Loading ...
Português|
|
Tweet |  More |
Conficker Description
Conficker, also known as W32/Conficker.worm, Win32/Conficker.A, W32.Downadup, Downadup and Kido, is a worm that exploits flaws found in Windows MS08-067 vulnerability. When Conficker infects your PC, it may prevent you from accessing security websites and disables Windows system services such as Windows Security Center, Windows Error Reporting and Windows Defender. The danger with Conficker is its ability to spread itself to other vulnerable computers through network shares. If one computer in a network is infected, then it can spread to other computers within that network. Microsoft has released a patch to fix the Windows vulnerability.
It is imperative that you download the latest released patch from Microsoft Windows Update. Also, Conficker uses random file names to prevent easy detection so it is best to use an anti-virus or anti-spyware software that will allow you to scan your entire computer instead of attempting to delete Conficker’s files manually.
Type: Worms
How Can You Detect Conficker?
Conficker Technical Report
As new Conficker details are reported by our customers and findings from our Threat Research Center, we will update this section.
The following Conficker files with its MD5s were created in the system:
| File Name | File Size | MD5 |
|---|
| vhoinp.dll | 89088 | e80c7cb77020f9326e15b3a0fb298045 |
| malware.exe | 110592 | 09edf06953b56ee6a8cb6823cb3b2996 |
| malware.exe | 188886 | 38c3d2efdd47b1034b1624490ce1f3f2 |
Conficker Removal Details
Conficker has typically the following processes in memory:
- %Temp%\[RANDOM FILE NAME].dll
- %All Users Application Data%\[RANDOM FILE NAME].dll
- vhoinp.dll
- %Program Files%\Movie Maker\[RANDOM FILE NAME].dll
- %System%\[RANDOM FILE NAME].dll
- %Program Files%\Internet Explorer\[RANDOM FILE NAME].dll
Conficker creates the following files in the system:
- %Temp%\[Random].tmp
- %System%\[Random].tmp
Conficker creates the following registry entries:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHO WALLCheckedValue = dword:00000000
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{random}\”ImagePath” = %SystemRoot%\system32\svchost.exe -k netsvcs
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{random}\Parameters\”ServiceDll” = “[PATH OF WORM]”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost, netsvcs = %Previous data% and %Random%
Important Article Disclaimer
Conficker
October 29th, 2009 at 10:53 am
I m suufer to this virus, pls some advice for this virus.
Giveing me some for this virus, i rquest u.
[Reply]
June 29th, 2011 at 12:16 am
My partner and I found you alternate web page and thought I might as well check things out. We like Conficker Removal Report and everything that I discover so I am just a fan. Look toward looking into ones web site Conficker Removal Report repeatedly Plus my thoughts go with those in Japan we hope your are OK and safer !… Peace … Flash Factory
[Reply]
July 3rd, 2011 at 6:00 pm
I’m no longer certain the place you are getting your info, but good topic. I must spend a while finding out much more or understanding more. Thanks for wonderful info I was on the lookout for this info for my mission.
[Reply]
July 10th, 2011 at 1:42 pm
Great story once again. I am looking forward for your next post:)
[Reply]
July 20th, 2011 at 4:01 am
Greetings! This is my 1st comment here so I just wanted to give a quick shout out and tell you I really enjoy reading your posts. Can you suggest any other blogs/websites/forums that deal with the same subjects? Thank you!
[Reply]
July 27th, 2011 at 5:51 am
It’s a great information to be shared so that the users will be aware of it. Thanks for this valuable information.
[Reply]
September 15th, 2011 at 10:34 pm
I was suggested this web site by my cousin. I am not sure whether this post is written by him as no one else know such detailed about my problem. You’re amazing! Thanks!
[Reply]
October 18th, 2011 at 6:40 am
I’ve been surfing online more than three hours today, yet I never found any interesting article like yours. It is pretty worth enough for me. In my opinion, if all web owners and bloggers made good content as you did, the web will be a lot more useful than ever before.
[Reply]