Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008.[1] The worm uses a combination of advanced malware techniques which has made it difficult to counter, and has since spread rapidly into what is now believed to be the largest computer worm infection since the 2003
characteristics:
icon of your removable media changed to folder icon
use this command to see what invisible on the drive i (removable)
use this command to reveal hidden autorun.inf on your removable media
after this command successfully executed you should see file named autorun.inf
if you open that file it will show so many strange character, but if you scroll down more and more you'll find some string like this
by that string you can find how this worm spreading via removable media..
yeah, the main file on removable that activated on autoplay located on folder RECYCLER
How to remove:
go to system32 directory and find hidden file with filesize 164 KB
filename on every computer maybe different but tha filesize is always same and the attribut is alwasy RHSA.
before we can delete that file wes should stop this conficer activity first, go to start menu and enter services.msc and press enter and services manager should appear..
then go find services with strange name (service with random character) that pointing to the file of virus above.
if you get it just point to the service name and press stop service. if successfull we can now delete that file easily.
if you still cannot delete it manualy, try using third party software like TuneUP shreeder this software can delete it forcefully. yes it does.
using tuneUP shreeder the file not 100% deleted the file still there but the file size become 0 (zero) that mean this file no longer executable..
thats it after you do this you can easily delete autorun.imf and folder RECYCLER on your Removable media..
characteristics:
icon of your removable media changed to folder icon
use this command to see what invisible on the drive i (removable)
use this command to reveal hidden autorun.inf on your removable media
after this command successfully executed you should see file named autorun.inf
if you open that file it will show so many strange character, but if you scroll down more and more you'll find some string like this
by that string you can find how this worm spreading via removable media..
yeah, the main file on removable that activated on autoplay located on folder RECYCLER
How to remove:
go to system32 directory and find hidden file with filesize 164 KB
filename on every computer maybe different but tha filesize is always same and the attribut is alwasy RHSA.
before we can delete that file wes should stop this conficer activity first, go to start menu and enter services.msc and press enter and services manager should appear..
then go find services with strange name (service with random character) that pointing to the file of virus above.
if you get it just point to the service name and press stop service. if successfull we can now delete that file easily.
if you still cannot delete it manualy, try using third party software like TuneUP shreeder this software can delete it forcefully. yes it does.
using tuneUP shreeder the file not 100% deleted the file still there but the file size become 0 (zero) that mean this file no longer executable..
thats it after you do this you can easily delete autorun.imf and folder RECYCLER on your Removable media..
No comments:
Post a Comment