Re: Conficker A virus reinfecting patched machines

"20vtguy" <20vtguy@xxxxxxxxx> wrote in message
news:936053db-8308-4be6-994a-01d73a154303@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
So in a nutshell having the patch in does nothing to prevent a machine
from being infected by the configure?

***
That should work to keep conficker.a out initially.
***

So essentially there is no way
to prevent infection from the conficker virus once it gets on the
network. Sounds like I have to start from scratch and clean all the
machines again.

***
Maybe this will help you.

http://technet.microsoft.com/en-us/security/dd452420.aspx
***

Also Quilly mentioned disabling system restore which I did do, however
unless someone restores a system restore point that is infected the
virus should not actually be able to infect the machine and should
just linger harmlessly within the restore point. Correct?

***
Correct, but *detection* may still be possible.
***

Or can it
somehow reactivate itself from inside the infected but unrestored
restore point. I've never heard of a virus being able to do that.

***
I haven't heard of that happening yet either.
***


On Jul 7, 1:36 pm, "FromTheRafters" <erra...@xxxxxxxxxxxxxxxxx> wrote:


"20vtguy" <20vt...@xxxxxxxxx> wrote in message

news:8d254692-1f4c-40d8-906c-6d557af421dc@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Can anyone shed some light on this. I recently had a client who was
infected with the Conficker A. I cleaned the machines last week and
patched them all with the related Windows MS08-67 patch. They were
fine for a few days it seems but now their AV software is again
finding the virus in the system32 folder. I thought once the patch
was
installed that the virus could no longer infect the patched machine.
Any ideas why this is happening?

Just to address one point, the patch only addresses the software
vulnerability that is exploited by one vector of spread.


.

Relevant Pages

  • Re: All the symptoms no worm yet
    ... but not infect the system. ... By all means, install the patch. ... > the computer restarts, the generic host process for Win32 ...
    (microsoft.public.security)
  • Re: Dial-Up Connection Hacked?
    ... That will find, and infect, unpatched computers, even on dial-up ... the patch from the Windows Update site. ... Dial-up connections never were "more secure" than broadband, ...
    (microsoft.public.security)
  • Re: Conficker A virus reinfecting patched machines
    ... patched them all with the related Windows MS08-67 patch. ... installed that the virus could no longer infect the patched machine. ...
    (alt.comp.anti-virus)
  • damage after Virus Removal.
    ... Could someone please tell me if there is a patch or repair ... link to restore I.E 5 correct operation after Virus ...
    (microsoft.public.security.virus)