Hello world! Are your network attacking by Conficker? hahaha.. don’t get mad this virus can be removed using 7 simple step only. Anyway this virus  make some people mad because it’s attacking network (they might have more trouble when try to clean it) and of course your protection :P , If we look more deeply this virus using mostly lame virus technique included all in one packet *lol*…. but in advanced the virus maker understand and really know hows really weak windows protection so he make you all mad :P

How to detect if your computer infected by conficker? There many sign like…. Error message Generic Host Process, You can’t access some important site ex: www.microsoft.com,  www.symantec.com,  www.norman.com,  www.clamav.com,  www.grisoft.com,  www.avast.com, etc. You can’t update your antivirus, Many application not working like usually specially network application, and many more sign.

This virus created with UPX compression with size 162kb, You might get trouble when try to killed this virus process because it’s (again) using lame technique by running .dll files following fake svchost.exe file. Virus is not automatically active, it will starts download some images files and created temporary files then building himself (again) LAME! *lol*

Once virus build completed it will starts to disabled some windows services, Virus will blocking any string he found on each active application, here is the list:

Ccert.
sans.
bit9.
windowsupdate
wilderssecurity
threatexpert
castlecops
spamhaus
cpsecure
arcabit
emsisoft
sunbelt
securecomputing
rising
prevx
pctools
norman
k7computing
ikarus
hauri
hacksoft
gdata
fortinet
ewido
clamav
comodo
quickheal
avira
avast
esafe
ahnlab
centralcommand
drweb
grisoft
nod32
f’prot
jotti
kaspersky
f’secure
computerassociates
networkassociates
etrust
panda
sophos
trendmicro
mcafee
norton
symantec
microsoft
defender
rootkit
malware
spyware
virus

wow, they all killed by one shoot hahaha *lol* lame technique (again) virus will try download and executed some images files from some website, I want to giving site list in here but I think you will get bored when read it so let’s skip this! Virus will make firewall rule that can make your computer attacked from outside and totally control your computer (scary…. some people know this as botnet).

Virus Spreading:

  1. Brute force default share administrator account (There is dictionary).
  2. Lame autorun.inf and hidden file on recycler folder (mostly on each drive with hidden attributes)
  3. SVCHOST.exe exploited (that’s why there is microsoft update).

Alright enough, before you guy’s really get mad here is the 7 simple steps to remove conficker:

1. Unplug every computers from network.

2. Deactivated system restore service (XP/Vista)

3. Kill active virus in background service, you can use Norman Malware Cleaner. (Since this virus using UPX compression, the easiest way to detect it is by using Ansav Utility and killed any UPX packet in background)

4. Delete fake SVSHOST.exe in registry.

svchost

5. Delete “Schedule Task” that virus created (%systemrot%\WINDOWS\Tasks)

6. Repair your registry using code below or download repair.inf

[Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, Hidden, 0×00000001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, SuperHidden, 0×00000001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, CheckedValue, 0×00000001,1
HKLM, SYSTEM\CurrentControlSet\Services\BITS, Start, 0×00000002,2
HKLM, SYSTEM\CurrentControlSet\Services\ERSvc, Start, 0×00000002,2
HKLM, SYSTEM\CurrentControlSet\Services\wscsvc, Start, 0×00000002,2
HKLM, SYSTEM\CurrentControlSet\Services\wuauserv, Start, 0×00000002,2

[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Applets, dl
HKCU, Software\Microsoft\Windows\CurrentVersion\Applets, ds
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Applets, dl
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Applets, ds
HKLM, SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, TcpNumConnections

*NOTE: For files active on startup you can disabled it from msconfig or using hijackthis or deleted it manually in registry “HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

7. Scan with your best and updated antivirus to stop virus coming back in the future, and update your computer with this patch http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

99. Pay me (joke) :P

Good luck :D

Similar Posts:

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS

hello world virus, caption hello world virus how to remove, conficker remover, how to remove hello world virus, virus hello world, win32 conficker b, Win32/Conficker AA, fawasr ow, remove conficker, svchost exe could not be repaired, Worm Win32 FakeFolder a, win32/conficker b, worm:win32/conficker b, hello world caption virus, caption hello world virus, kidokill ñêà÷àòü, conficker removal, et-worm win32 kido ir, troj_downad inf, kill conficker, how to remove conficker, worm/conficker autorun gen, conficker cleaner, clean conficker, conficker svchost, svchost conficker, w32/conficker!mem, conficker windows 7, delete conficker, conficker autorun gen, fixer32 exe, hello world virus removal tool, cara menghilangkan conficker, at1 job conficker, cara menghapus avira you\ll need to provide administrator permission to delete this folder, how to remove C:\WINDOWS\system32\x->(UPX), how to remove caption hello world virus, virus lan internet, configer virus, conficker x how to remove, conficker remove, conficker svchost exe, force mode kill virus, fawasr dll, virus networkservice folder, win32/conficker AE, w32 conficker mem, worm_downad entfernen, w32/patchload a, win32/conficker x, c:\windows\system32\fawasr ow\fawasr ow, cara menghapus rootkit gen, cara hapus win32 confilicker, at1 job virus, cara membasmi conficker x worm, caption hello world errorin xp, lan virus remover, mengatasi win 7 youll need administrator permission to delete this folder, how to clean conficker, svchost exe blocking norman, trojan fakefolder b remove, svchost exe w32 conficker mem trojan, norman confliker removal, virus configer, virus conficker mem rimozione, remove lan virus, virus hello word, patchload o limpiar, virus caption hello world, removal conficker, networkservice virus, cara menghapus virus trojan fake folder di registry komputer, cara menghapus virus conficker z 32, cara menghapus virus autorun inf, فايروس hello world, 7 steps how to remove kido, avira windows 2008 r2 conficker rundll32 exe, برامج لقتل فيرس الاوتوران, free fix for generic host process w2, cleaning downadup recycler, conficker for w2k, finding at1 job on a server, get rid of conficker x, conficker superhidden, descargar herramienta para matar Win32/Conficker AE en server 2003, w32/conficker mem removal tool, w32 lnkfakefolder worm, win31 sality virus, w32 patchload a removal manually, w32/conficker!generic, w32 win configure worm, win32 fake folders, worm win32 fakefolder c, menghilangkan virus windows/system32/x, how to remove trojan fakefolder b, how to remove hello world caption virus, how to remove virus from lan, helo world virus, menghilangjkan network local area con, how to remove win32 conficker, how to remove the conficker!mem trojan, manual remove TROJ_DoWNAD inf, MEMBASMI VIRUS RECYCLER, hello world virus removing, how to fix svchost conficker, membasmi virus worm/conficker z 53, network service virus, mengatasi svchost windows 7, how to remove conficker on win 2000, how to get rid of caption hello world, mencegah confiqer fa, mengatasi virus recycler, MEMBERSIHKAN VIRUS FAKE DIRECTORY, membersihkan PC dari conficker, membasmi windows 7 virus win32/sality at, how to clean conficker virus, how to remove lan virus, mengatasi worm win32 autorun wuw, hello world virus remover, lnkfakefolder, hello world virus cannot open usb, kill conflicker virus, kaspersky virus remoce, hello world sality virus, nak remove virus downup, missing system32 config folder conficker, lan virus cleaner, menghilangkan virus patchload o, how to remove recycler virus manually, jod exe virus, hello word virus, menghilangkan win 7 svchost, network service account virus, hello world virus fix, network service folder virus, how to delete savira virus, hello world virus removal, menghilangkan svchost fake, find source of kido infection, conficker c removal avira, conficker c taskscheduler:_c:\windows\tasks\at1 job, confliker exe, conficker scvhost, eliminar worm conficker system32\x, conficker svchost exe unable to clean, conficker f avira, conficker wom removal, conficker win2k, fix caption hello world, conficker ae remover, conficker mem trojan, conficker x jobs, conflicting schedulers windows vista norman, conficker z 53 removal kaspersky, gdata conficker, confiker lan, conficker net schedule, CONFICKER NOD32, eliminar Caption Hello World, cara ngilangin sorry we are unable to register your account at this time di kaskus, cara nak delete virus sality, clamav conficker, conficker x worm xp, configger virus, Conficker Generic Host, conficker removal script vbs, Fortinet network scan conficker, conficker recycler, conflicker z 32, trojan fakefolder b, VIRUS CONFCKER, trojan fake folder b, Virus c: Hello world, vchost conficker, rundll32 exe fawasr, troj_downad inf removal, svchost exe conficker, svchost virus server 2003, svchost virus removal, remove conficker b at1 job, remove trojan fakefolder b, rimuovere file conficker unlocker, svchost exe virus conficker, VBS Hacksoft NODfix, virus in network services folder, ptnrtg nn, virus hello world caption, the win32/kido!generic was detected in c:\windows\system32\x, remove w32 lnkfakefolder, remove-conficker, object: c:\windows\system32\x threat: a variant of win32/conficker gen worm?, online conficker cleaner, SUPPRIMER w32/conficker!mem Trojan, The file C:\WINDOWS\Tasks\At1 job contains W32/Conficker worm!job Virus The file was successfully deleted, supprimer sality NBA virus, trik hapus conficker z, networkservice folder virus, tools conficker recycler, at1 virus, cara menghapus fail usb

If you're new here, you may want to subscribe to my RSS feed. You may copy or publish this article to your blog or other site as long you give credit link back to this site article. Thanks for visiting my blog!