be escalated, a follow up and resolution within 72 hours.

Some of the viruses out there are designed specifically to evade detection by antivirus products. MalwareBytes is also not designed to detect these kinds of viruses, but rather what most AntiViruses will miss. Conficker has plenty of attention from the AntiVirus companies so I don't think it would be as useful in detecting and removing Conficker variants.

If you need a quick ~5 minute second opinion to see if a file is detected by name as something bad by MANY different AntiVirus vendors, I suggest submitting the file to VirusTotal. Submissions to VirusTotal eventually make their way to all the antivirus companies as well.

http://www.VirusTotal.com/

Finally, there are 3 other antivirus engines I would suggest to try for a second opinion in the case you have already scanned with McAfee but think there might be an error or still an unknown infection. These other scanners use different engines and databases that may detect some malware better (usually less than 5% difference in detection).

These solutions are free and can be used as a stand alone scanner along with your existing security solution when a clean up is needed.

Kaspersky should be uninstalled when done.

A Squared - Ikarus AntiVirus engine and A-Squared AntiSpyware checks - http://www.emsisoft.com/en/software/free/

ESET Online Scanner - NOD32 AntiMalware engine - http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

Kaspersky Virus Removal Tool - Kaspersky AntiMalware engine - http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

Message was edited by: Mark (secured2k) on 5/12/10 2:21:15 PM EDT
0 Kudos
6 Replies
cyberpro
Level 7

Re: W32/Conficker.worm!inf

Jump to solution

So, can somebody tell if this is a real infection here or false positive (Artemis side)?

Thanks,

Cyberpro

0 Kudos
secured2k
Level 11

Re: W32/Conficker.worm!inf

Jump to solution

Hello CyberPro,

I received your message and reviewed the attached screenshot.

You should attempt to submit the Artemis detection as it follows the characteristics (location and filename) of the associated Conficker worm.

McAfee Submit a Sample -> http://vil.nai.com/vil/submit-sample.aspx

It is possible that the virus is inactive as a Microsoft patch would prevent the host computer from automatically running the commands in the .inf file. However, older unpatched systems accessing the drive or network location or a accidental wrong click could easily activate this virus again. This virus has many ways to spread and update itself to new versions so I would suggest you disconnect from the network and attempt to clean the machine in safe mode if a repair in normal mode fails.

Enabling VirusScan Enterprise's Access Protection rules for Outbreak control can also help if the virus is active.

0 Kudos
cyberpro
Level 7

Re: W32/Conficker.worm!inf

Jump to solution

Thanks Mark for the valuable feedback! So, I did scan the system with other products (Malwarebytes and Symantec), and nothing was reported back. That's why I was kind of trying to analyze if this is a real threat at present or not. It's a bit confusing here seeing different results from different vendors. How long will it take to get a final answer after submitting the sample to McAfee (from experience)? I just need to put a final report and highlight the future actions as a result of this analysis. Appreciate the help here!

Regards,

Cyberpro

0 Kudos
secured2k
Level 11

Re: W32/Conficker.worm!inf

Jump to solution

CyberPro:

You should expect an automated response within 24 hours of the submission and if the detection needs to be escalated, a follow up and resolution within 72 hours.

Some of the viruses out there are designed specifically to evade detection by antivirus products. MalwareBytes is also not designed to detect these kinds of viruses, but rather what most AntiViruses will miss. Conficker has plenty of attention from the AntiVirus companies so I don't think it would be as useful in detecting and removing Conficker variants.

If you need a quick ~5 minute second opinion to see if a file is detected by name as something bad by MANY different AntiVirus vendors, I suggest submitting the file to VirusTotal. Submissions to VirusTotal eventually make their way to all the antivirus companies as well.

http://www.VirusTotal.com/

Finally, there are 3 other antivirus engines I would suggest to try for a second opinion in the case you have already scanned with McAfee but think there might be an error or still an unknown infection. These other scanners use different engines and databases that may detect some malware better (usually less than 5% difference in detection).

These solutions are free and can be used as a stand alone scanner along with your existing security solution when a clean up is needed.

Kaspersky should be uninstalled when done.

A Squared - Ikarus AntiVirus engine and A-Squared AntiSpyware checks - http://www.emsisoft.com/en/software/free/

ESET Online Scanner - NOD32 AntiMalware engine - http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

Kaspersky Virus Removal Tool - Kaspersky AntiMalware engine - http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

Message was edited by: Mark (secured2k) on 5/12/10 2:21:15 PM EDT
0 Kudos
nchattop
Level 12

Re: W32/Conficker.worm!inf

Jump to solution

Hi Cyberpro,

The file received is infected and can be detected and removed with our current DAT files and engine. It is recommended that you update your DAT and engine files and scan your computer again.                                                                

File Name: jwgkvsq.vmx           

Detection: w32/conficker.worm.gen.a                            

To find detailed information about viruses and other malware, please review McAfee Labs' Virus Information Library:                                                     

http://vil.mcafeesecurity.com                                                        

You may wish to submit future malware samples to:                                    

https://www.webimmune.net/default.asp

Use the following links to reach online technical support for McAfee products -      

Corporate Customers:                                                                 

http://www.mcafeesecurity.com/us/support/                                            

Single User/Retail Customers:                                                        

http://www.mcafeehelp.com                                                            

Regards

Neha C

0 Kudos
cyberpro
Level 7

Re: W32/Conficker.worm!inf

Jump to solution

Hi Mark and Neha,

Thanks very much for your support and for the given valuable information ! I have some directions at least now, and will be following these instructions in order to have the infections removed from the system.

Best Regards,

Cyberpro

0 Kudos