|
Malware -
Viruses
|
| Conficker, also known as Downup, Downadup and Kido, is a computer worm which targets the Microsoft Windows operating system. Conficker disables a number of system services such as Windows Automatic Update, Windows Security Center, Windows Defender and Windows Error Reporting. It then connects to a server, where it receives further orders to propagate, gathers personal information, and downloads and installs additional malware onto the victim's computer.The worm also attaches itself to certain Windows processes such as svchost.exe, explorer.exe and services.exe . All the tools/ softwares mentioned in this article are freeware. Videos demonstrating the steps are embedded where ever possible. You can download the free removal tool from Symantec from this link.
Aliases:
Net-Worm.Kido!sd6 [PCTools]
W32.Downadup.B [Symantec]
Net-Worm.Win32.Kido.ih [Kaspersky Lab]
W32/Conficker.worm.gen.b [McAfee]
Mal/Conficker-A [Sophos]
Worm:Win32/Conficker.C [Microsoft]
Net-Worm.Win32.Kido [Ikarus]
|
Check your security and your browsing habits: Insecure browsing habits will bring you more trouble than you expect, specially in the days to come. Click here to read more...
| |
| Turn off - system restore : The malicious files are saved in the system restore backup. You need to turn system restore off to remove them. You can turn it ON after cleaning the computer. Click here to read more... | | Turn Off internet Connection: If you are on a network or have a full-time connection to the Internet, such as a DSL or cable modem, disconnect the computer from the network and Internet. |
| View Hidden files : You need to enable this, in order to see the hidden files and folders, or else the files will not appear in the serch results too. Click here to read more... | Boot in safe mode: If you are unable to delete the malware files/ folders and get "Access denied" message, try doing it while in windows safe mode. Click here to read more...
|
Deleting files on the hard disk run the downloaded tool, by double clicking on it. you need to be in an Administrative account in order to run this tool.
|
Manually removing malware entries from Registry You can edit the registry by using the windows built in registry editor. Click here to read more... These registry keys may be found on an infected computer. Delete them if found. The newly created Registry Values are: -
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets]
- ds = 00 00 00 00 00 00 00 00 00 00 00 00
- dl = 00 00 00 00
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets]
- ds = 00 00 00 00 00 00 00 00 00 00 00 00
- dl = 00 00 00 00
|
Using CCleaner: CCleaner is a freeware temp files and registry cleaner. We need to use this type of software because almost all the infection that occur through internet, come through the temp files, and unfortunately windows does not remove temp files automatically. Run the Cleaner and the registry menus in CCleaner. Click here to read more...
|
| Using Antivirus Application: Your best helper is the antivirus program on your computer. Keep it always updated. Click here to read more... |
| Using the system file checker: Follow this step if you notice trouble in the normal functioning of windows. Click here to read more...
|
| If you are unable to access one or more sites during the repair process
- if possible use another computer to download the software needed for repairing your computer, and then copy and transfer it to the infected computer using any available means like a pen drive.
- if you are using only internet explorer, and if it is blocked from visiting some of the security related sites, try to download/ install Firefox browser, and see if you can use it for the same purpose. Using a Firewall : It is helpful to install a standalone firewall so that you can block any unsolicited communication done by the malware to and from your computer. This malware tries to connect to several sites. |
(Reference with permission from ThreatExpert)
|
