New Nasty Windows Worm (Downadup, Conficker or Kido)

[Aeshanjace]

---

symantec, makers of norton right? wala diay mo nangayu ug assistance nila sir? their product's purpose was to prevent that infection nya na infected na noun mo... worst is you guys are doing a manual editing of the registry.. samukan man gani ko magtan-aw sa akong registry nga gamay ra kaau and it looks complicated samot na nyuha,
all the platforms were infected?

actually sir, the languages i know are just simple introduction to java and visual basic mao ra, then assembly language. cause im a computer technician graduate (2 year course in ACT) gamay ra kau ang gikarga nga programing language sa among subject, more on hardware gyud mi. but now im planning to re-enroll in ACT and take-up computer science, cause as ive said before i will get into computer graphics and web designing (my target industry is online.offline gaming industry)

Yes sir, we already ask symantec corp. for assistance, they already give us information on how to prevent it, and the procedures are quite a little adjustment compare on what we have already as our default settings. And because of that, like what I said before, it's really affecting on our configurations settings mostly in using our 3rd party and 4th party applications that also needed in our daily routine task. That's why I'm publishing this problem to see to it other opinions and suggestion on having this kind of problem.

ahh okay! pro sir advise lang, starting now you should finalize in what will be your options if you will undergo trainings and studies. And better to focus in one position first, before handling another positions that you think your capable also. if feel nimo ang programming, just try to take it to the limit of your ability. And once you been satisfied and succeeded it, then that's the time you can take another challenge that would take your knowledge more broaden.

Kay pra nako sir, if kibaw palang ko nga programmer, technician, sys ad, graphics etc. lang ang kinahanglanon pra maka trabaho ka. much better wla nalang ko ni kuha og mga minor subjects, pra mafocus kog trainings sa ko gus2 nga trabaho kuhaon. Sa karn na panahon sir dli nata kaingon nga "College graduate is more advantage" depende na gyd na karn sir, kay duha naman ron akong pag too. "College graduate or More Skillful" it really depends on that situations.

[handsoff241]

Yes sir, we already ask symantec corp. for assistance, they already give us information on how to prevent it, and the procedures are quite a little adjustment compare on what we have already as our default settings. And because of that, like what I said before, it's really affecting on our configurations settings mostly in using our 3rd party and 4th party applications that also needed in our daily routine task. That's why I'm publishing this problem to see to it other opinions and suggestion on having this kind of problem.

ahh okay! pro sir advise lang, starting now you should finalize in what will be your options if you will undergo trainings and studies. And better to focus in one position first, before handling another positions that you think your capable also. if feel nimo ang programming, just try to take it to the limit of your ability. And once you been satisfied and succeeded it, then that's the time you can take another challenge that would take your knowledge more broaden.

Kay pra nako sir, if kibaw palang ko nga programmer, technician, sys ad, graphics etc. lang ang kinahanglanon pra maka trabaho ka. much better wla nalang ko ni kuha og mga minor subjects, pra mafocus kog trainings sa ko gus2 nga trabaho kuhaon. Sa karn na panahon sir dli nata kaingon nga "College graduate is more advantage" depende na gyd na karn sir, kay duha naman ron akong pag too. "College graduate or More Skillful" it really depends on that situations.

wala ninyo gi-blame ang symantec sir? my point is, there product was suppose to protect you from that infection. they should assist you farther on that situation other than just giving you guys instructions. have you tried collaborating with other it companies here in cebu or outside cebu? and also sir, why are we not affected, like me.. i have net but i dont have that virus. diin diay na ninyu makuha nga secured man unta kaau inyung system? its very odd, tan-awa karon wala pay mi-post as suggestion or response sa imu prob kay company lvl man gud. so it means personal-lvl users are not affected at all. unsa pa diay laing effect sa virus sir?

i really have passion for programming like java, i love java and what it can do way back 2005(pero clasi clasi man tingale ang focus ana nila, like for gaming and web and utility programs) so far karon my current plan is to focus on the two, computer graphics and web designing actually ang nag suggest is my fathers I.T. friend from kuwait, mao kuno nay demand didto, pwede lang daw ko mag-minor sa networking but focus more on programing. so mao to i decided web designing and computer graphics.

[rgnoval]

mura ma delete naman tingali sa symantec ang kaning downloadup run kay naa ko USB gibutang ganina ang na delete naman sa symantec. mura gi update na tingali ila database.

[Aeshanjace]

wala ninyo gi-blame ang symantec sir? my point is, there product was suppose to protect you from that infection. they should assist you farther on that situation other than just giving you guys instructions. have you tried collaborating with other it companies here in cebu or outside cebu? and also sir, why are we not affected, like me.. i have net but i dont have that virus. diin diay na ninyu makuha nga secured man unta kaau inyung system? its very odd, tan-awa karon wala pay mi-post as suggestion or response sa imu prob kay company lvl man gud. so it means personal-lvl users are not affected at all. unsa pa diay laing effect sa virus sir?

i really have passion for programming like java, i love java and what it can do way back 2005(pero clasi clasi man tingale ang focus ana nila, like for gaming and web and utility programs) so far karon my current plan is to focus on the two, computer graphics and web designing actually ang nag suggest is my fathers I.T. friend from kuwait, mao kuno nay demand didto, pwede lang daw ko mag-minor sa networking but focus more on programing. so mao to i decided web designing and computer graphics.

\


hehehe. FYI: this virus is not only runs specific station like if I'm infected then sooner you'll get infected too. This virus don't just infected single user's, it's more on a network side and a server side. The more restricted settings you have in the server, the more this virus can penetrate to scattered. And I don't think so, that some of the high risk viruses are made also to destroy a very unsecured connections like personal station or just unknown nonbusiness associated. It has also purposes why almost big corporate companies are most affected with that w32.downloadup.b infections. As I said this viruses don't just waste to develop it, just for affecting single user's easily. Can you sense the logic already?. And another FYI: symantec corp. is a leading anti-virus industry, and not just like myDSL or GLOBE ISP provider that you can freely interact with anytime. You have to made a formal notification first before you can just ask assistance to their products. And once they already knew that you are registered as their client, they weekly monitored your products and call you via IP-Phones for updates and status. They formally help the situation if they see to it that one of their client is having a problem. And still right now, they are on-going for the fixes and updates as well to obtain their standard services as a Support Anti-virus Corporates. still not cleared?

[iceweb]

up for the info

[handsoff241]

\


hehehe. FYI: this virus is not only runs specific station like if I'm infected then sooner you'll get infected too. This virus don't just infected single user's, it's more on a network side and a server side. The more restricted settings you have in the server, the more this virus can penetrate to scattered. And I don't think so, that some of the high risk viruses are made also to destroy a very unsecured connections like personal station or just unknown nonbusiness associated. It has also purposes why almost big corporate companies are most affected with that w32.downloadup.b infections. As I said this viruses don't just waste to develop it, just for affecting single user's easily. Can you sense the logic already?. And another FYI: symantec corp. is a leading anti-virus industry, and not just like myDSL or GLOBE ISP provider that you can freely interact with anytime. You have to made a formal notification first before you can just ask assistance to their products. And once they already knew that you are registered as their client, they weekly monitored your products and call you via IP-Phones for updates and status. They formally help the situation if they see to it that one of their client is having a problem. And still right now, they are on-going for the fixes and updates as well to obtain their standard services as a Support Anti-virus Corporates. still not cleared?

nyay! crystal clear!

[maleman]

Yes sir, our hardware and software are all running in a corporate license, thats why we also obtain updated informations and support softwares from microsoft. In terms of network infra, we design it on a standardize US-Based Setup and were planning to have an ISO certifications. And regarding in firewalls, yes we have installed firewall netscreen hardware to block and restrict our gateways to outside connections also it has include features to support VPN server that we are currently using right now. And the subnetting, we already configure set of subnet range for the different level of user's and group policy. You might wonder why are we still infected even were on the high state settings of securities and access. It's because we I.T. Dept need to test and explore different newly applications and software that would help in ensuring our I.T. organization as a safety, reliable, stability, efficiency and integrity. There is sometimes that we need also to explore everything that is useful to defend and enhance performance to our I.T. organization, Until in such time, that some of the low level viruses pass through and we just usually don't care about that cases coz, it's being monitored by the anti-viruses we have. Sometimes we just underestimate the small things that unpredictably could turn into worst I.T. problem cases. Well that whats happen why we possibly attacked by the viruses.

nag-wonder lang man gud ko hehe... so based sa imong giingon similar ra diay ta ug environment pero so far "wla pa man" sad mi ngari, pero we're still on red-alert ania kay daghan ra ba kaayo mga underground ni mga developers sa company nga akoa gitrabahoan ug mga pinoy ang nagUna sa kaboang heheh. anyway, sa pagkakaron gipang-isolate namo ang each subnet para dali ra ang tracing just in case naa outbreak then cge lang ug push ang WSUS nga server namo para sa mga client machines.

thanks for sharing with us...

[y c o l e]

up ko ani..thanks for the info

[maleman]

According to our research sir, the virus started to scatter in Central Area of states and mainly came from Europe gyd. Right now we penetrate to stop and take over the infected "for the mean time", coz we conduct an isolation last week, one of the infected is still positive in worm. We already applied all disinfect removal, but still the worm is active and can penetrate anytime. Right now we change our settings into maximum of high level security and because of that some of our applications that needed to access our domain is currently disable.

Patabang nya ko ninyu mga bro basin naa moy laing idea sa pag tang2x aning w32.downloadup.b aside sa registry, kaysa karn thru registry pa namo ni gi kill.

By the way, w32.downloadup or W32.Downadup ni nga virus? sa nabasa nako sad, structured IT system jud ang target ania via RPC vulnerability then network drives ug usb sticks... nasty

Any idea asa nagsugod or asa gkan ang virus? possible gkan sa usb device then pass to then network drive dba then since daghan user nag-access sa drive most likely na-infect sila via the autorun.inf file.

if ganahan ka, try this trendmicro fixtool: http://www.trendmicro.com/ftp/produc...ORM_DOWNAD.zip

[handsoff241]

By the way, w32.downloadup or W32.Downadup ni nga virus? sa nabasa nako sad, structured IT system jud ang target ania via RPC vulnerability then network drives ug usb sticks... nasty

Any idea asa nagsugod or asa gkan ang virus? possible gkan sa usb device then pass to then network drive dba then since daghan user nag-access sa drive most likely na-infect sila via the autorun.inf file.

if ganahan ka, try this trendmicro fixtool: http://www.trendmicro.com/ftp/produc...ORM_DOWNAD.zip

sir, its a corporate pc the TS is using its super puter!