Try this easy conficker scan.....cfdetector!

Hi malware fighters,

Just a scan to see whether you are infected and with what kind of conficker variant:
http://iv.cs.uni-bonn.de/fileadmin/user_upload/werner/cfdetector/

Hopefully you aren’t detected,

polonus

wow, this is fast… :o
does this really work? or does anyone know how it works?

it says that I’m clean :smiley:

yours
onlysomeone

Hi onlysomeone,

This scan was developed by the Conficker Work Group -ANY - infection has been traced through this group, the scanner was developed by the Univerity of Bonn, I have no second doubt that it is genuine and very advanced, their infection maps : http://www.confickerworkinggroup.org/wiki/pmwiki.php/ANY/InfectionDistribution#toc2
The scanner was developed by thet Honeynet Project online as I gave it. “This detection method is more reliable as the network based scan. Happy scanning!”, says Tillmann Werner.
The best in the field made this, as I say to you: Deutsch gründlich!

polonus

Me being a trusting sort NOT, don’t see how this can see if your infected by conficker in the blink of an eye as it clearly isn’t scanning your system. So it really can only be checking something like network connections to see if there happens to be a conficker port/connection present.

No anyone with a half decent firewall should effectively block any such check, so I have little confidence in its ability to see if you are infected.

So I’m not to concerned who designed it if it isn’t downloaded to your system and run (so your AV would be ding the same thing) there is no way to tell if you are infected and it lies dormant.

I told you I was a trusting sort.

Hi DavidR,

It was based on the more intricate network test. Here is the original site: http://www.seibotec.com/2009/04/02/ein-conficker-schnelltest/
Here is where I found it: http://www.security.nl/artikel/28239/1/Online_scanner_detecteert_Conficker_worm.html

To-day is the second of April and I read there 2009/04/02… the scanner was made possible through the team of the anti-Conficker consortium that made the recent breakthrough on detecting the network of Conficker, I do not think a German top University like that of Bonn is working on SnakeOil or serving a bogus scanner up to users to give them “cheap” ease of mind, so until I read of the contrary why not use it next to other scanners,

polonus

Sorry, I’ll have to agree with DavidR on this one. Without it downloading a program of some sort to actually “scan the system”, this pretty much holds no bearing. I don’t care who made it.

It’s scanning for ports/holes that might be open, HAD you not installed windows updates to close those ports.

I can vouch for the following software. I used it on my network.
It can check your network and get rid of the infection if you should have it:
[url=http://mysharedfiles.no-ip.org/Sophos Conficker Clean-up Tool 1.3.exe]Download the Sophos Conficker Removal Tool v.1.10[/url]

The more hard drives you have, the longer it takes. On my network it took almost 24 hrs to complete.

Sorry Bob 3160, the link does not seem to work. ???

Hi ace2701,

You can also use this POC scanner, made by Dan Kamisnsky et.all:
http://iv.cs.uni-bonn.de/uploads/media/scs.zip

polonus

Sorry for the error, I’ve corrected the link to point to:
http://mysharedfiles.no-ip.org/Sophos Conficker Clean-up Tool 1.3.exe
I know that works because that’s what I ran. :slight_smile:

http://img.photobucket.com/albums/v190/bob3160/ShellFTP/conficker.jpg

Thanks Bob3160 and polonus … got it,ran it, and my system is clean.


I knew there was no infection here but did it anyway. :slight_smile:

Click to enlarge.


No Worms Here Also :slight_smile:

http://forum.avast.com/index.php?action=dlattach;topic=43935.0;attach=31977

Is that your band new cat food on the market for you to eat :wink:

Is that your band new cat food on the market for you to eat
No-But might taste good with http://i44.tinypic.com/14vin41.jpg on them :)

Same Here Bob
http://i40.tinypic.com/ht9tva.jpg

I assume what this test does is it simply tries to access a few security vendors web sites and comes up with clean after it is successful or infected if it is unsuccessful at accessing them. Since Conficker worm blocks access to those sites, that is i suppose the easiest way to tell if a computer is infected with Conficker or not. The .A variant is a different story though and this test doesn’t detect it.

http://iv.cs.uni-bonn.de/wg/cs/applications/containing-conficker/

http://www.shrani.si/f/y/10Q/37OISfYk/untitled-1.png

Hi Darth-Mikey,

Thank you for the exact summary of what this test does and does not, and how and why it works, could not have put it better. Now SRI also came up with a new Conficker scanner tool, get it here:
http://mtc.sri.com/Conficker/contrib/scanner.html
and the snort detection implementation here: http://mtc.sri.com/Conficker/contrib/plugin.html#example-code

polonus