Infesting you with Virus News
 

News

Contributed by: Nono
Date: January 20, 2009
Nono
53
Vote
0

How to Remove and Avoid the Win32/Conficker Worm
 

worm_invasion.jpg

Back in October Microsoft shocked us all by releasing an emergency security update to inform users about a vulnerability, known as MS08-067. The first type of malware to exploit this vulnerability was the TrojanSpy:Win32/Gimmiv.A. This Trojan quietly installed spy programs and or keylogger programs on computers in order to steal passwords and system information. The stolen information is then sent to a remote server where the perpetrator can utilize it for malicious activities.

Not long after the update was released came the emergence of new kind of malware called Win32/conficker.A. Through the exploitation of the Windows Server service vulnerability, this worm has the ability to infect computers across networks, basically allowing for remote code execution when file sharing is in use. Windows 2000, XP, Windows Server 2003 and any other version of the operating system with a “wormable exploit” were found to be vulnerable to this worm.

Then came the Win32/Conficker.B worm, like Conficker.A, it also has the ability to spread via network shares as well as removable drives. As a clear defense mechanism this worm is capable of disabling security services and obstructing a user's access to security related websites. This restriction opens the infected system to more attacks on top of preventing the system from downloading any new security software or receiving any updates for current security software. The worm also attempts to prevent its removal by using the access control list to fasten its executable onto the infected system.

Here are a few more symptoms you can look out for with regards to the Conficker worm:

Win32/Conficker.A Win32/Conficker.B
Symptoms:
The symptoms are detected in the files, registry, and network communication referenced in the characteristics section.
  • Users locked out of directory
  • Denied access to admin shares
  • The creation of Scheduled tasks
  • Access to security related web sites is blocked.
 Symptoms:
  • Tripped account lockout policies.
  • Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and Error Reporting Services are disabled.
  • Slow responses from Domain controllers to client requests.
  • Congested network.
  • Blocked access to various security-related Web sites.


If you  are experiencing any of these symptoms then the worn has probably got you, but not to worry there is a way out. Microsoft has developed a tool called the Malicious Software Removal Tool (MSRT) that they claim can remove the Win32/Conficker malware family. F-Secure developed the Malware Removal tool and Symantec developed the W32.Downadup Removal Tool to remove the same Conficker worm.

If you are not experiencing any of the above symptoms and you use Windows, here is some friendly advice on how to stay clear of the Conficker Worm:

  1. First of all make sure your system has the most recent Windows updates, such as MS08-067, MS08-068 and MS09-001.
  2. Ensure that you have a good security suite, an effective firewall is important.
  3. Avoid "free" security scans that pop up on random websites, it could be a scam to further infect your system.
  4. Use caution when opening attachments or links from unknown sources.
  5. Turn the “autorun” feature off, it automatically runs programs found on memory sticks and USB devices.
  6. Ensure that you utilize strong administrator passwords

Conficker has been spreading like wild fire resulting in researchers speculating on what the perpetrators ultimate goal might be. Having infected over 3.5 million computers researchers are wondering if Conficker might not be a botnet in the making.

Resources:
Win32/conficker.A
Win32/conficker.B
F-Secure Malware Information Pages: Worm:W32/Downadup.AL
Symantec: W32.Downadup Removal Tool

User Comments

Srinivas March 13, 2010
My Computer is affected by some virus. When I tried copy and paste any files (to desktop or in any of my drives), the paste option remains greyed. so, i cannot paste. If I copy any text and paste it in any document or address bar in Internet explorer, it will paste only "Confikar!worm". please can any one help me in this issue.
ana January 27, 2010
some program to W32/Conficker!mem ¿?
Computer repair October 31, 2009
"EXCELENT IDEA ! IT SAVES A LOT OF SEARCH."
V1cTorZ May 22, 2009
Oh, not agaaaain......I'll have to paste again, because there aint editing comment available. http://www.microsoft.com/downloads/details.aspx?Fa milyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&am p;displaylang=en&displaylang=en
V1cTorZ May 22, 2009
Oh sorry, something messed up down there! I'll paste these links again http://www.microsoft.com/downloads/details.aspx?Fa milyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&am p;displaylang=en&displaylang=en http://support.microsoft.com/kb/890830
V1cTorZ May 22, 2009
You CAN remove Win32/Conficker with http://www.microsoft.com/downloads/details.aspx?Fa milyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&am p;displaylang=en&displaylang=en<br />
---OR--- <br />
http://support.microsoft.com/kb/890830<br />
<br />
;)<br />
But, to download this file itself, you'll need to put computer into safe mode (with networking).<br />
To do that, press F8 on your keyboard repeatedly, before windows starts to load. Select "Safe Mode With Networking"! Then you will be able to download this tool from microsoft.com. So be sure to "add to favorites" this page to click the link from here. Then you will just need to download the tool and run it in either "quick scan", or full one, if first hadn't helped.<br />
<br />
Thank you, Nono from writing this article, but you also might add an instruction "to switch to Safe Mode" here! =)
sunder May 10, 2009
please send conficker.B worm removal tool to me
amit March 2, 2009
pl download removel tool from following link

http://www.f-secure.com/v-descs/worm_w32_dow nadup_al.shtml
ghumpon_p February 23, 2009
please antivirus or removal tool for win32/conficker.B for me, Thank you
Balu February 5, 2009
PLease send me "Win32/Conficker" removal tool
Phil Barnhart January 21, 2009
If you have Win32/Conficker.B, there are additional steps you may need to take concerning AutoRun. In addition, looks like a new Microsoft product is also fixing this. See more at http://www.downadup.com
Name:
Email:
Website:
Comment:
Please type 5-digit security code below:
Captcha image for spam protection

Featured Videos

Registry Tutorials
From: PC1News Videos
Added: June 13, 2009
more videos

Software Downloads

SpyHunter V.3
Free Spyhunter Scanner (Spyware/Trojan Detection). DETECT Spyware, Trojans, Worms, Viruses and malware on your PC absolutely FREE.
Download now
Registry Mechanic 8
Award Winning software, Fixes registry and improves computer performance. Created by a division of Symantec, this tool will scan your registry and find errors that can be later cleaned either individually or all together.
Download now
SpywareBlaster 4.1
The tool is used to prevent the installation of spyware and other potentially unwanted software. As soon as you download it, you will be able to protect your system.
Download now

Latest Comments

Finding the Truth About Security Essentials 2010 Website
March 14, 2010
Every PC I have worked out that was infected with SE 2010 also was infected by the TDSS Rootkit. Just... more..
Worm/Win32.Koob .. 32.Koobface.ge
March 14, 2010
How do i remove the worm:win32/koobface? more..
Trojan:Win32/Hi .. 32/Hiloti.gen!
March 14, 2010
after removeing trojan hiloti n i get an eror loading run dll efoyevalan.dll on start up more..
more comments..
rss
Home | Files | Programs | Latest Comments | About us | Privacy Policy | Contributors | Contact Us
© 2008 - 2010 pc1news.com - All rights reserved.
Home  Tips  Downloads Videos Virus List Vulnerabilities
Home > Identity Theft > How to Remove and Avoid the Win32/Conficker Worm