[SIR****TMG]

http://four.cs.uni-bonn.de/fileadmin...er/cfdetector/ go to this site tells you right away if you have it.

[TOGG]

I got a 'may be infected' result the first time I clicked on that link, which I disregarded because everything Conficker is supposed to block still works for me.

Out of interest I then ran the 'eye chart' tester ;http://www.confickerworkinggroup.org...feyechart.html, got a clean bill of health and so went back to this test and got the all clear there as well. No idea what any of this means but, if anyone else uses it and gets a bad result, run it again!

[Blackmirror]

how does it work ??

[SIR****TMG]

click on the links shown its how it works

[Blackmirror]

I see its a redo of the eye chart

[SIR****TMG]

but the top one is not

[Blackmirror]

I dont see any links apart from one

[SIR****TMG]

In my first post I have the newest one out

[SIR****TMG]

Its not pictures it tells you in the left hand side of the page at the top if your clean or not

[TOGG]

I must apologise if my including the 'eyechart' link in my post has caused confusion.

I can confirm that the 'uni-bonn' link included in SIR****TMG's first post only produces a white page with the 'result' in the top left corner.

[Blackmirror]

I was curious on how it works
thats all

How reliable is it ?
conflicker is a nasty piece of work

http://news.bbc.co.uk/1/hi/technology/7973829.stm
Im sorry Sir i didnt mean to nit pick
I know it blocks you from AV sites but i have a feeling there is more to conflicker

[golferbob]

thanks for the info ,tested fine and only takes seconds.

[Gizzy]

Thanks for the link SIR****TMG.

I just looked at the code to see how it works and like the website says it's based on the eye chart but it uses CSS instead of images.

When the page loads it tries to load CSS style-sheets in different sub-directories

Code:

<link rel="stylesheet" type="text/css" href="http://four.cs.uni-bonn.de/fileadmin/user_upload/werner/cfdetector/d.css" />
<link rel="stylesheet" type="text/css" href="http://iv.cs.uni-bonn.de/fileadmin/user_upload/werner/cfdetector/c.css" />
<link rel="stylesheet" type="text/css" href="http://downad.four.cs.uni-bonn.de/fileadmin/user_upload/werner/cfdetector/b.css" />
<link rel="stylesheet" type="text/css" href="http://defender.four.cs.uni-bonn.de/fileadmin/user_upload/werner/cfdetector/clean.css" />

It works where if the bottom one (the all clean style-sheet) is blocked then you'll get an infected image....different images for different versions.

it loads different <div>'s depending on the style-sheets.

Code:

<div class="infected-d"><img src="infected.png" alt="infected" class="status" /> Status: <font class="status">System is possibly infected with Conficker.D</font></div>
<div class="infected-c"><img src="infected.png" alt="infected" class="status" /> Status: <font class="status">System is possibly infected with Conficker.C</font></div>
<div class="infected-b"><img src="infected.png" alt="infected" class="status" /> Status: <font class="status">System is possibly infected with Conficker.B</font></div>
<div class="clean"><img src="clean.png" alt="clean" class="status" /> Status: <font class="status">There are no signs for an infection.</font></div>

I guess it works because conficker is blocking sites with defender in the url?...and other versions of conficker blocking the other sub-directories is how it can tell what version you have.

I tested it by blocking the all-clean style-sheet url and I got an image saying I was infected with Conficker.B.

@Blackmirror
That's how it works though I'm not sure how reliable it is without actually being infected with conficker.

[Blackmirror]

I dont want it

Quote:

Some Conficker bots have also downloaded and installed Spyware Protect 2009, one of the many "scareware" programs in circulation. Scareware is the term given to fake anti-malware software that generates bogus infection warnings and then nags users with endless alerts until they pay to $50 to buy the useless program. According to Microsoft, the scam -- also called "rogue software" -- is one of the biggest threats to Internet users. In the second half of 2008 alone, Microsoft's anti-malware tools cleaned nearly 6 million PCs of scareware-related infections.

http://www.computerworld.com/action/...c=news_ts_head

Quote:

Windows PCs infected with the Conficker worm have turned into junk mail-spewing robots capable of sending billions of spam messages a day, a security company warned today.

[TOGG]

If you haven't already seen this it will tell you all you need to know, and maybe some you'd rather not know, about Conficker and its methods; http://mtc.sri.com/Conficker/addendu...tall-obfuscate