Conficker Worm in Utah University
The most complete guide to the conficker worm. College Campuses are particularly vulnerable to Worm/Virus attacks because of the number of computer users that are networked together. The conficker worm has affected 700 computers at the University of Utah. The worm can slow down PCs and steal information. The conficker worm has infiltrated computers at the colleges of nursing, pharmacy and health as well as hospitals and medical school computers. Chris Nelson, the health sciences spokesman, said that no patient data nor medical records were comprised. “That’s secured in a much deeper way because of the implications,” said Nelson. The conficker worm could be siphoning login and stealing bank information. Source: Google Conficker Worm in Utah University
How to know if you are infected by the Conficker Worm
According to Microsoft corporation some, all, or none of the following could be happening on computer systems infected by the conficker worm.
- Account lockout policies are being tripped.
- Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and Error Reporting Services are disabled.
- Domain controllers respond slowly to client requests.
- The network is congested.
- Various security-related Web sites cannot be accessed.
What exactly is the Conficker Worm and how do I Prevent or Remove it?
Win32/Conficker is a worm that infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. Depending on the specific variant, it may also spread via removable drives and by exploiting weak passwords. It disables several important system services and security products and downloads arbitrary files.
Known Variants of Conficker Worm
System Changes that may be the cause of the conficker worm.
- The following services are disabled or fail to run:
Windows Update Auto Update Service
Background Intelligence Transfer Service
Error Reporting Service
Windows Error Reporting Service
- Some accounts may be locked out due to the following registry modification, which may flood the network with connections:
“TcpNumConnections” = “0x00FFFFFE”
- Users may not be able to connect to websites or online services that contain the following strings:
That’s all for now folks. If you are infected with Conficker Worm and need help feel free to call Shane Fowler at Fowler Computer for computer repair service anywhere in the United States at (603) 343-8331.