"Scan for Cornflicker by April 1st" :WindowsSecrets

Most here that use Comodo tools should be safe from the Cornflicer worm, but many of our friends and family might not be.

This special release from WindowsSecrets is both interesting and Important for those that might not be !



About a year or more one of my suggestions was to have links in each product directly back to the support page of the product for updates or the Comodo Forum.

The reason at that time was twice over several months my IP DNS server went down, and I could not access the Internet. IE did not get out neither did google, Qnext, MSN, and AIM, (the others probably failed because they all utilized IE). The exception both times was Yahoo IM, and I am not sure why?

I suggested at that time to directly use the numeric ip address in the links in Comodo products for support, updates, or to reach the Comodo Forum, instead of the current and most popular name conversion DNS

From the article this caught my attention

If your PC is infected, a technical trick might enable you to visit a site that Conficker is blocking. Instead of entering the site's domain name in your browser's address bar, enter the site's dotted-decimal IP address instead, which Conficker doesn't seem to interfere with. (My thanks to Woody Leonhard for his help with this tip.)

For example, Conficker might block your browser from showing the Computer Associates advisory I just mentioned. If so, you could replace the domain name shown in the first line below (www.ca.com) with the dotted-decimal IP address shown in the second line (


Here’s one way to learn the IP address of a Web site: using an uninfected PC, open a Firefox window and install the Show IP browser extension. With this extension enabled, the IP address of whatever site you’re visiting shows up in the browser’s status bar.

Of course, if you navigate to a site using its IP address and then click a link, the site will probably use a spelled-out domain name in the link. Conficker would block the resulting page, which you’d have to replace manually with its dotted-decimal equivalent.

Conficker’s blocking of security sites is little-understood by most journalists. For this reason, many fix-it tips from usually reliable sources won’t actually help the victims:


Hey I was just wondering is this because of “conficker”? I know the screenshot doesn’t say much but is it a possible conficker attack? I got a red alert from defence+ warning me about a shellcode injection attempt!!! Comodo did stop it.

I wasn’t sure what happened but now I’m seeing this “conficker” name all over the internet.

[attachment deleted by admin]

The malware Comodo stopped could be a number of things, check the logs to see if you notice anything during the time you saw this happen.

About every 2-3 years a malware comes along that has already infected PCs and is on the verge of a possible catastrophe. This started way before Microsoft had a patch available for conflicker.

Conflicker has morphed several times. I think over all it was not has bad as it could have been, but the panic everyone read and saw was because of lack of discipline on updating, scanning and patching by Too many PC users around the world.
Not sure if we will see IF anything really occurred OR if it is set for a future date.

Most Comodo users should be protected, but as I posted what about your friends and family?