Hello world! Are your network attacking by Conficker? hahaha.. don’t get mad this virus can be removed using 7 simple step only. Anyway this virus  make some people mad because it’s attacking network (they might have more trouble when try to clean it) and of course your protection , If we look more deeply this virus using mostly lame virus technique included all in one packet *lol*…. but in advanced the virus maker understand and really know hows really weak windows protection so he make you all mad

How to detect if your computer infected by conficker? There many sign like…. Error message Generic Host Process, You can’t access some important site ex: www.microsoft.com,  www.symantec.com,  www.norman.com,  www.clamav.com,  www.grisoft.com,  www.avast.com, etc. You can’t update your antivirus, Many application not working like usually specially network application, and many more sign.

This virus created with UPX compression with size 162kb, You might get trouble when try to killed this virus process because it’s (again) using lame technique by running .dll files following fake svchost.exe file. Virus is not automatically active, it will starts download some images files and created temporary files then building himself (again) LAME! *lol*

Once virus build completed it will starts to disabled some windows services, Virus will blocking any string he found on each active application, here is the list:

Ccert.
sans.
bit9.
windowsupdate
wilderssecurity
threatexpert
castlecops
spamhaus
cpsecure
arcabit
emsisoft
sunbelt
securecomputing
rising
prevx
pctools
norman
k7computing
ikarus
hauri
hacksoft
gdata
fortinet
ewido
clamav
comodo
quickheal
avira
avast
esafe
ahnlab
centralcommand
drweb
grisoft
nod32
f’prot
jotti
kaspersky
f’secure
computerassociates
networkassociates
etrust
panda
sophos
trendmicro
mcafee
norton
symantec
microsoft
defender
rootkit
malware
spyware
virus

wow, they all killed by one shoot hahaha *lol* lame technique (again) virus will try download and executed some images files from some website, I want to giving site list in here but I think you will get bored when read it so let’s skip this! Virus will make firewall rule that can make your computer attacked from outside and totally control your computer (scary…. some people know this as botnet).

Virus Spreading:

1. Brute force default share administrator account (There is dictionary).
2. Lame autorun.inf and hidden file on recycler folder (mostly on each drive with hidden attributes)
3. SVCHOST.exe exploited (that’s why there is microsoft update).

Alright enough, before you guy’s really get mad here is the 7 simple steps to remove conficker:

1. Unplug every computers from network.

2. Deactivated system restore service (XP/Vista)

3. Kill active virus in background service, you can use Norman Malware Cleaner. (Since this virus using UPX compression, the easiest way to detect it is by using Ansav Utility and killed any UPX packet in background)

4. Delete fake SVSHOST.exe in registry.

5. Delete “Schedule Task” that virus created (%systemrot%\WINDOWS\Tasks)

6. Repair your registry using code below or download repair.inf

[Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, Hidden, 0×00000001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, SuperHidden, 0×00000001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, CheckedValue, 0×00000001,1
HKLM, SYSTEM\CurrentControlSet\Services\BITS, Start, 0×00000002,2
HKLM, SYSTEM\CurrentControlSet\Services\ERSvc, Start, 0×00000002,2
HKLM, SYSTEM\CurrentControlSet\Services\wscsvc, Start, 0×00000002,2
HKLM, SYSTEM\CurrentControlSet\Services\wuauserv, Start, 0×00000002,2

[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Applets, dl
HKCU, Software\Microsoft\Windows\CurrentVersion\Applets, ds
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Applets, dl
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Applets, ds
HKLM, SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, TcpNumConnections

*NOTE: For files active on startup you can disabled it from msconfig or using hijackthis or deleted it manually in registry “HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

7. Scan with your best and updated antivirus to stop virus coming back in the future, and update your computer with this patch http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

99. Pay me (joke)

Good luck

SIMILAR POST :

• 8 Tools Kido/Conficker/Downadup Remover
• Remove MaHaDeWa VBS.Autorun.AM
• Remove virus AMBURADUL (all varian)
• Remove W32/VBWorm.QXE (bulubebek)

Incoming search terms:

• hello world virus
• conficker remover
• caption hello world virus how to remove
• how to remove hello world virus
• win32 conficker b
• Win32/Conficker AA
• fawasr ow
• virus hello world
• Worm Win32 FakeFolder a
• svchost exe could not be repaired
• win32/conficker b
• worm:win32/conficker b
• remove conficker
• kidokill �������
• caption hello world virus
• et-worm win32 kido ir
• kill conficker
• worm/conficker autorun gen
• conficker removal
• at1 job conficker
• cara menghapus avira you\ll need to provide administrator permission to delete this folder
• cara menghilangkan conficker
• clean conficker
• conficker cleaner
• conficker svchost
• conficker windows 7
• delete conficker
• fixer32 exe
• hello world caption virus
• svchost conficker
• troj_downad inf
• conficker autorun gen
• conficker x how to remove
• how to remove C:\WINDOWS\system32\x->(UPX)
• how to remove conficker
• w32/conficker!mem
• c:\windows\system32\fawasr ow\fawasr ow
• caption hello world errorin xp
• cara hapus win32 confilicker
• cara membasmi conficker x worm
• cara menghapus rootkit gen
• configer virus
• fawasr dll
• hello world virus removal tool
• how to clean conficker
• how to remove caption hello world virus
• mengatasi win 7 youll need administrator permission to delete this folder
• norman confliker removal
• svchost exe blocking norman
• trojan fakefolder b remove
• virus conficker mem rimozione
• virus networkservice folder
• w32 conficker mem
• w32/patchload a
• win32/conficker AE
• win32/conficker x
• worm_downad entfernen
• 7 steps how to remove kido
• avira windows 2008 r2 conficker rundll32 exe
• cara menghapus virus autorun inf
• cara menghapus virus conficker z 32
• cara menghapus virus trojan fake folder di registry komputer
• cleaning downadup recycler
• conficker for w2k
• conficker superhidden
• conficker svchost exe
• descargar herramienta para matar Win32/Conficker AE en server 2003
• finding at1 job on a server
• free fix for generic host process w2
• get rid of conficker x
• how to remove trojan fakefolder b
• how to remove virus from lan
• lan virus remover
• menghilangkan virus windows/system32/x
• patchload o limpiar
• remove lan virus
• svchost exe w32 conficker mem trojan
• فايروس hello world
• virus hello word
• w32 lnkfakefolder worm
• w32 patchload a removal manually
• w32 win configure worm
• w32/conficker mem removal tool
• w32/conficker!generic
• win31 sality virus
• win32 fake folders
• worm win32 fakefolder c
• برامج لقتل فيرس الاوتوران
• 2003 at1 removal
• 7 simple step remove conficker
• AT1 job etrust
• at1 job keeps reappearing in scheduler
• at1 job virus
• at1 job worm_downad ad
• at1 keeps appearing on schedule tasks
• at1 scheduled task virus server 2008
• at1 virus
• autorun inf created by quickheal can not be deleted
• autorun inf hello world
• avira kill confiker
• bagaimana cara menghapus virus laptop
• borrar fast antispyware
• cara mengatasi system at risk norton internet scurity
• cara mengatasi virus malware rundll32 win32 profat
• cara mengatasi virus net worm
• cara mengatasi you will need to provide administrator to delete
• cara menghapus fail usb
• cara menghapus hn trojan
• cara menghapus virus at1 job
• cara menghapus virus recycler
• cara menghapus virus svchost
• cara menghilangkan autorun inf
• cara menghilangkan Script pada facebook
• cara menghilangkan virus autorun
• cara menghilangkan virus autorun inf
• cara nak delete virus sality
• cara ngilangin sorry we are unable to register your account at this time di kaskus
• conficker ae remover
• conficker c removal avira
• conficker c taskscheduler:_c:\windows\tasks\at1 job
• Conficker Generic Host
• conficker mem trojan
• conficker net schedule
• CONFICKER NOD32
• conficker recycler
• conficker removal script vbs
• conficker remove
• conficker scvhost
• conficker svchost exe unable to clean
• conficker win2k
• conficker wom removal
• conficker x jobs
• conficker x worm xp
• conficker z 53 removal kaspersky
• configger virus
• confiker lan
• conflicker z 32
• conflicting schedulers windows vista norman
• confliker exe
• eliminar Caption Hello World
• eliminar worm conficker system32\x
• find source of kido infection
• Fortinet network scan conficker
• gdata conficker
• hello world sality virus
• hello world virus cannot open usb
• hello world virus fix
• hello world virus removal
• hello world virus remover
• hello world virus removing
• how to clean conficker virus
• how to delete savira virus
• how to fix svchost conficker
• how to get rid of caption hello world
• how to remove conficker on win 2000
• how to remove hello world caption virus
• how to remove lan virus
• how to remove recycler virus manually
• how to remove the conficker!mem trojan
• how to remove win32 conficker
• jod exe virus
• kaspersky virus remoce
• kill conflicker virus
• lan virus cleaner
• lnkfakefolder
• manual remove TROJ_DoWNAD inf
• MEMBASMI VIRUS RECYCLER
• membasmi virus worm/conficker z 53
• membersihkan PC dari conficker
• MEMBERSIHKAN VIRUS FAKE DIRECTORY
• mengatasi svchost windows 7
• mengatasi virus recycler
• menghilangjkan network local area con
• menghilangkan virus patchload o
• menghilangkan win 7 svchost
• missing system32 config folder conficker
• nak remove virus downup
• network service account virus
• network service virus
• networkservice folder virus
• object: c:\windows\system32\x threat: a variant of win32/conficker gen worm?
• online conficker cleaner
• ptnrtg nn
• remove conficker b at1 job
• remove trojan fakefolder b
• remove w32 lnkfakefolder
• remove-conficker
• rimuovere file conficker unlocker
• rundll32 exe fawasr
• supprimer sality NBA virus
• SUPPRIMER w32/conficker!mem Trojan
• svchost exe conficker
• svchost exe virus conficker
• svchost virus server 2003
• tools conficker recycler
• trik hapus conficker z
• trojan fake folder b
• troj_downad inf removal
• ویروس savira
• VBS Hacksoft NODfix
• vchost conficker
• Virus c: Hello world
• virus caption hello world
• virus configer
• virus hello world caption
• virus in network services folder
• virus removal conflicker
• virut w32 lnkFakeforder worm
• w2 patchload a removal
• W32 LnkFakeFolder
• w32 patchload a membasmi virus
• w32 sality gen z server 2003 removal tool
• w32/conficker removal
• w32/conficker!mem svchost
• w32/conficker!mem svchost exe
• w32/conflicker!mem
• w32/mariofe
• w32/sality gen z broadcast
• what is the At1 job virus
• win32 conficker AA worm symantec
• win32 conficker x worm removal tool
• win32 patchload manuell entfernen
• win32/conficker aa worm
• win32/conficker gen
• win32/patched hn exe silin
• win32/patched hn trojan nasıl temizlenir
• win32/patchload u was detected in c:\windows\system32\wuauclt exe
• win32\configker!men
• windows 2000 conficker patch
• worm download ad
• worm/conficker z 30 was found in file g:\windows\system32\x
• wormad remove
• اداة لازاله فيروس Hello World
• (UPX) conficker C
• 2000 avira configer c
• 2003 scheduler run greyed confiker
• 2003 server delete recycler-s-1
• 33 exe virus removal conficker x
• 7 simple steps to remove conficker:
• : win32 worm downadup gen eliminar win server 2008 x64
• a variant of win32 conficker x worm
• a1 job virus
• active directory conficker
• active directory worm c
• anti conficker svchost
• anti patchload a
• anti virus for hello world
• antivirus caption hardisc hello world
• antivirus fakedir
• antivirus recycler folder windows
• antivirus svchost conficker
• antivirus untuk menghapus confickr
• antivirus untuk menghapus virus worm/conficker ih
• antivirus untuk win32 conficker x wor
• at job conficker avast
• at job virus
• at scheduled tasks conficker
• at* job virus
• at1 job conficker nod32
• at1 job Conficker worm
• at1 job conficker x
• at1 job remove
• at1 job server 2003
• at1 job temizleme
• at1 job virus microsoft patch
• at1 job windows 2008 r2
• at1 job worm downad ad
• at1 keeps appering in schdule tasks
• at1 scheduled task removal tool on win 2003
• at1 scheduled task server 2008
• at1 task creation mcafee
• at7 job virus
• atasi generic host for system32 error
• ati1 job
• atjobs virus
• automatic recycler folder appears windows 7 svchost exe
• autorun gen trojan remoer
• autorun kido code source
• autorun svchost
• autorun win32 worm remove wuauclt exe
• avast recycler virus
• avast rootkit windows\system32\x
• avira c:\windows\system32\fawasr ow
• avira conficer z30
• avira conficker
• avira conficker!mem
• avira conflicker removal tools
• avira kill svchost exe
• avira malware conficka z 32
• avira removal tool worm/conficker z 30 worm
• éliminer Worm/Conficker Autorun Gen
• การกำจัดไวรัส ssvichost exe ออกจาก
• กำจัด trojan fakefolder b
• กำจัด Win32/Patched HN trojan
• แก้ไวรัส worm conflict
• bagai mana cara hapus temporari internet
• bagaimana buang anti virus
• bagaimana cara mengatasi auto update mcafee error
• bagaimana cara menghapus virus win32
• bagaimana cara merepair virus win32:patched
• bagaimana cara update online antivirus avast?
• bagaimana hendak hilangkan pada pendrive need provide administrator permission to copy
• Bagaimana menghapus sality killer
• bagaimana menghilangkan svchost di windows 2003 server r2 enterprise edition
• bagaimana nak menghapuskan virus trojan program
• bagaimana nak remove virus win32/small ca
• bagaimana w32/conficker!mem
• basmi rootkit
• basmi virus recycler
• best conficker cleaner
• best program to remove worm:win32/confickerb
• BITDEFENDER ATI1 JOB REMOVE
• BITS will not start after removing conficker virus
• bsodp win32/conficker ad
• buang virus dfrz ojb
• c:\windows\system32 w32/conficker worm gen b
• c:\windows\system32\svchost exe could not be repaired conficker
• c:\windows\system32\svchost exe is infected with the w32/confcker!mem virus could not be repaired
• c:\windows\system32\svchost exe w32/conficker!mem (trojan)
• c:\windows\system32\x conficker
• c:\windows\system32\x contains a variant of win32/conficker x worm
• c:\windows\system32\x win32/conficker ae worm
• c:\windows\tasks\at1 job contains w32/conficker worm!job
• c:\windows\tasks\at1 job contém w32/conficker worm!job vírus
• c:\windows\tasks\fixnet job Task
• c:\winnt\system32\services is infected with W32/conflicker!mem virus and can not be cleaned
• c:\winnt\system32\svchost exe could not be repaired conficker
• c:\winnt\tasks\at1 job win2k
• can bit defender get rid of the win 32 /patchload o virus
• can not open usb caption hello world
• cannot remove conficker because it has write protected status
• cannot update mcafee conficker
• caption hello world antivirus
• caption hello world fix
• caption hello world removal tools
• caption hello world virus after using sality killer
• caption hello world virus ce fac
• caption hello world virus removal
• caption hello world virus removal tools
• caption hello world virus remove
• caption with hello world virus how to remove
• cara atasi lan trouble
• cara atasi network attack
• cara basmi virus o patchload kaskus
• cara basmi virus recycler
• cara block service virus
• cara delete worm parite
• cara disable administratif share
• cara disable svchost
• cara hapus virus w32/virut gen

If you're new here, you may want to subscribe to my RSS feed. You may copy or publish this article to your blog or other site as long you give credit link back to this site article. Thanks for visiting my blog!

This entry was posted on Friday, February 13th, 2009 at 6:54 PM and is filed under Computer And Internet, Miscellaneous. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.