Conficker.e

Conficker.e Description

Not only does Conficker.e infect new machines, but it also updates computers infected with previous versions of the worm. The trojan spreads via MS08-067 security exploits. Conficker.e functions in pretty much the same way as its forerunners, Conficker B++ and Conficker.C. The worm joins compromised machines into a botnet - a collection of compromised computers running software under a common command-and-control infrastructure. The computer then might be used for DDoS attacks and spam attacks. Conficker.e (also known as Downadup) also establishes hidden remote access to the PC.

Technical Information

Registry Details

Conficker.e creates the following registry entry or registry entries:
RegistryKey
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[RANDOM CHARACTERS]\Parameters\"ServiceDll" = "[PATH TO SECURITY RISK]"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[RANDOM CHARACTERS]\"ImagePath" = %System%\svchost.exe -k netsvcs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[RANDOM CHARACTERS]" = "rundll32.exe "[RANDOM DLL FILE NAME]", [RANDOM PARAMETER STRING]"

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.