Author Topic: Outwitting Conficked blocked sites.......... (Read 3213 times)

polonus · « **on:** April 03, 2009, 06:10:58 PM »

Hi malware fighters,

There is a way to outwit the Conficker worm to still be able to get to sites it has blocked, by disabling local DNS, the way to do that is explained here:
http://countermeasures.trendmicro.eu/restore-access-to-blocked-sites-on-conficked-systems/

polonus

DavidR · « **Reply #1 on:** April 03, 2009, 08:57:31 PM »

Seems like the instructions are somewhat flawed as simply stopping the DNSCache and DNSClient services is only good for that session, once you reboot they will be started again.

The DNSClient is the important one as if that isn't running there will be no dnscache.

So this really is a one off measure to just access security sites whilst trying to remove conficker if you had it.

YoKenny · « **Reply #2 on:** April 03, 2009, 09:29:47 PM »

The DNS Client service is really only needed if the system is part of an corporation's network using Active Directory and can really slow down browsing when using a large HOSTS file and thankfully HostsMan disables DNS Client service if it is installed to manage the HOSTS file.
http://www.sturmnet.org/blog/2005/02/09/xp-dnsclient

I use OpenDNS as it has detection for known bad sites and prevents visiting there:
http://www.opendns.com

DavidR · « **Reply #3 on:** April 03, 2009, 09:44:03 PM »

I said important only in that of the two that is the one to stop as without it the other won't work. I have my DNS Client set to Manual so it is available to those that require it (noting depends on it in my system).

I'm loath to disable services as that can really cause problems at least on manual it would be started if there was a dependency. I wouldn't recommend either manual or Disabled in somewhere like the forums as you don't know if there is something on their system that requires it, outside of conficker that is

I too use OpenDNS a great service.

polonus · « **Reply #4 on:** April 03, 2009, 09:50:51 PM »

Hi DavidR,

I agree with you that is more of a theoretical story than it is of practical value, but I passed the link as I found it, I hand it down, we share our views together in the thread and we are all so much the wiser.Well, this was the way I learned a lot on several issues here. So thanks for your reactions, ye all, learning about security is a mutual process,

polonus

DavidR · « **Reply #5 on:** April 04, 2009, 03:55:16 PM »

Why are you spamming the forums with these commercial links in your posts, advertising is against the forums rules, spammers will be reported.

Author Topic: Outwitting Conficked blocked sites.......... (Read 3213 times)

polonus

Outwitting Conficked blocked sites..........

DavidR

Re: Outwitting Conficked blocked sites..........

YoKenny

Re: Outwitting Conficked blocked sites..........

DavidR

Re: Outwitting Conficked blocked sites..........

polonus

Re: Outwitting Conficked blocked sites..........

DavidR

Re: Outwitting Conficked blocked sites..........