The irony is painful. On Monday, I emailed my friends and family about the steps they needed to take to protect themselves against the possible threat of Conflicker C and the new instructions expected to arrive on April 1. I included a RAR file with Microsoft’s Windows update from last year to patch the hole Conflicker exploited, along with Microsoft’s scan & removal tool for Conflicker along with Panda’s autorun killer. Naturally, I ran them all myself first. I also use ZoneAlarm, Avira Antivir Premium (which promised to kill Conflicker dead), and Spyware Doctor, and I constantly update their defs. Plenty of professionals were going out of their way to calm people down, insisting that there was little danger. So, after all that, I figured I was quite safe.
Alas, when I booted my main Windows XP SP3 computer today, I encountered the following symptoms:
(1) Performance was terrible. This is one known symptom of Conflicker (but a lot of malware will do that).
(2) The mouse pointer moved slowly and jerkily. This might be a direct result of the poor performance, of course. But maybe it’s something else.
(3) I’d read that one symptom of Conflicker infection was that it wouldn’t allow the user to browse to the major anti-virus manufacturer’s sites. But what I saw was worse: I could not enter any text in the address bar of Firefox 3.0.8 at all! The buttons worked, but it would not accept any typed input. Thus, I couldn’t even try to go to Panda’s or Avira’s or Symantec’s sites.
(4) I downloaded McAfee’s Avert Stinger (which promises to find and repair any Confliker infections) to my Vista laptop and copied it to a flash drive for transferring to the infected XP computer (the day before, I had run Panda’s autorun killer and flash drive cleaner on the flash drive I used, so I thought it would be safe). I launched it on the XP machine and enabled strongest option settings, including “high” heuristic suspicion. It ran for about a half-hour before it hung forever on a file named “C:\Windows\Common\000012ef.js”.
(5) I tried navigating to that file to look at its contents and delete or rename it, but the system performance was so poor that even 30 minutes later, Explorer still hadn’t responded to my attempts.
(6) Figuring that Safe Mode was my best next move (to delete “000012ef.js” if nothing else), I rebooted and pressed F8 to get to the Safe Mode boot page. Once I got there, I tried using the arrow key to select “Safe Mode”, but the arrow key didn’t do anything! I couldn’t budge the selection away from “Start Windows normally” no matter what I did! I even tried a different keyboard and mouse, but that made no difference.
Finally, here’s my question: What should I do now? The infected machine runs far too slow to effectively deal with this problem within normal Windows mode, but I can’t even get into Safe Mode!