Source code for Conficker 2

[assarvahid]

This may sound silly,but Ineed to infect my PC again.
the situation is that we sell different software to our customers and one of the customers sent in their computer for repair.They complained about one of applications that was malfunctioning.As a routine test we ran antivirus and detected Conficker.Whe removed from the computer,the problem was solve and we invoiced them for virus removal service.
They have refuse to pay and we have been asked to reproduce the problem to prove our diagnosys.

Can any one please help us to infect the pc again?
Cheers

 

[cmeagan656]

How long ago did you clean the infection? If it wasn't too long ago and not too much additional software or updates have been installed you could try doing a system restore to a point just before you cleaned the machine. A system restore will generally reintroduce the virus. I've used it myself when a virus cleanup went sideways. The caveat is that it won't work if you wiped the restore points after you cleaned up the machine.

Hope this helps.

Please help us help you. Read Tek-Tips posting polices before posting.

 

[BadBigBen]

They have refuse to pay and we have been asked to reproduce the problem to prove our diagnosys.

That is why one usually prints out the LOG file...

As a routine test we ran antivirus

if it is ROUTINE then you shouldn't charge them for it or have that already included in the service charges to begin with...

now, if the RESTORE POINTs where deleted, as CMeagan points out, then you would need to find a website that has that file or contact one of the many AV firms out there, and they may give you the file(s)...

have a read, (links where not tested):

Conficker! how to get infected?

http://www.offensivecomputing.net/?q=node/1143

Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"

 

[Diancecht]

I hope no one perform a virus cleaning with system restore on ... I wouldn't pay for that

Cheers,
Dian

 

[assarvahid]

I think this thread is heading to wrong direction.I thought the thread was to solve a problem and not for leaving sarcasting comments.

For Cemeagan:
We had disabled system restore before removing the virus.


As for BadBig Ben:
Yes, we do have the log files but the problem is that we can not prove that they belong to the same machine.Any hlp on that?
and I am not sure if we share the same definitation of Routine testa as if we did I am sure you would also charge for the same .
and thanks for the link.(I did not use)
For Diane:
Yes we had disabled the system restore .We are professionals and normaly do know what we are doing.That's why we get paid.

The solution:As guided by BadBigBen
We contacted our antivirus program vendor and they provided us with a complete list od Conficker activities.That proved our point and our check is on the way.

 

[BadBigBen]

Routine = is always done...

from what I understood, it was that you guys always do, but only charge when you actually find a malware to remove. which on the occasions that you do not find any, is wasted man-hours, thus I suggested that it should be included in the original service fees...

this is just my opinion, by no means sarcastic...

as to the LOG file, doesn't it list hardware and possible HOST name, in it? if it doesn't then it is no good for the purpose of proving to clients that you did an actual scan on the PC...

as to the link, heck I did not use it either, way to dangerous... ;-), unless you sandbox it, e.g. a virtual machine with no NIC, but what good would that do then...

glad that the suggestion, to contact the AV company, was fruitful in the endeavor to proof to the client that it was at fault, and that he will pay for the service..


Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"

 

[Diancecht]

Hey, I'm not the one who mentioned system restore!

Anyway, I'm sarcastic, that's me. Did you notice when you get your car to repair the write down the problem and make you sign? That's the way to go.

You cannot prove anything by reinfecting the computer. A => B, C => B doesn't mean A=C. So the application didn't work and now it works, that's what you are billing and that needs to be your point.



Cheers,
Dian

 

[kjv1611]

Interesting thread indeed, this is.


I've not had any issues with any repairs I do, but you could say I'm more or less a "shade tree" fixer upper in that it's not my full time job. However, in attempting to always improve my work/efforts, I think there is some good advice in here. The log files is something which I actually have not thought about so far... I mean, I've glanced them over ofentimes, but never thought of using as proof of work done... Well, it's food for thought anyway...

Not to mention getting a customer to sign off on a document stating something like, this is what my problem is, and this is what was done to fix it, or something similar. Makes sense to have at least SOMETHING along those lines, to protect both parties, and to have something of record for recurring issues with the same customer, might help to be more helpful down the line? maybe, maybe not. But good to think about, anyhow.



--

"If to err is human, then I must be some kind of human!" -Me