{"id":31,"date":"2009-07-14T07:00:52","date_gmt":"2009-07-14T14:00:52","guid":{"rendered":"http:\/\/lvit.com\/lvitblog\/?p=31"},"modified":"2009-07-14T07:00:52","modified_gmt":"2009-07-14T14:00:52","slug":"conficker-worm-test","status":"publish","type":"post","link":"http:\/\/lvit.com\/lvitblog\/conficker-worm-test\/","title":{"rendered":"Conficker Worm Test"},"content":{"rendered":"<h2 id=\"post-3072\">Conficker Worm Test<\/h2>\n<div>\u00a0Reports that the Conficker computer worm is \u201cnow parading as an anti-virus program called Spyware Protect 2009. The worm takes users to a fake security Web site, asks them to pay $50 for a spyware program that actually is the Conficker worm, then keeps your credit card information to boot.\u201d<\/div>\n<div>\n<p><span style=\"color: #ff0000;\"><strong>Symptoms of infection:<\/strong><\/span><\/p>\n<ul>\n<li>You can\u2019t go to any security Web sites, such as Trend Micro, Symantec or McAfee.<\/li>\n<li>If you try to power down your computer and it doesn\u2019t want to.<\/li>\n<\/ul>\n<p><span style=\"color: #ff0000;\"><strong>If your computer is infected:<\/strong><\/span><br \/>\n<span style=\"letter-spacing: 0em;\">Using an uninfected computer, download Conficker Removal Tool from <a title=\"Symantec's Conficker Removal Tool\" href=\"http:\/\/www.symantec.com\/security_response\/writeup.jsp?docid=2009-011316-0247-99\" target=\"_blank\">Symantec\u2019s Website<img decoding=\"async\" id=\"snap_com_shot_link_icon\" style=\"background-image: url(http:\/\/i.ixnp.com\/images\/v3.89.0.1\/theme\/ice\/palette.gif); position: static; min-width: 0px; padding-bottom: 0px; line-height: normal; background-color: transparent; font-style: normal; margin: 0px; min-height: 0px; padding-left: 0px; width: 14px; padding-right: 0px; display: inline; background-repeat: no-repeat; font-family: 'trebuchet ms', arial, helvetica, sans-serif; max-width: 2000px; background-position: -943px 0px; float: none; height: 12px; visibility: visible; max-height: 2000px; vertical-align: top; top: auto; font-weight: normal; text-decoration: none; padding-top: 1px; left: auto; cssfloat: none; border: 0px;\" src=\"http:\/\/i.ixnp.com\/images\/v3.89.0.1\/t.gif\" alt=\"\" \/><\/a>.<\/span> Install and run the tool in the infected system. <em>Note: If you have an Apple computer, chances are you\u2019re not infected.<\/em><\/p>\n<p><span style=\"color: #ff0000;\"><strong>Self-test<\/strong><\/span><br \/>\nHere\u2019s an easy test you could do on your own to see if your computer is infected. If you arrived at this page and<\/p>\n<ul>\n<li>can see all 6 logos below, you don\u2019t have it. If you can\u2019t see some of them, that\u2019s a <span style=\"color: #ff0000;\"><strong>red<\/strong><\/span> flag.<\/li>\n<li>if you click on each of the top 3 logos and they all open the security Websites, your computer is OK. If any of the logos fail to open the links, that\u2019s another <strong><span style=\"color: #ff0000;\">red<\/span><\/strong> flag.<\/li>\n<\/ul>\n<p><strong><span style=\"color: #ff0000;\">Read the explanation below to determine the health of your computer<\/span>.<\/strong> (This is adopted from the <a title=\"Conficker Working Group\" href=\"http:\/\/www.confickerworkinggroup.org\/\" target=\"_blank\">Conficker Working Group<img decoding=\"async\" id=\"snap_com_shot_link_icon\" style=\"background-image: url(http:\/\/i.ixnp.com\/images\/v3.89.0.1\/theme\/ice\/palette.gif); position: static; min-width: 0px; padding-bottom: 0px; line-height: normal; background-color: transparent; font-style: normal; margin: 0px; min-height: 0px; padding-left: 0px; width: 14px; padding-right: 0px; display: inline; background-repeat: no-repeat; font-family: 'trebuchet ms', arial, helvetica, sans-serif; max-width: 2000px; background-position: -943px 0px; float: none; height: 12px; visibility: visible; max-height: 2000px; vertical-align: top; top: auto; font-weight: normal; text-decoration: none; padding-top: 1px; left: auto; cssfloat: none; border: 0px;\" src=\"http:\/\/i.ixnp.com\/images\/v3.89.0.1\/t.gif\" alt=\"\" \/><\/a>, for those of you wary of unfamiliar Websites.)<\/p>\n<table style=\"margin-top: 10px; border-spacing: 3px; border: blue 3px outset;\" border=\"0\" cellspacing=\"3\" cellpadding=\"3\" width=\"545\">\n<tbody>\n<tr>\n<td style=\"margin-bottom: 0px; vertical-align: middle; border: red 3px inset;\"><a href=\"http:\/\/www.f-secure.com\/\"><img decoding=\"async\" style=\"margin-bottom: 0px;\" src=\"http:\/\/www.f-secure.com\/export\/system\/fsgalleries\/thumbnails\/thumbnails_112xN\/FSC_logo_pos_112x128.jpg\" border=\"0\" alt=\"\" width=\"113\" align=\"center\" \/><\/a><\/td>\n<td style=\"vertical-align: middle; border: red 3px inset;\"><a href=\"http:\/\/www.secureworks.com\/\"><img decoding=\"async\" style=\"margin-bottom: 0px;\" src=\"http:\/\/www.secureworks.com\/images\/headerlogo.gif\" border=\"0\" alt=\"\" width=\"239\" align=\"center\" \/><\/a><\/td>\n<td style=\"vertical-align: middle; border: red 3px inset;\"><a href=\"http:\/\/www.trendmicro.com\/\"><img decoding=\"async\" style=\"margin-bottom: 0px;\" src=\"http:\/\/us.trendmicro.com\/images\/common\/LogoTrendMicro_3d.gif\" border=\"0\" alt=\"\" width=\"121\" align=\"center\" \/><\/a><\/td>\n<\/tr>\n<tr>\n<td style=\"vertical-align: middle; border: red 3px inset;\"><a href=\"http:\/\/www.openbsd.org\/\"><img decoding=\"async\" src=\"http:\/\/www.confickerworkinggroup.org\/infection_test\/openbsd.jpg\" border=\"0\" alt=\"\" width=\"117\" align=\"middle\" \/><\/a><\/td>\n<td style=\"vertical-align: middle; border: red 3px inset;\"><a href=\"http:\/\/www.linux.org\/\"><img decoding=\"async\" style=\"margin-top: 4px; margin-bottom: 4px; margin-left: 70px;\" src=\"http:\/\/www.confickerworkinggroup.org\/infection_test\/linux.png\" border=\"0\" alt=\"\" width=\"113\" \/><\/a><\/td>\n<td style=\"vertical-align: middle; border: red 3px inset;\"><a href=\"http:\/\/www.freebsd.org\/\"><img loading=\"lazy\" decoding=\"async\" style=\"margin: 4px 0px;\" src=\"http:\/\/www.confickerworkinggroup.org\/infection_test\/freebsd.png\" border=\"0\" alt=\"\" width=\"123\" height=\"134\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p style=\"font-size: 2em;\">How to interpret:<\/p>\n<table style=\"text-align: center;\" border=\"2\" cellspacing=\"3\" cellpadding=\"3\" width=\"545\" bordercolor=\"#c0c0c0\">\n<tbody>\n<tr>\n<td style=\"font-size: 1.5em;\" width=\"208\">If you see this above:<\/td>\n<td style=\"font-size: 1.5em;\" width=\"369\">It probably means this:<\/td>\n<\/tr>\n<tr>\n<td width=\"208\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/www.confickerworkinggroup.org\/infection_test\/chartnormal.jpg\" border=\"0\" alt=\"\" width=\"208\" height=\"113\" align=\"middle\" \/><\/td>\n<td style=\"text-align: left; vertical-align: middle;\" width=\"369\"><span style=\"color: #008000;\"><strong>= Normal\/Not Infected by Conficker (or using proxy)<\/strong><\/span><\/td>\n<\/tr>\n<tr>\n<td width=\"208\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/www.confickerworkinggroup.org\/infection_test\/chartinfected.jpg\" border=\"0\" alt=\"\" width=\"208\" height=\"113\" align=\"middle\" \/><\/td>\n<td style=\"text-align: left; vertical-align: middle;\" width=\"369\"><span style=\"color: #ff0000;\"><strong>= Possibly Infected by Conficker (C variant or greater)<\/strong><\/span><\/td>\n<\/tr>\n<tr>\n<td width=\"208\" height=\"78\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/www.confickerworkinggroup.org\/infection_test\/chartinfected-ab.jpg\" border=\"0\" alt=\"\" width=\"208\" height=\"113\" align=\"middle\" \/><\/td>\n<td style=\"text-align: left; vertical-align: middle;\" width=\"369\"><span style=\"color: #ff0000;\"><strong>= Possibly Infected by Conficker A\/B variant<\/strong><\/span><\/td>\n<\/tr>\n<tr>\n<td width=\"208\" height=\"66\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/www.confickerworkinggroup.org\/infection_test\/chartdisabled.jpg\" border=\"0\" alt=\"\" width=\"208\" height=\"113\" align=\"middle\" \/><\/td>\n<td style=\"text-align: left; vertical-align: middle;\" width=\"369\"><strong><span style=\"color: #ff6600;\">= Image loading turned off in browser?<\/span><\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center; font-size: 1.25em; vertical-align: middle;\" width=\"208\"><strong>Any other combination<\/strong><\/td>\n<td style=\"text-align: left; vertical-align: middle;\" width=\"369\"><strong><span style=\"color: #ff6600;\">= Poor Internet connection?<\/span><\/strong><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p style=\"font-size: 2em;\">Explanation:<\/p>\n<p><span style=\"font-size: 1.1em;\"><strong>Conficker<\/strong> (aka <em>Downadup, Kido<\/em>) is known to block access to over 100 anti-virus and security websites.<\/span><\/p>\n<p>If you are blocked from loading the remote images in the first row of the top table above (AV\/security sites) but not blocked from loading the remote images in the second row (websites of alternative operating systems) then your Windows PC may be infected by Conficker (or some other malicious software).<\/p>\n<p>If you can see all six images in both rows of the top table, you are either not infected by Conficker, or you may be using a proxy server, in which case you will not be able to use this test to make an accurate determination, since Conficker will be unable to block you from viewing the AV\/security sites.<\/p>\n<p><span style=\"font-size: 0.9em;\"><em>F-Secure and the F-Secure Logo are trademarks of F-Secure Corporation.<br \/>\nSecureWorks and the SecureWorks Logo are registered trademarks of SecureWorks Inc.<br \/>\nTrend Micro and the T-Ball logo are trademarks or registered trademarks of Trend Micro Inc.<\/em><\/span><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Conficker Worm Test \u00a0Reports that the Conficker computer worm is \u201cnow parading as an anti-virus program called Spyware Protect 2009. The worm takes users to a fake security Web site, asks them to pay $50 for a spyware program that actually is the Conficker worm, then keeps your credit card information to boot.\u201d Symptoms of [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-31","post","type-post","status-publish","format-standard","hentry","category-virus-removal"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Conficker Worm Test - lvit.com<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/lvit.com\/lvitblog\/conficker-worm-test\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Conficker Worm Test - lvit.com\" \/>\n<meta property=\"og:description\" content=\"Conficker Worm Test \u00a0Reports that the Conficker computer worm is \u201cnow parading as an anti-virus program called Spyware Protect 2009. The worm takes users to a fake security Web site, asks them to pay $50 for a spyware program that actually is the Conficker worm, then keeps your credit card information to boot.\u201d Symptoms of [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/lvit.com\/lvitblog\/conficker-worm-test\/\" \/>\n<meta property=\"og:site_name\" content=\"lvit.com\" \/>\n<meta property=\"article:author\" content=\"http:\/\/www.facebook.com\/lvit.sales\" \/>\n<meta property=\"article:published_time\" content=\"2009-07-14T14:00:52+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/i.ixnp.com\/images\/v3.89.0.1\/t.gif\" \/>\n<meta name=\"author\" content=\"Admin\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/lvit.com\/lvitblog\/conficker-worm-test\/\",\"url\":\"https:\/\/lvit.com\/lvitblog\/conficker-worm-test\/\",\"name\":\"Conficker Worm Test - lvit.com\",\"isPartOf\":{\"@id\":\"http:\/\/lvit.com\/lvitblog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/lvit.com\/lvitblog\/conficker-worm-test\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/lvit.com\/lvitblog\/conficker-worm-test\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/i.ixnp.com\/images\/v3.89.0.1\/t.gif\",\"datePublished\":\"2009-07-14T14:00:52+00:00\",\"dateModified\":\"2009-07-14T14:00:52+00:00\",\"author\":{\"@id\":\"http:\/\/lvit.com\/lvitblog\/#\/schema\/person\/69fd73c618d14eb0acacbba420cfa55f\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/lvit.com\/lvitblog\/conficker-worm-test\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/lvit.com\/lvitblog\/conficker-worm-test\/#primaryimage\",\"url\":\"http:\/\/i.ixnp.com\/images\/v3.89.0.1\/t.gif\",\"contentUrl\":\"http:\/\/i.ixnp.com\/images\/v3.89.0.1\/t.gif\"},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/lvit.com\/lvitblog\/#website\",\"url\":\"http:\/\/lvit.com\/lvitblog\/\",\"name\":\"lvit.com\",\"description\":\"Computer Repair  &amp; Virus Removal\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/lvit.com\/lvitblog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"http:\/\/lvit.com\/lvitblog\/#\/schema\/person\/69fd73c618d14eb0acacbba420cfa55f\",\"name\":\"Admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\/\/lvit.com\/lvitblog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ce83fe3324e2b87d9df4b180a146191dda65c4e3e71ec6480f914dec7ac48f65?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ce83fe3324e2b87d9df4b180a146191dda65c4e3e71ec6480f914dec7ac48f65?s=96&d=mm&r=g\",\"caption\":\"Admin\"},\"sameAs\":[\"http:\/\/lvit.com\",\"http:\/\/www.facebook.com\/lvit.sales\",\"https:\/\/x.com\/LVITAdman\"],\"url\":\"http:\/\/lvit.com\/lvitblog\/author\/Admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Conficker Worm Test - lvit.com","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/lvit.com\/lvitblog\/conficker-worm-test\/","og_locale":"en_US","og_type":"article","og_title":"Conficker Worm Test - lvit.com","og_description":"Conficker Worm Test \u00a0Reports that the Conficker computer worm is \u201cnow parading as an anti-virus program called Spyware Protect 2009. The worm takes users to a fake security Web site, asks them to pay $50 for a spyware program that actually is the Conficker worm, then keeps your credit card information to boot.\u201d Symptoms of [&hellip;]","og_url":"https:\/\/lvit.com\/lvitblog\/conficker-worm-test\/","og_site_name":"lvit.com","article_author":"http:\/\/www.facebook.com\/lvit.sales","article_published_time":"2009-07-14T14:00:52+00:00","og_image":[{"url":"http:\/\/i.ixnp.com\/images\/v3.89.0.1\/t.gif","type":"","width":"","height":""}],"author":"Admin","twitter_misc":{"Written by":"Admin","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/lvit.com\/lvitblog\/conficker-worm-test\/","url":"https:\/\/lvit.com\/lvitblog\/conficker-worm-test\/","name":"Conficker Worm Test - lvit.com","isPartOf":{"@id":"http:\/\/lvit.com\/lvitblog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/lvit.com\/lvitblog\/conficker-worm-test\/#primaryimage"},"image":{"@id":"https:\/\/lvit.com\/lvitblog\/conficker-worm-test\/#primaryimage"},"thumbnailUrl":"http:\/\/i.ixnp.com\/images\/v3.89.0.1\/t.gif","datePublished":"2009-07-14T14:00:52+00:00","dateModified":"2009-07-14T14:00:52+00:00","author":{"@id":"http:\/\/lvit.com\/lvitblog\/#\/schema\/person\/69fd73c618d14eb0acacbba420cfa55f"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/lvit.com\/lvitblog\/conficker-worm-test\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/lvit.com\/lvitblog\/conficker-worm-test\/#primaryimage","url":"http:\/\/i.ixnp.com\/images\/v3.89.0.1\/t.gif","contentUrl":"http:\/\/i.ixnp.com\/images\/v3.89.0.1\/t.gif"},{"@type":"WebSite","@id":"http:\/\/lvit.com\/lvitblog\/#website","url":"http:\/\/lvit.com\/lvitblog\/","name":"lvit.com","description":"Computer Repair  &amp; Virus Removal","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/lvit.com\/lvitblog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"http:\/\/lvit.com\/lvitblog\/#\/schema\/person\/69fd73c618d14eb0acacbba420cfa55f","name":"Admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/lvit.com\/lvitblog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/ce83fe3324e2b87d9df4b180a146191dda65c4e3e71ec6480f914dec7ac48f65?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ce83fe3324e2b87d9df4b180a146191dda65c4e3e71ec6480f914dec7ac48f65?s=96&d=mm&r=g","caption":"Admin"},"sameAs":["http:\/\/lvit.com","http:\/\/www.facebook.com\/lvit.sales","https:\/\/x.com\/LVITAdman"],"url":"http:\/\/lvit.com\/lvitblog\/author\/Admin\/"}]}},"_links":{"self":[{"href":"http:\/\/lvit.com\/lvitblog\/wp-json\/wp\/v2\/posts\/31","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/lvit.com\/lvitblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/lvit.com\/lvitblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/lvit.com\/lvitblog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/lvit.com\/lvitblog\/wp-json\/wp\/v2\/comments?post=31"}],"version-history":[{"count":0,"href":"http:\/\/lvit.com\/lvitblog\/wp-json\/wp\/v2\/posts\/31\/revisions"}],"wp:attachment":[{"href":"http:\/\/lvit.com\/lvitblog\/wp-json\/wp\/v2\/media?parent=31"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/lvit.com\/lvitblog\/wp-json\/wp\/v2\/categories?post=31"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/lvit.com\/lvitblog\/wp-json\/wp\/v2\/tags?post=31"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}