Conficker Worm Test

July 14th, 2009 | by Admin |

Conficker Worm Test

 Reports that the Conficker computer worm is “now parading as an anti-virus program called Spyware Protect 2009. The worm takes users to a fake security Web site, asks them to pay $50 for a spyware program that actually is the Conficker worm, then keeps your credit card information to boot.”

Symptoms of infection:

  • You can’t go to any security Web sites, such as Trend Micro, Symantec or McAfee.
  • If you try to power down your computer and it doesn’t want to.

If your computer is infected:
Using an uninfected computer, download Conficker Removal Tool from Symantec’s Website. Install and run the tool in the infected system. Note: If you have an Apple computer, chances are you’re not infected.

Here’s an easy test you could do on your own to see if your computer is infected. If you arrived at this page and

  • can see all 6 logos below, you don’t have it. If you can’t see some of them, that’s a red flag.
  • if you click on each of the top 3 logos and they all open the security Websites, your computer is OK. If any of the logos fail to open the links, that’s another red flag.

Read the explanation below to determine the health of your computer. (This is adopted from the Conficker Working Group, for those of you wary of unfamiliar Websites.)

How to interpret:

If you see this above: It probably means this:
= Normal/Not Infected by Conficker (or using proxy)
= Possibly Infected by Conficker (C variant or greater)
= Possibly Infected by Conficker A/B variant
= Image loading turned off in browser?
Any other combination = Poor Internet connection?


Conficker (aka Downadup, Kido) is known to block access to over 100 anti-virus and security websites.

If you are blocked from loading the remote images in the first row of the top table above (AV/security sites) but not blocked from loading the remote images in the second row (websites of alternative operating systems) then your Windows PC may be infected by Conficker (or some other malicious software).

If you can see all six images in both rows of the top table, you are either not infected by Conficker, or you may be using a proxy server, in which case you will not be able to use this test to make an accurate determination, since Conficker will be unable to block you from viewing the AV/security sites.

F-Secure and the F-Secure Logo are trademarks of F-Secure Corporation.
SecureWorks and the SecureWorks Logo are registered trademarks of SecureWorks Inc.
Trend Micro and the T-Ball logo are trademarks or registered trademarks of Trend Micro Inc.

Post a Comment