winggapo
Solid State Member
- Messages
- 7
- Location
- Las Vegas NV
As a start off I want to say that I really hate to post this because I already know the response that I will get from the "techies" out there. I have already got the response from the local tech guys here at my pc shops in Las Vegas. That having been said, I only write this in the hope that it will allow someone else who has basically shelved his computer equipment as no longer being fuctional and given up or has taken it down to the local repair shop and been blasted with a huge bill to wipe everything clean.
I beat conficker D..at least, I think it was variation "D" from the descriptions I have read online and the symptoms that my pc had. I had written a thread a month or so back and was politely advised to use hijack this and mail the infor to the admin here for support. Only problem was that if I could have gotten into windows in ANY MODE I would not have written for support in the first place. I hade multiple drives corrupted, even drives that had been in storage and was told by the local techies that the virus had been hiding in the scheduled tasks or system restore areas of windows for maybe over a year and had all activated at the same time. Upon asking if the virus could corrupt the BIOS or attach to some other memory I was informed about how any virus that corrupts the BIOS shuts down the machine (not alters it) and that a virus cannot write to a component that discharges on boot down. Acting upon that as a matter of faith I spent a month working with emergency windows boot up discs and virus scanners only to get blind sided every time the machine bootsed back up.
Finally I decided that maybe some of the techies don't know as much as they think and went about removing what memory components I could to keep the machine operating and yet limit the amount of available memory for signatures to be stored on. I reduced the RAM to the mininum for XP to boot from that I had on hand and replaced the video card with an older card with little on board memory. Suddenly, the virus scans scanned through the virus on reboot. In a couple of hours I had a drive cleaned out and then I did a second drive and a third.
As a grand finale experiment I took a brand new 160gb Maxtor drive, never been formatted, and a brand new XP operating system disc, never been registered, and put a new OS on the disc. I downloaded McAfee, and Symatec scan alone scanner, PC tools Spyware doctor, and PC tools Registry Mechanic and scanned it all cleaned. I replaced the RAM I had removed and was reinfected with Conficker in two seconds flat. The software was all installed from discs, the harddrive never went online to acquire an infection source.
So here's the key, for all those that have machines inoperable...CONFICKER WRITES TO RAM. I know, I know....I can hear everyone laughing. I got the same laughter from the tech guys at Frys, at Best Buy and my own tech guy who all told me that it is impossible to write to a RAM stick as it deletes all energy on boot down. Some even inferred that I did not know what a RAM membory was. But, when I offered to bring the RAM membory sticks to them and let them put them in a compatable system and boot them up...where that's where they all drew the line with a "we're not that curious".
For information the RAM Sticks that were written to were 1gb Mushkin 4200, whereas two sticks of 512mb Kingston were unaffected. This is not an advertsiement for one memory type over another, as it could be that the signatures just needed more that 512mb to effectively write to.
Everyone that knows anything about RAM will say I made this up...and you can ignore this thread. But someone who is infected and can't come to terms, I just gave you a way to fight back. All the tech guys will laugh at writing to RAM as being impossible, but somewhere out there is some idiot who didn't get the message and went a head and did it anyway.
This is a bad and serious bug and this site does not give it enough credit as it has shut down components of the French Navy and German militray computers last month and appears to be coming from a server in the Ukraine according to what I can dig up online. You have not seen the end of this one. My only proof to how I beat it is that I have two sticks of RAM sitting in my drawer labled "do not boot, Conficker" written on them I can vouch that its accurate.
I beat conficker D..at least, I think it was variation "D" from the descriptions I have read online and the symptoms that my pc had. I had written a thread a month or so back and was politely advised to use hijack this and mail the infor to the admin here for support. Only problem was that if I could have gotten into windows in ANY MODE I would not have written for support in the first place. I hade multiple drives corrupted, even drives that had been in storage and was told by the local techies that the virus had been hiding in the scheduled tasks or system restore areas of windows for maybe over a year and had all activated at the same time. Upon asking if the virus could corrupt the BIOS or attach to some other memory I was informed about how any virus that corrupts the BIOS shuts down the machine (not alters it) and that a virus cannot write to a component that discharges on boot down. Acting upon that as a matter of faith I spent a month working with emergency windows boot up discs and virus scanners only to get blind sided every time the machine bootsed back up.
Finally I decided that maybe some of the techies don't know as much as they think and went about removing what memory components I could to keep the machine operating and yet limit the amount of available memory for signatures to be stored on. I reduced the RAM to the mininum for XP to boot from that I had on hand and replaced the video card with an older card with little on board memory. Suddenly, the virus scans scanned through the virus on reboot. In a couple of hours I had a drive cleaned out and then I did a second drive and a third.
As a grand finale experiment I took a brand new 160gb Maxtor drive, never been formatted, and a brand new XP operating system disc, never been registered, and put a new OS on the disc. I downloaded McAfee, and Symatec scan alone scanner, PC tools Spyware doctor, and PC tools Registry Mechanic and scanned it all cleaned. I replaced the RAM I had removed and was reinfected with Conficker in two seconds flat. The software was all installed from discs, the harddrive never went online to acquire an infection source.
So here's the key, for all those that have machines inoperable...CONFICKER WRITES TO RAM. I know, I know....I can hear everyone laughing. I got the same laughter from the tech guys at Frys, at Best Buy and my own tech guy who all told me that it is impossible to write to a RAM stick as it deletes all energy on boot down. Some even inferred that I did not know what a RAM membory was. But, when I offered to bring the RAM membory sticks to them and let them put them in a compatable system and boot them up...where that's where they all drew the line with a "we're not that curious".
For information the RAM Sticks that were written to were 1gb Mushkin 4200, whereas two sticks of 512mb Kingston were unaffected. This is not an advertsiement for one memory type over another, as it could be that the signatures just needed more that 512mb to effectively write to.
Everyone that knows anything about RAM will say I made this up...and you can ignore this thread. But someone who is infected and can't come to terms, I just gave you a way to fight back. All the tech guys will laugh at writing to RAM as being impossible, but somewhere out there is some idiot who didn't get the message and went a head and did it anyway.
This is a bad and serious bug and this site does not give it enough credit as it has shut down components of the French Navy and German militray computers last month and appears to be coming from a server in the Ukraine according to what I can dig up online. You have not seen the end of this one. My only proof to how I beat it is that I have two sticks of RAM sitting in my drawer labled "do not boot, Conficker" written on them I can vouch that its accurate.