Not Over Yet with conficker, the varian of conficker is comming to infected computer again. ~X(
Virus’ Conficker.DV ‘using the distribution method that is different from preceding. virus trying to access the network using a slit windows’ Default Share ‘(ADMIN $ \ system32) with the administrator password.
In addition ‘Conficker.DV’ also create a file on removable media such as flash, hard drive and card reader to save the file hidden on the root drive.
While the action the same as preceding, the attempt to exploit MS08-067 security cleft or Windows, or Windows Server Service SVCHOST.exe. Many users are not infected because of the Automatic Updates feature and do not patch Windows MS08-067.
If you are like this, see step 7 short of the virus analyst Adi Saputra Vaksincom to eradicate the virus’ Conficker.DV ‘
- Disconnect the computer that will be cleared from the network / internet.
- Turn off system restore (Windows XP / Vista).
- Turn off the virus is active in the services. Use the removal tool from Norman to clean the virus is active. If you do not have, can be downloaded at the site norman.
- Delete the service svchost.exe fake virus on registry. You can search manually in the registry.
- Delete Task Schedule is created by the virus. (C: \ WINDOWS \ Tasks)
- Remove the registry string is created by the virus. To facilitate the registry can use the script below:
[Version]
Signature = “$ Chicago $”
Provider = Vaksincom Oyee[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del[UnhookRegKey]
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced,
Hidden, 0×00000001, 1
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced,
SuperHidden, 0×00000001, 1
HKLM,
SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Hidden \ SHOWALL,
CheckedValue, 0×00000001, 1
HKLM, SYSTEM \ CurrentControlSet \ Services \ Bits, Start, 0×00000002, 2
HKLM, SYSTEM \ CurrentControlSet \ Services \ ERSvc, Start, 0×00000002, 2
HKLM, SYSTEM \ CurrentControlSet \ Services \ wscsvc, Start, 0×00000002, 2
HKLM, SYSTEM \ CurrentControlSet \ Services \ wuauserv, Start, 0×00000002, 2[del]
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ applets, dl
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ applets, ds
HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ applets, dl
HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ applets, ds
HKLM, SYSTEM \ CurrentControlSet \ Services \ TCPIP \ Parameters, TcpNumConnections
Use notepad, then save with the name ‘repair.inf’, then ‘Save As Type’ to ‘All Files’ so that the error does not occur. Repair.inf run with the right click, then select install.
Meanwhile, for the active file on startup, you can mendisable through ‘msconfig’ or can be manually delete on the string: ‘HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run’
- For cleaning the virus W32/Conficker.DV optimally and prevent re-infection, you should use and update anti-virus that is able to detect this virus with both your computer and the patch with the official patch from Microsoft to prevent re-infection.
Interesting Stuff
Related Posts:
