by Tina Gasperson
You’ve probably already heard about Conficker, the April Fool’s Day virus that was purported to take control of infected computers on that day in 2009. Experts say that the virus didn’t act in as widespread a manner as first thought, but the virus is still out there and may even be circulating in a mutated variety, so don’t let your guard down yet.
The easiest way to determine whether or not the Conficker virus is active on your system is to get online and browse to a major antivirus manufacturer Web site, such as McAfee or AVG. If you cannot access these sites, there’s a good chance your computer is infected with Conficker.
Since Conficker blocks your access to the very sites that hold the cure to the infection, the first thing you need to do is regain access. Click “Start,” “All Programs,” “Accessories,” “Command Prompt.” Type NET STOP DNSCACHE and press Enter. Now to unblock antivirus and other sites that Conficker has blocked, click “Start,” “All Programs,” “Accessories,” “Notepad.” In the Notepad window, click “File,” “Open.” Click on “My Computer” in the sidebar. In the text entry bar beside “File name,” type this:
c:\windows\system32\drivers\etc\HOSTS
Press Enter. Notepad opens the file. Now scroll down and look for any lines of text that include the domain names of antivirus Web sites or Microsoft.com. When you find these, insert a # before those lines. When you’re done, click “File,” “Save” and exit Notepad. Now you will be able to browse to Microsoft to update your security files, and to your preferred antivirus site to do a scan. You may need to do several scans and reboots to fully clean the virus from your system.
If you have not been infected with Conficker, stay safe by making sure your antivirus is up to date, and be sure that you have installed Microsoft update KB958644. Click “Start,” “Control Panel,” “Add or Remove Programs.” Make sure there’s a check next to “Show Updates.” Scroll down to “Windows XP – Software Updates” and find (KB958644). If you don’t see it, open Internet Explorer and go to WindowsUpdate.com and download the update there.
Some antivirus experts also recommend that you turn off the Autoplay feature so that a malicious software program cannot automatically install itself. To turn off Autoplay, click “Start,” “Run.” Type regedit and press enter. Find HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Policies\Explorer then double click NoDriveTypeAutoRun and change Value Data to FF. Make sure that under Base, the radio button for Hexidecimal is selected. Click “OK.”
As always, the best virus infection prevention is to be aware of what’s happening when you’re online. Supervise others who may be using your computer. And be sure to keep your antivirus software updated and turned on.
Tina Gasperson (tinahdee@gmail.com), affectionately known as Computer Lady by her family, has been writing about IT, home computing, and the Internet for more than a decade.