How to detect if your computer infected?Easy Steps Detect If Your Computer Infected By W32/conficker, There many sign like…. Error message Generic Host Process, You can’t access some important site ex: www.microsoft.com, www.symantec.com, www.norman.com, www.clamav.com, www.grisoft.com, www.avast.com, etc. You can’t update your antivirus, Many application not working like usually specially network application, and many more sign.
This virus created with UPX compression with size 162kb, You might get trouble when try to killed this virus process because it’s (again) using lame technique by running .dll files following fake svchost.exe file. Virus is not automatically active, it will starts download some images files and created temporary files then building himself .
Once virus build completed it will starts to disabled some windows services, Virus will blocking any string he found on each active application, here is the list:
pctools
norman
fortinet
ewido
clamav
comodo
quickheal
avira
avast
esafe
ahnlab
centralcommand
drweb
grisoft
nod32
f’prot
jotti
kaspersky
f’secure
computerassociates
networkassociates
etrust
panda
sophos
trendmicro
mcafee
norton
symantec
microsoft
bitdefender
rootkit
norman
fortinet
ewido
clamav
comodo
quickheal
avira
avast
esafe
ahnlab
centralcommand
drweb
grisoft
nod32
f’prot
jotti
kaspersky
f’secure
computerassociates
networkassociates
etrust
panda
sophos
trendmicro
mcafee
norton
symantec
microsoft
bitdefender
rootkit
they all killed by one shoot. lame technique (again) virus will try download and executed some images files from some website, I want to giving site list in here but I think you will get bored when read it so let’s skip this! Virus will make firewall rule that can make your computer attacked from outside and totally control your computer.
Virus Spreading:
1. Brute force default share administrator account (There is dictionary).
2. Lame autorun.inf and hidden file on recycler folder (mostly on each drive with hidden attributes)
3. SVCHOST.exe exploited (that’s why there is microsoft update).
Alright enough, before you really get here is the Easy Steps Detect If Your Computer Infected By W32/conficker:
1. Unplug every computers from network.
2. Deactivated system restore service (XP/Vista)
3. Kill active virus in background service, you can use Norman Malware Cleaner. (Since this virus using UPX compression, the easiest way to detect it is by using Ansav Utility and killed any UPX packet in background)
4. Delete fake SVSHOST.exe in registry.
5. Delete “Schedule Task” that virus created (%systemrot%\WINDOWS\Tasks)
6. Repair your registry using code below and save Repair.inf :
*NOTE: For files active on startup you can disabled it from msconfig or using hijackthis or deleted it manually in registry “HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
7. Scan with your best and updated antivirus to stop virus coming back in the future, and update your computer with this patch HERE
Finish :D and Good luck friend :)
5 comments:
so scary~
salam kenal sobat,..kunjungan perdana.
Mantaff infonya, mampir balik ya...thx
mantap info-y...
happy new year 2011
Thanks atas infonya, mau di coba dulu deh....
Post a Comment