![[Image: virus-conficker.jpg]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_mHuACNe1gWmtB6Bu3PIfg0ZpaM3tohlY6FF_UPn6v7PmEp84mImOic6gphJ8P_0i0HJuCjRoUW3SXKF4XB-pUOoabj0zJ4w_Z-FvL0bCPJtbf8qYOpxQI5NSFufhti1e1TBcceLo2Zs/s320/virus-conficker.jpg)
Symptoms to check if your computer is infected with this:
* Show all hidden files and folders are not working
* Can’t access anti-virus websites like: Bitdefender.com Symantec.com, and patch sites like Microsoft.
* The existence of a file named: jwgkvsq.vmx inside the RECYCLED folder.
* Creates autorun.inf files on USB devices plugged in an infected machine. Also other viruses does this.
* Account lockout policies being reset automatically.
* Certain Microsoft Windows services such as Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender and Error Reporting Services are automatically disabled.
* Domain controllers respond slowly to client requests.
* System network gets unusually congested. This can be checked with network traffic chart on Windows Task Manager.
* Launches a brute force dictionary attack against administrator passwords to help it spread through ADMIN$ shares, making choice of sensible passwords advisable.
Remove the virus:
Some of the well-known security companies came up with tools for removing the Conficker/Downandup worm virus. Removal tools can be freely downloaded from any of the following security sites:
* Microsoft
* BitDefender
* ESET
* Symantec
* Sophos
* Kaspersky
* McAfee Anti-virus with updated detections can remove this by scanning your system.
* AVG can also remove it via system scan, if you have it installed and updated.
How to remove the Conficker/Downandup worm virus?
1. Download Conficker/Downandup removal tools from the given sites above.
2. Disconnect from the internet, and remove any network cables at the back of your PC/laptop, and also remove any plugged-in USB devices.
3. Login as Administrator on your computer, or any account that has administrator privileges.
4. Run the removal tool. My recommendation is to use the removal tools from BitDefender (quick scan) and Symantec (thorough scan). But if you are not content, just run all the removal tools for greater detection.Simple-case: The removal tool will detect and remove the Conficker worm and ‘may’ require that you restart your computer.
Extreme-case: The removal tool won’t run because the virus is preventing it from running. Quick solution:
1. Open task manager (CTRL+ATL+DEL)
2. Terminate (End) the process with these names: explorer.exe and svchost.exe
3. A countdown timer will appear requiring you to restart your computer. DO NOT DO ANYTHING AT THIS POINT EXCEPT… Immediately run the BitDefender Tool (quick scan) so that it will remove the virus before your computer restarts.
4. If the tool won’t still run, ‘end process’ all the svchost.exe and try running the removal tool again.
It only affects Windows system that aren’t patched with the latest update. Run autoupdate and patch your Windows. It is critical that these patches be installed:
Microsoft Security Bulletin MS08-067 – Critical
Vulnerability in Server Service Could Allow Remote Code Execution (958644)
http://www.microsoft.com/technet/securit...8-067.mspx (download for XP)
Microsoft Security Bulletin MS08-068 – Important
Vulnerability in SMB Could Allow Remote Code Execution (957097)
http://www.microsoft.com/technet/securit...8-068.mspx (download for XP)
Microsoft Security Bulletin MS09-001 – Critical
Vulnerabilities in SMB Could Allow Remote Code Execution (958687)
http://www.microsoft.com/technet/securit...9-001.mspx (download for XP)
For manual download of patches for Windows XP and Vista go to http://www.softwarepatch.com/windows/
How to Remove Kido / Conficker / Downadup / Downup Worm?
Posted by Anonymous Saturday, December 12, 2009 at 8:10 PM
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment