This just off of Yahoo...
Conficker Eye Chart: How it works
Mon Apr 13, 2009 3:53PM EDT
Many readers have been wondering what the easiest way is to determine whether their computer has been infected with the Conficker worm. Previously I've pointed them to this
and that recommendation still holds -- but now I want to respond to further questions about how it works.
First, some have looked at the spartan Eye Chart and have worried that it might be, at best, a sham designed to lull you into a false sense of security and, at worst, yet another delivery mechanism for the Conficker worm. It is neither.
The Conficker Eye Chart is in reality a very clever way to determine if your computer is compromised, and it doesn't require you to do anything but click one link.
Here's how it works, in brief: Visit the web page linked above and you'll see six images: The three on top are for security software websites, and the three on the bottom are the logos of various open source operating system distributions.
The clever part of all this is that the logos aren't actually being served from the web page linked above, but are rather drawn directly from the six different websites to which each logo belongs.
Conficker (as many other pieces of malware) blocks your web browser from reaching many security websites, so if you don't see some of the security logos on the page, you probably have a problem. Why include the open source logos below it? Because if they don't show up, you are probably simply experiencing an internet connectivity problem instead of being the victim of a malware attack.
Whatever you see on the Eye Chart page, just scroll down a bit to determine how to interpret the images in question. Different strains of Conficker will cause a different set of logos to appear (since Conficker.B doesn't block the SecureWorks logo). Of course, you should also remember that many other viruses and worms block access to security software websites, so not seeing some or all of the images could also be a symptom of a different infestation. If you see all the logos, you're probably in the clear.
One point to remember is that Conficker's creators -- or someone -- have been attempting to attack the Eye Chart page directly, so the page may not load at all. If that's the case, don't assume you have Conficker; it's probably just a temporary site outage.
Instead, try one of these other sites, which are also hosting the exact same Eye Chart and which will work exactly the same way.
If you have received the Conficker payload already then the eyechart is useless because the revised payload allows the eye chart to work. An alternate way to see if you have Conficker is to try to visit the Windows Update website using IE. IE will halt and crash with the hourglass spinning if Conficker's payload has been installed. You can also try to run the automated Windows Update. If you can get it to run, you will see that all the updates fail to work. Also manually trying to install a new version of IE will also fail. These are all good indications that you have Conficker installed.
Life Member David BB Linkmeister US Army '78-'85 West Central Wisconsin