Could all these brand-new, April 1 symptoms be from Conflicker?

Factual Questions
1

The irony is painful. On Monday, I emailed my friends and family about the steps they needed to take to protect themselves against the possible threat of Conflicker C and the new instructions expected to arrive on April 1. I included a RAR file with Microsoft’s Windows update from last year to patch the hole Conflicker exploited, along with Microsoft’s scan & removal tool for Conflicker along with Panda’s autorun killer. Naturally, I ran them all myself first. I also use ZoneAlarm, Avira Antivir Premium (which promised to kill Conflicker dead), and Spyware Doctor, and I constantly update their defs. Plenty of professionals were going out of their way to calm people down, insisting that there was little danger. So, after all that, I figured I was quite safe.

Alas, when I booted my main Windows XP SP3 computer today, I encountered the following symptoms:

(1) Performance was terrible. This is one known symptom of Conflicker (but a lot of malware will do that).

(2) The mouse pointer moved slowly and jerkily. This might be a direct result of the poor performance, of course. But maybe it’s something else.

(3) I’d read that one symptom of Conflicker infection was that it wouldn’t allow the user to browse to the major anti-virus manufacturer’s sites. But what I saw was worse: I could not enter any text in the address bar of Firefox 3.0.8 at all! The buttons worked, but it would not accept any typed input. Thus, I couldn’t even try to go to Panda’s or Avira’s or Symantec’s sites.

(4) I downloaded McAfee’s Avert Stinger (which promises to find and repair any Confliker infections) to my Vista laptop and copied it to a flash drive for transferring to the infected XP computer (the day before, I had run Panda’s autorun killer and flash drive cleaner on the flash drive I used, so I thought it would be safe). I launched it on the XP machine and enabled strongest option settings, including “high” heuristic suspicion. It ran for about a half-hour before it hung forever on a file named “C:\Windows\Common\000012ef.js”.

(5) I tried navigating to that file to look at its contents and delete or rename it, but the system performance was so poor that even 30 minutes later, Explorer still hadn’t responded to my attempts.

(6) Figuring that Safe Mode was my best next move (to delete “000012ef.js” if nothing else), I rebooted and pressed F8 to get to the Safe Mode boot page. Once I got there, I tried using the arrow key to select “Safe Mode”, but the arrow key didn’t do anything! I couldn’t budge the selection away from “Start Windows normally” no matter what I did! I even tried a different keyboard and mouse, but that made no difference.

Finally, here’s my question: What should I do now? The infected machine runs far too slow to effectively deal with this problem within normal Windows mode, but I can’t even get into Safe Mode!

2

(3) I’d read that one symptom of Conflicker infection was that it wouldn’t allow the user to browse to the major anti-virus manufacturer’s sites. But what I saw was worse: I could not enter any text in the address bar of Firefox 3.0.8 at all! The buttons worked, but it would not accept any typed input. Thus, I couldn’t even try to go to Panda’s or Avira’s or Symantec’s sites.
Something very similar happened to me last night, about this time. Early into Apr. 1, about 2 or so in the morning. I use Firefox, and was attempting to visit you tube. As I typed, the letters did not appear in the order in which I typed them. Some letters appeared AFTER the “dot” in dot com. I usually don’t fall for anything on Apr. 1, but having heard of the new virus, I freaked a little. I shut down everything, ran malawarebytes, and went to bed. In the morning, there was nothing to report in terms of malware, and everything was back to normal.
Sorry if this is not the same thing you’re experiencing, but the firefox address bar thing was similar.

3

Update: Okay, I have re-flashed my system BIOS from a bootable CD. This has improved my situation considerably!

However, when I boot into normal Windows mode and run a full scan using Avria’s AntiVir Premium 9, it always hangs forever while scanning a file. It never finishes, and eventually I’m forced to reboot. The thing is, it’s not always the same file. Once it was a javascript file, but ever since its been an HTML file. But it hasn’t been the same file twice.

Another symptom I see is that sometimes when I boot into normal Windows mode, I see extremely poor performance (yet other times I do not see that problem). Since one symptom of Conflicker is suddenly poor performance, that, combined with the fact that I first saw that on April 1, originally led me to think Conflicker may have been involved. Now, I tend to doubt it’s Conflicker because the symptoms are too severe, and seeing these problems first emerge on April 1 seems to be a coincidence.

But Avira AntiVir still hangs each and every time in normal Windows mode. When I run it from safe mode, it completes without detection and without error.

Thus, I still have some kind of infection, and I’m obviously going to have to use something other than Avira AntiVir Premium 9 to find and fix it. And I’d prefer not to use an online scanner. My next move is to perform a complete scan with Spyware Doctor and see if it finds anything. If that doesn’t solve my problem, I’ll try a demo of some other anti-virus tool.

4

Not a virus scan, but I did come across this link to a page that gives you a good idea if you are infected

http://www.confickerworkinggroup.org/infection_test/cfeyechart.html
The top row of images are all linked from Antivirus manufacturers, where the bottom row is not…in theory with the worm, you shouldn’t see the top row

5

>I included a RAR file with Microsoft’s Windows update from last year to patch the hole Conflicker exploited

First off, microsoft never packs files with rar. Did you rar this file yourself or did you just pass on something mailed to you. Im guessing the “cure” you gave them was just another virus. You should never, ever send executables through the mail. Just link to MS’s website.

>The infected machine runs far too slow to effectively deal with this problem within normal Windows mode, but I can’t even get into Safe Mode!

Google for UBCD4WIN and make the boot cd. It has antivirus apps.

Or run the scs.exe tool from another PC and point it to your PC’s ip address. It will detect conficker.

>Figuring that Safe Mode was my best next move (to delete “000012ef.js” if nothing else)

Get the XP disc, boot to the recovery console and delete this file. Or use the UBCD4WIN to do this with the GUI.

If none of that works just reformat the PC. Get your files off with the ubcd4win or a linux boot disc.