We wrote several diaries about Conficker (or Downadup, depending on the AV tool you are using). F-Secure posted some interesting information about the number of infections which is almost certainly in millions (and who knows how many machines will stay infected as the owners will not even notice anything).
F-Secure also blogged about the autorun.inf file where they noticed that it contained a lot of garbage (about 60 kb of random binary data). This fooled some AV programs so they didn't scan the device properly (otherwise, they would have picked up the referenced DLL also stored on the device).
Jan 15th 2009
9 years ago
This is a very interesintg site (although I miss an index)
Last week I just was in a cybercafe where Conficker has copied itself on my USB Stick. As I have Autorun turned completely off it could not infect my PC.
But when I try to delete Autorun.inf and jwgkvsq.vmx this is not possible.
Windows XP does not even show the security tab for files on removalbe drives.
Windows7 shows that the worm has set the ACL permissions to "Everyone"="Read". Bit Write and Delete are not allowed.
I tried to set "Full Access" permission with cacls but cacls also shows me an "Access denied" error.
Can you recommend a tool that resets the ACLs of a file so I can delete these files?
My USB stick is NTFS formatted.
The same cybercafe computer also infected my memory card of my digital camera. But there the files where easy to delete because it is FAT formatted.
Feb 4th 2010
7 years ago