Ned's posterous

Right now is the only moment guaranteed to you. Right now is life. Don’t miss it.

Removal - Conficker

Removal - Conficker ...

 

http://www.dshield.org/diary.html?storyid=5860

 

Removal Instructions

Microsoft: http://support.microsoft.com/kb/962007
Kaspersky: http://support.kaspersky.com/faq/
BitDefender: http://www.bitdefender.com/VIRUS-1000462-en--Win32.Worm.Downadup.Gen.html
TrendMicro: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp

To be able to access Anti-Virus vendors and SANS, Microsoft and others, from an infected Conficker.C machine, TrendMicro suggests to use "net stop dnscache" from the command line.

Sophos: http://www.sophos.com/support/knowledgebase/article/51416.html

Removal Tools

Microsoft MSRT: http://www.microsoft.com/security/malwareremove/default.mspx
F-Secure: ftp://ftp.f-secure.com/anti-virus/tools/beta/f-downadup.zip
AhnLab: http://global.ahnlab.com/global/file_removeal_down.jsp?filename=12371830475821&down_filename=v3conficker.zip
Symantec: http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99
McAfee: http://vil.nai.com/vil/stinger/
ESET: http://download.eset.com/special/EConfickerRemover.exe
BitDefender: http://www.bdtools.net/
Kaspersky: http://data2.kaspersky-labs.com:8080/special/KidoKiller_v3.3.3.zip
TrendMicro: https://securecloud.com/support/sysclean
Sophos: https://secure.sophos.com/products/free-tools/conficker-removal-tool-network/download (registration required)

Conficker Remote Scanners

nmap nmap 4.85BETA5 now includes Conficker detection http://insecure.org/
nessus http://www.nessus.org/plugins/index.php?view=single&id=36036
McAfee http://www.mcafee.com/us/enterprise/confickertest.html

Conficker Cabal Information

ShadowServer http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090212 (very good explanation of the importance of this group)
Arbor networks http://asert.arbornetworks.com/2009/02/the-conficker-cabal-announced/
ICANN http://www.icann.org/en/announcements/announcement-2-12feb09-en.htm
Symantec https://forums.symantec.com/t5/Malicious-Code/Coalition-Formed-in-Response-to-W32-Downadup/ba-p/388129

General Information

Microsoft End user/Consumer page
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
IT Security/Professional Page
http://technet.microsoft.com/en-us/security/dd452420.aspx
Centralized information about Conficker
http://blogs.technet.com/mmpc/archive/2009/01/22/centralized-information-about-the-conficker-worm.aspx
SecureWorks http://www.secureworks.com/research/threats/downadup-removal/

Research (technical)

SRI http://mtc.sri.com/Conficker
MNIN Security Blog http://mnin.blogspot.com/2009/01/downatool-for-downadupbconflickerb.html
This is an awesome tool that generates domains, and ips to scan using the reversed algorithms from conficker.
ThreatExpert Blog http://blog.threatexpert.com/2009/01/confickerdownadup-memory-injection.html
CERT.at http://www.cert.at/static/conficker/TR_Conficker_Detection.pdf
Great paper that covers setting up your local DNS server to mitigate/alert on infections.
Sample zonefiles can be downloaded here: http://www.cert.at/english/downloads/downloads.html
CA Writeup dated 3/11/09
Screenshots of April 1st Trigger
Honeynet Project A useful analysis and supporting tools from the Honeynet project can be found at:
https://www.honeynet.org/files/KYE-Conficker.pdf and
http://iv.cs.uni-bonn.de/wg/cs/applications/containing-conficker/

 

 

Remove Downadup from infected computers

Downadup (or Conficker) is a network worm that takes advantage of vulnerabilities in Windows to spread. Its removal is complicated by the fact that it blocks many known antivirus software and associated websites.

BitDefender Labs has detected a new and more aggressive Downadup version. It spreads using a Windows RPC Server Service vulnerability and is called Win32.Worm.Downadup.Gen.

The new version is more resilient to disinfection. Once the system is compromised, the worm disables Windows Update and blocks access to most of the anti-virus websites in order to hinder the user to disinfect his machine.

BitDefender is the first to offer a free tool which disinfects all versions of Downadup. This domain is the first to serve a removal tool without being blocked by the e-threat.

The worm itself is not new, it made its first appearance late November 2008, known under the names Conficker or Kido as well exploiting the vulnerability described in the Microsoft security bulletin MS08-067. After successful exploitation it used to install rogue security software on the infected machine.

Download and run the tools provided below to rid your computer or newtork of this e-threat.

Download Downadup Removal Tool Single PC Removal Tool
Removes Downadup from a single PC


Download Now (.zip - 2.2MB)
Download Downadup Removal Tool for System Administrators Network Removal Tool
Removes Downadup from PCs in a Microsoft Network

Download Now (.exe - 13MB)

-----------

Conficker Removal Tool - Symantec http://tinyurl.com/cuu2pl

Conficker Removal Tool - Symantec

A new worm called Conficker, sometimes referred to as Downadup ... download our specialized Conficker removal tool and run it on the infected machine before installing new antivirus software.

 

Symantec has a detailed technical analysis of the threat here.

http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99

 

Symantec Security Response

http://www.symantec.com/security_response/index.jsp

W32.Downadup Removal Tool

Discovered: January 13, 2009
Type: Removal Information

SUMMARY

This tool is designed to remove the infections of:

Important:

  • If you are on a network or have a full-time connection to the Internet, such as a DSL or cable modem, disconnect the computer from the network and Internet. Disable or password-protect file sharing, or set the shared files to Read Only, before reconnecting the computers to the network or to the Internet. Because this worm spreads by using shared folders on networked computers, to ensure that the worm does not reinfect the computer after it has been removed, Symantec suggests sharing with Read Only access or by using password protection.

    For instructions on how to do this, refer to your Windows documentation, or the document: How to configure shared Windows folders for maximum network protection.

    For further information on the vulnerability and patches to resolve it please refer to the following document:
    Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability


  • If you are removing an infection from a network, first make sure that all the shares are disabled or set to Read Only.

  • This tool is not designed to run on Novell NetWare servers. To remove this threat from a NetWare server, first make sure that you have the current virus definitions, and then run a full system scan with the Symantec antivirus product.

How to download and run the tool

Important: You must have administrative rights to run this tool on Windows NT 4.0, Windows 2000, or Windows XP.

Note for network administrators: If you are running MS Exchange 2000 Server, we recommend that you exclude the M drive from the scan by running the tool from a command line, with the Exclude switch. For more information, read the Microsoft knowledge base article: XADM: Do Not Back Up or Scan Exchange 2000 Drive M (Article 298924).

Follow these steps to download and run the tool:

  1. Download the FixDwndp.exe file from: http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixDwndp.exe.
  2. Save the file to a convenient location, such as your Windows desktop.
  3. Optional: To check the authenticity of the digital signature, refer to the "Digital signature" section later in this writeup.

    Note: If you are sure that you are downloading this tool from the Security Response Web site, you can skip this step. If you are not sure, or are a network administrator and need to authenticate the files before deployment, follow the steps in the "Digital signature" section before proceeding with step 4.

  4. Close all the running programs.
  5. If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
  6. If you are running Windows Me or XP, turn off System Restore. For instructions on how to turn off System Restore, read your Windows documentation, or one of the following articles:

    How to disable or enable Windows Me System Restore

    How to turn off or turn on Windows XP System Restore

  7. Locate the file that you just downloaded.
  8. Double-click the FixDwndp.exe file to start the removal tool.
  9. Click Start to begin the process, and then allow the tool to run.

    NOTE: If you have any problems when you run the tool, or it does nor appear to remove the threat, restart the computer in Safe mode and run the tool again.

  10. Restart the computer.
  11. Run the removal tool again to ensure that the system is clean.
  12. If you are running Windows Me/XP, then reenable System Restore.
  13. If you are on a network or if you have a full-time connection to the Internet, reconnect the computer to the network or to the Internet connection.
  14. Run LiveUpdate to make sure that you are using the most current virus definitions.

When the tool has finished running, you will see a message indicating whether the threat has infected the computer. The tool displays results similar to the following:
  • Total number of the scanned files
  • Number of deleted files
  • Number of repaired files
  • Number of terminated viral processes
  • Number of fixed registry entries
What the tool does
The Removal Tool does the following:
  • Terminates the associated processes
  • Deletes the associated files
  • Deletes the registry values added by the threat
  • Removes the scheduled jobs created by the threat
Switches
The following switches are designed for use by network administrators:
/HELP, /H, /?
Displays the help message.
/NOFIXREG
Disables the registry repair (We do not recommend using this switch).
/SILENT, /S
Enables the silent mode.
/LOG=[PATH NAME]
Creates a log file where [PATH NAME] is the location in which to store the tool's output. By default, this switch creates the log file, FixDwndp.log, in the same folder from which the removal tool was executed.
/MAPPED
Scans the mapped network drives. (We do not recommend using this switch. See the following Note.)
/START
Forces the tool to immediately start scanning.
/EXCLUDE=[PATH]
Excludes the specified [PATH] from scanning. (We do not recommend using this switch. See the following Note.)
/NOCANCEL
Disables the cancel feature of the removal tool.
/NOFILESCAN
Prevents the scanning of the file system.
/NOVULNCHECK
Disables checking for unpatched files.
/FORCEJOBSREPAIR
Removes the created scheduled jobs.


Important: Using the /MAPPED switch does not ensure the complete removal of the virus on the remote computer, because:

  • The scanning of mapped drives scans only the mapped folders. This may not include all the folders on the remote computer, which can lead to missed detections.
  • If a viral file is detected on the mapped drive, the removal will fail if a program on the remote computer uses this file.
Therefore, you should run the tool on every computer.

The /EXCLUDE switch will only work with one path, not multiple. An alternative is the /NOFILESCAN switch followed by a manual scan with AntiVirus. This will let the tool alter the registry. Then, scan the computer with AntiVirus with current virus definitions. With these steps, you should be able to clean the file system.

The following is an example command line that can be used to exclude a single drive:

"C:\Documents and Settings\user1\Desktop\FixDwndp.exe" /EXCLUDE=M:\ /LOG=c:\FixDwndp.txt

Alternatively, the command line below will skip scanning the file system, but will repair the registry modifications. Then, run a regular scan of the system with proper exclusions:

"C:\Documents and Settings\user1\Desktop\FixDwndp.exe" /NOFILESCAN /LOG=c:\FixDwndp.txt

Note: You can give the log file any name and save it to any location.

Digital signature
For security purposes, the removal tool is digitally signed. Symantec recommends that you use only copies of the removal tool that have been directly downloaded from the Symantec Security Response Web site.

If you are not sure, or are a network administrator and need to authenticate files before deployment, you should check the authenticity of the digital signature.

Follow these steps:

  1. Go to http://www.wmsoftware.com/free.htm.
  2. Download and save the Chktrust.exe file to the same folder in which you saved the removal tool.

    Note: Most of the following steps are done at a command prompt. If you downloaded the removal tool to the Windows desktop, it will be easier if you first move the tool to the root of the C drive. Then save the Chktrust.exe file to the root of C as well.

    (Step 3 to assume that both the removal tool and Chktrust.exe are in the root of the C drive.)

  3. Click Start > Run.
  4. Type one of the following:

    Windows 95/98/Me:
    command

    Windows NT/2000/XP:
    cmd

  5. Click OK.
  6. In the command window, type the following, pressing Enter after typing each line:

    cd\
    cd downloads
    chktrust -i FixDwndp.exe

  7. You should see one of the following messages, depending on your operating system:

    Windows XP SP2:
    The Trust Validation Utility window will appear.

    Under Publisher, click the Symantec Corporation link. The Digital Signature Details appears.
    Verify the contents of the following fields to ensure that the tool is authentic:

    Name: Symantec Corporation
    Signing Time: 03/30/2009 10:53:57 AM

    All other operating systems:
    You should see the following message:

    Do you want to install and run "FixDwndp.exe" signed on March 30, 2009 10:53:57 AM and distributed by Symantec Corporation?

    Notes:
    The date and time in the digital signature above are based on Pacific time. They will be adjusted your computer's time zone and Regional Options settings.

    If you are using Daylight Saving time, the displayed time will be exactly one hour earlier.

    If this dialog box does not appear, there are two possible reasons:

    The tool is not from Symantec: Unless you are sure that the tool is legitimate and that you downloaded it from the legitimate Symantec Web site, you should not run it.

    The tool is from Symantec and is legitimate: However, your operating system was previously instructed to always trust content from Symantec. For information on this and on how to view the confirmation dialog again, read the document: How to restore the Publisher Authenticity confirmation dialog box.

  8. Click Yes or Run to close the dialog box.
  9. Type exit, and then press Enter. (This will close the MS-DOS session.)
 Symantec Corporation


.-----------

Economy and Health Care

http://www.creators.com/opinion/froma-harrop/economy-and-health-care-are-married.html

The Duke basketball coach and most other Americans believe that President Obama is unwisely diverting his attention from the sick economy.

In the case of Coach Mike Krzyzewski, the unhappiness is part personal. Obama recently took time out of his busy schedule to predict, among other NCAA tournament outcomes, that Duke would not make it into the Final Four.

"The economy is something he should focus on, probably more than the (tournament) brackets," Krzyzewski advised.

And what about the 55 percent of Americans who told pollsters that Obama is doing too much? They see his tackling of health care, education and energy — on top of fixing the economy — as issue overload.

And the president's political foes are happy to stoke those concerns: They would fight his agendas were the American economy floating on Cloud Nine.

The public's sense of poor prioritizing rests on a flawed assumption — that fixing the economy can be separated from health care, education and energy. These issues all go into the big enchilada of American competitiveness.

If Obama ever has to throw any of them off the agenda island, he must ensure that health-care reform remains a survivor. The inability to afford needed medical treatment is among Americans' most primal economic fears. (Ask think tanks why, when they sponsor polls on issues Americans worry about, they list "the economy" and "health care" as separate items. They'll respond that they don't know why.)

In the bigger picture, soaring health-care costs are busting federal and state budgets. They put Americans at a comparative disadvantage to foreign companies whose governments curb medical spending.

The Business Roundtable has found some remarkable disparities in health-care spending and quality between the United States and four other leading industrial democracies (France, Germany, Japan and the United Kingdom).

1) The Group of Five's employers and workers spend 63 percent of what the United States does on health care.

2) American workers are 10 percent less healthy than the G-5 average.

A most amazing number is $8,000.

That's a recent estimate of how much America spends on health care for every man, woman and child a year.

It is twice the average of other rich countries.

And the $8,000 includes the 47 million Americans with no insurance. The other nations cover everyone.

How can America close this gap? For starters, it can curtail unnecessarily expensive care. As a first step, the administration put $1.1 billion in the stimulus package to compare the success of different drugs and treatments for the same illness.

Of course, interfering with anyone's revenue stream will ignite a campaign to kill off real health-care reform. But making rules for what gets covered is the only way to contain costs. Private insurers do it. All other industrialized countries do it.

Consider this: America could set its health care spending 50 percent higher than the rich-country average and still see enormous savings. This doesn't sound like much of a sacrifice for the American health-care consumer.

The challenge for reformers will be gaining the trust of Americans happy with their coverage. Many people fear that a national plan would compromise the quality of care they've come to expect. The time to establish their trust is right now, while the Obama administration is still young and enjoying much good will.

In sum, the president's push for health-care reform amid economic crisis is not a symptom of any attention-deficit disorder. It is making good use of political momentum while it lasts.

Health care consumes 17 percent of the U.S. gross domestic product, which is hardly small change. If fixing health care isn't part of setting the U.S. economy upright, then what is?

-----------

Down at the half - The surprising benefits of being behind

http://www.boston.com/bostonglobe/ideas/articles/2009/03/29/down_at_the_half/
 

...  teams risk overconfidence if they see themselves ahead  ...

Boston Globe Pop quiz: It's halftime during the NCAA championship game. The buzzer sounds, and the team you've picked to go all the way is a point down. Who's going to win? Nicole Cammorata March 29, 2009 -->

Down at the half

The surprising benefits of being behind

By Nicole Cammorata

March 29, 2009
 

Pop quiz: It's halftime during the NCAA championship game. The buzzer sounds, and the team you've picked to go all the way is a point down. Who's going to win?

Don't be shocked if your players come back to win the game. Odds are, that's what they'll do.

A recent study by two business professors at the Wharton School at the University of Pennsylvania looked at more than 6,000 college basketball games and found that teams that are just slightly behind at halftime are more likely to win the game.

It may sound strange to say you should be glad to see your team trailing at the half. But understanding why is key to understanding all kinds of human motivation, in areas from classroom achievement to corporate competitiveness.

Jonah Berger, a coauthor of the study, titled "When Losing Leads to Winning," said the idea arose from something that intrigued him while coaching youth soccer: he "always felt like the kids worked harder when we were slightly behind at halftime." Along with Wharton colleague Devin Pope, Berger crunched the numbers on basketball games and found that teams trailing by one point at the half went on to win 51.3 percent of the time.

To be certain they weren't just seeing an effect peculiar to basketball, Berger and Pope devised a lab test. They gave subjects a timed button-pushing task and told them they were playing against a hidden competitor. Halfway through, they paused and told the participants they were either far behind, slightly behind, tied, or slightly ahead. Subjects who believed they had only a small gap to close showed greater effort once they returned to the task. The other groups didn't show the same burst of energy.

This kind of drive will sound familiar to anyone racing to finish a report faster than a cubicle mate, receiving a test score just points behind a lab partner, or trailing a road race competitor by just a few dozen steps. Other studies have shown that having a clear but reachable goal is a powerful motivating force.

But not everyone wins when they're just a touch behind. What separates the teams that overcame the halftime gap from the ones that didn't? In their final test, Berger and Pope again told subjects how they were performing relative to competitors, but also polled them on how they felt about their ability to succeed. Those with higher confidence tried harder to overcome the deficit. Their belief in their own abilities, it emerged, determined the level of response to their "halftime" feedback.

This phenomenon is known to psychologists as "self-efficacy," the confidence that you not only can, but must, get something done despite obstacles or outside influences.

"If you have that resiliency, then being behind can act as a motivator and a focus," said Deborah L. Feltz, a professor at Michigan State University and coauthor of the book "Self-Efficacy in Sport." But if you lack this inherent feeling, "then you're really going to beat yourself before you've even stepped on the floor."

In success psychology, it's still an open question whether that self-assurance needs to be merited, or if it can be created on the spot. Sandra Short, a psychologist at the University of North Dakota and a coauthor of "Self-Efficacy in Sport" with Feltz, is doing research on a new theory that convincing yourself you're confident is just as powerful as actually being confident. And Albert Bandura, a Stanford psychologist, has written that self-efficacy can be increased by verbal persuasion - hence the halftime pep talk. Bandura determined that people who are verbally persuaded "are more likely to mobilize greater effort and sustain it" than if they lack reinforcement and dwell on what they're doing wrong.

"I always talk to myself on the court, especially if I'm struggling," says Siena College senior Kenny Hasbrouck, whose team was down by five points at halftime during its first-round game but came back to beat Ohio State in overtime. "I tell myself to forget about a turnover, forget about a shot, [and] box out my man."

So, assuming you've got the confidence in your own abilities, should you actually strive to be a bit behind? The technique is often used in head-to-head sports, where a marathoner or bike racer might stay strategically shy of a competitor while saving up the energy for a winning push. But for sports where you need to score repeatedly to win, there are dangers to relying on the numbers on the board.

Adam Naylor, a sports psychologist at Boston University, says that teams risk overconfidence if they see themselves ahead, or deflation if they see themselves too far behind. Even if the numbers show it's helpful to be just a touch behind, he says, there are limits to how literally that insight should be applied.

"You don't want to tell your coach to make sure you're losing at halftime," Naylor said. "I'd lose every job I had if I told that to a coach."

-----------

From home use to industrial applications, Epilog's laser engraving systems engrave and cut all types of materials and designs

Laser Engraving, Cutting and Marking Systems
Manufacturer of CO2 Laser Systems

From home use to industrial applications, Epilog's laser engraving systems engrave and cut all types of materials and designs.

Find out which laser is right for you.
  ') } random_imglink() //-->

laser cutting
Find out which Epilog Laser system is right for your application
From the Zing Starter Series to the FiberMark Metal Marking Series, find the right laser for you.


epilog laser sample club
Over 75 popular downloadable laser files
Laser engraving and cutting files you can download and customize on your Epilog Laser.


Please explore our site for all of the great features we offer, including:

 




application gallery
See some of the amazing projects created on a laser engraver
From wood engraving to glass etching to model making, see photos of the many applications you can create on a laser system.

Salesman of the Year




A young guy from Wisconsin moves to Florida and goes to
a big everything-under-one-roof department store looking for a job ..

The Manager says, 'Do you have any sales experience?'

The kid says 'Yeah. I was a salesman back in Wisconsin'

Well, the boss liked the kid and gave him the job. 'You start tomorrow. I'll
come down after we close and see how you did.'

His first day on the job was rough, but he got through it.

After the store was locked up, the boss came down. 'How many customers bought
something from you today?'

The kid says, 'One.'

The boss says, 'Just one? Our sales people average 20
to 30 customers a day. How much was the sale for?'

The kid says, '$101,237.65.'

The boss says, '$101,237.65? What the heck did you sell?'

The kid says, 'First, I sold him a small fish hook. Then I sold him a medium
fishhook. Then I sold him a larger fishhook. Then I sold him a new fishing
rod.
Then I asked him where he was going fishing, and he said down the coast, so I
told him he was going to need a boat, so we went down to the boat department,
and I sold him a twin engine Chris Craft.
Then he said he didn't think his Honda Civic would pull it, so I took him
down to the automotive department and sold him that 4x4 Expedition.'

The boss said 'A guy came in here to buy a fish hook and you sold him a BOAT
and a TRUCK?'

The kid said 'No, the guy came in here to buy Tampons for his wife, and I
said, 'Dude, your weekend's shot, you should go fishing.'

-------------------