Ok, I've been messing with the svchost.exe file all day and now realize a key is a key, not an exe file. Where would I find this svchost key?
-----Original Message----- From: Kennedy, Jim [mailto:[email protected]] Sent: Friday, March 20, 2009 1:04 PM To: NT System Admin Issues Subject: RE: April 1st Conflicker Version C to erupt Regular users on fully patched XP and you are screwed. Been there done that got the crappy T-Shirt. Not giving you a hard time but that is what I am seeing. And have seen it and verified it at multiple other places. I got lucky and saw it early and shut it down. I know some pretty big (22K users) places that got totally over run by it. At this point the only thing keeping us alive is the svchost key with only read rights for everyone, including system. > -----Original Message----- > From: Michael B. Smith [mailto:[email protected]] > Sent: Friday, March 20, 2009 12:59 PM > To: NT System Admin Issues > Subject: RE: April 1st Conflicker Version C to erupt > > I do not know the answer to this, but based on what I've read about the > infection vector, as long as you don't run as admin I suspect you'll be > ok. > At least on Vista and above. > > -----Original Message----- > From: Kennedy, Jim [mailto:[email protected]] > Sent: Friday, March 20, 2009 11:52 AM > To: NT System Admin Issues > Subject: RE: April 1st Conflicker Version C to erupt > > MS and the Anti-Virus vendors have really have let us down on this one. > > > > -----Original Message----- > > From: Ziots, Edward [mailto:[email protected]] > > Sent: Friday, March 20, 2009 11:37 AM > > To: NT System Admin Issues > > Cc: [email protected] > > Subject: April 1st Conflicker Version C to erupt > > Importance: High > > > > Folks, > > > > Seeing quite a bit of activity with Conflicker, and on April 1st > > according to the following site. Its going to erupt with a lot of > > malicious activity ( port 80 outbound, P2p, mass infection, so > > definitely get your systems patched, and AV, Signatures, HIPS > updated) > > Just dealt with a bout of this worm today. > > > > http://mtc.sri.com/Conficker/addendumC/ > > > > Sincerely, > > Z > > > > Edward Ziots > > Network Engineer > > Lifespan Organization > > MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + > > [email protected] > > Phone:401-639-3505 > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
