Does Anyone Have A Link To A Website With An Antivirus For Conficker C?
What’s the best way to prevent the Conficker C virus from infecting home computers?
- Zlob Downloader TrojanDo You need help with the zlob trojan virus? Here we have compiled a little info for you about the dangers and effects of the computer trojan, and also have resources for removal tools. […]
- Smitfraud C Will Hijack Your Background on Your Computer! Read This to Stop It!Has the image on your desktop changed to something that you are completely unfamiliar with? The virus known as Smitfraud C could be the cause of something like this. We have the solution to your problems! […]
- Need to Remove Zlob? Read This FirstZlob is no joke, and it can be a huge hassle to remove. If you have downloaded on your computer you will want to remove it quickly and have some sort of protection to keep it off. Read on for some tips and resources that I recommend... […]
- SmitFraud Removal Tool - Know What is Real and Fake!Do you have smitfraud and a program called SmitFraudFixTool has been bugging you to download and buy a program to remove the Smitfraud Downloader? You Need to read this article to find out why this program is fake! […]
- Virtumonde Virus - How Do I Remove Virtumonde Once and For All?Virtumonde is a horrible and very aggressive computer virus that is prevalent online today. If you have this virus you need to remove it as soon as you can to stop serious PC problems. […]
the best way to protect a computer is get antispyware and antivirus with real time protection. conficker also spreads by exploiting security holes in windows os. so you should also keep both windows and sotware updated to avoid these things.
here’s all the information you need to know about conficker.c: http://www.spywarevoid.com/remove-confic…
Everyone needs to go to the site below, download AVG and Malwarebytes to their computers and make sure before hand their systems are clean from any current viruses!
If you have any questions click to chat live with a technician and they will answer any questions you may have!
It is a free diagnostic that they offer and they are very reasonably priced!
I found it very useful and rest assured I am protected from this nasty virus.
Hope you found this useful.
General Methods of propagation:
• Local network
• Mapped network drives
Aliases:
• Symantec: W32.Downadup.B
• Kaspersky: Net-Worm.Win32.Kido.fw
• F-Secure: Worm:W32/Downadup.gen!A
• Sophos: Mal/Conficker-A
• Panda: Trj/Downloader.MDW
• Grisoft: I-Worm/Generic.CJY
• Eset: a variant of Win32/Conficker.AE worm
• Bitdefender: Win32.Worm.Downadup.Gen
Similar detection:
• Worm/Kido
Platforms / OS:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Side effects:
• Registry modification
• Makes use of software vulnerability
• Third party control
Files It copies itself to the following locations:
• %all shared folders% RECYCLERS-%number%%random character string%.vmx
• %ProgramFiles%Internet Explorer%random character string%.dll
• %ProgramFiles%Movie Maker%random character string%.dll
• %System%%random character string%.dll
• %Temp%%random character string%.dll
• %ALLUSERSPROFILE%Application Data%random character string%.dll
The following file is created:
– %all shared folders%autorun.inf This is a non malicious text file with the following content:
• %random comments%
shellexecute rundll32.exe %paths and filenames of malware copies%,%random character string%
%random comments%
Registry The following registry keys are added in order to load the service after reboot:
– HKLMSYSTEMCurrentControlSetServices%… words%
Parameters
• ServiceDll” = “%paths and filenames of malware copies%”
– HKLMSYSTEMCurrentControlSetServices%… words%
• “ImagePath” = %SystemRoot%system32svchost.exe -k netsvcs
“Type” = “4″
“Start” = “4″
“ErrorControl” = “4″
The following registry keys are changed:
– [HKLMSYSTEMCurrentControlSetServices…
Old value:
• “Start”=dword:00000003
New value:
• “Start”=dword:00000004
– [HKLMSYSTEMCurrentControlSetServices…
Old value:
• “Start”=dword:00000003
New value:
• “Start”=dword:00000004
– [HKLMSYSTEMCurrentControlSetServices…
Old value:
• “Start”=dword:00000003
New value:
• “Start”=dword:00000004
– [HKLMSYSTEMCurrentControlSetServices…
Old value:
• “Start”=dword:00000003
New value:
• “Start”=dword:00000004
– HKCUSoftwareMicrosoftWindowsCurrentV…
New value:
• “Hidden”=dword:00000002
“ShowCompColor”=dword:00000001
“HideFileExt”=dword:00000000
“DontPrettyPath”=dword:00000000
“ShowInfoTip”=dword:00000001
“HideIcons”=dword:00000000
“MapNetDrvBtn”=dword:00000000
“WebView”=dword:00000000
“Filter”=dword:00000000
“SuperHidden”=dword:00000000
“SeparateProcess”=dword:00000000
Network Infection In order to ensure its propagation the malware attemps to connect to other machines as described below.
IP address generation:
It creates random IP addresses while it keeps the first three octets from its own address. Afterwards it tries to establish a connection with the created addresses.
Infection process:
It makes the compromised machine download the malware from the infected source computer.
The downloaded file is stored on the compromised machine as: .RECYCLERS-%number%%random character string%.vmx
Hosts – Access to the following domains is effectively blocked:
• ahnlab; arcabit; avast; avg.; avira; avp.; bit9.; ca.; castlecops;
centralcommand; cert.; clamav; comodo; computerassociates; cpsecure;
defender; drweb; emsisoft; esafe; eset; etrust; ewido; f-prot;
f-secure; fortinet; gdata; grisoft; hacksoft; hauri; ikarus; jotti;
k7computing; kaspersky; malware; mcafee; microsoft; nai.;
networkassociates; nod32; norman; norton; panda; pctools; prevx;
quickheal; rising; rootkit; sans.; securecomputing; sophos; spamhaus;
spyware; sunbelt; symantec; threatexpert; trendmicro; vet.; virus;
wilderssecurity; windowsupdate
Miscellaneous Internet connection:
In order to check for its internet connection the following DNS servers are contacted:
• http://www.getmyip.org
• http://www.whatsmyipaddress.com
• http://getmyip.co.uk
• http://checkip.dyndns.org
Checks for an internet connection by contacting the following web sites:
• baidu.com; google.com; yahoo.com; msn.com; ask.com; w3.org; aol.com;
cnn.com; ebay.com; msn.com; myspace.com
File patching:
In order to increase the number of maximum connections it has the capability to modify the tcpip.sys. It may result in a corruption of that file and break network connectivity.
Rootkit Technology It is a malware-specific technology. The malware hides its presence from system utilities, security applications and in the end, from the user.
Method used:
You should unplug the internet for at least one week until there is virus definitions updates. Also, you should not allow outside thumb drives, or any other type of removable storage (mp3 player, iPods, etc.), even your own thumb drives!
http://www.softpedia.com/get/Antivirus/M…
THis will mess up the ol conficker mcafee style!!!
If your Windows and AV are fully up-to-date you have little to worry about. Be very wary of clicking on links to “Conficker removers”, there’s some malicious sites sprung up.
If your Windows and AV aren’t up-to-date, do it now.
Try the link below
Prevention and Information about Conficker Computer Virushttp://www.review-ninja.com/2009/03/conf…
Go to her.
Click on start download.
http://www.microsoft.com/downloads/thankyou.aspx?familyId=ad724ae0-e72d-4f54-9ab3-75b8eb148356&displayLang=en
Just don`t go onto the computer at all until it is sure that the virus is completely gone.
http://www.eset.eu/home
I think this is a safe one as it comes from a legitimate security vendor
http://tech.yahoo.com/blogs/null/132464