Hello world! Are your network attacking by Conficker? hahaha.. don’t get mad this virus can be removed using 7 simple step only. Anyway this virus make some people mad because it’s attacking network (they might have more trouble when try to clean it) and of course your protection 😛 , If we look more deeply this virus using mostly lame virus technique included all in one packet *lol*…. but in advanced the virus maker understand and really know hows really weak windows protection so he make you all mad 😛
How to detect if your computer infected by conficker? There many sign like…. Error message Generic Host Process, You can’t access some important site ex: www.microsoft.com, www.symantec.com, www.norman.com, www.clamav.com, www.grisoft.com, www.avast.com, etc. You can’t update your antivirus, Many application not working like usually specially network application, and many more sign.
This virus created with UPX compression with size 162kb, You might get trouble when try to killed this virus process because it’s (again) using lame technique by running .dll files following fake svchost.exe file. Virus is not automatically active, it will starts download some images files and created temporary files then building himself (again) LAME! *lol*
Once virus build completed it will starts to disabled some windows services, Virus will blocking any string he found on each active application, here is the list:
Ccert.
sans.
bit9.
windowsupdate
wilderssecurity
threatexpert
castlecops
spamhaus
cpsecure
arcabit
emsisoft
sunbelt
securecomputing
rising
prevx
pctools
norman
k7computing
ikarus
hauri
hacksoft
gdata
fortinet
ewido
clamav
comodo
quickheal
avira
avast
esafe
ahnlab
centralcommand
drweb
grisoft
nod32
f’prot
jotti
kaspersky
f’secure
computerassociates
networkassociates
etrust
panda
sophos
trendmicro
mcafee
norton
symantec
microsoft
defender
rootkit
malware
spyware
virus
wow, they all killed by one shoot hahaha *lol* lame technique (again) virus will try download and executed some images files from some website, I want to giving site list in here but I think you will get bored when read it so let’s skip this! Virus will make firewall rule that can make your computer attacked from outside and totally control your computer (scary…. some people know this as botnet).
Virus Spreading:
- Brute force default share administrator account (There is dictionary).
- Lame autorun.inf and hidden file on recycler folder (mostly on each drive with hidden attributes)
- SVCHOST.exe exploited (that’s why there is microsoft update).
Alright enough, before you guy’s really get mad here is the 7 simple steps to remove conficker:
1. Unplug every computers from network.
2. Deactivated system restore service (XP/Vista)
3. Kill active virus in background service, you can use Norman Malware Cleaner. (Since this virus using UPX compression, the easiest way to detect it is by using Ansav Utility and killed any UPX packet in background)
4. Delete fake SVSHOST.exe in registry.
5. Delete “Schedule Task” that virus created (%systemrot%\WINDOWS\Tasks)
6. Repair your registry using code below or download repair.inf
[Version]
Signature=”$Chicago$”
Provider=Nobody
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, Hidden, 0x00000001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, SuperHidden, 0x00000001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, CheckedValue, 0x00000001,1
HKLM, SYSTEM\CurrentControlSet\Services\BITS, Start, 0x00000002,2
HKLM, SYSTEM\CurrentControlSet\Services\ERSvc, Start, 0x00000002,2
HKLM, SYSTEM\CurrentControlSet\Services\wscsvc, Start, 0x00000002,2
HKLM, SYSTEM\CurrentControlSet\Services\wuauserv, Start, 0x00000002,2
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Applets, dl
HKCU, Software\Microsoft\Windows\CurrentVersion\Applets, ds
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Applets, dl
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Applets, ds
HKLM, SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, TcpNumConnections
*NOTE: For files active on startup you can disabled it from msconfig or using hijackthis or deleted it manually in registry “HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Runâ€
7. Scan with your best and updated antivirus to stop virus coming back in the future, and update your computer with this patch https://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
99. Pay me (joke) 😛
Good luck 😀
Similar Posts:
- 8 Tools Kido/Conficker/Downadup Remover
- Remove MaHaDeWa VBS.Autorun.AM
- Remove virus AMBURADUL (all varian)
- Repair:Antivirus XP 2008, CNN fake message, get_flash_update.exe, Spam & Fake blue screen of death(BSOD)
RELATED SEARCH TERMS:
- hello world virus
- hello world virus
- caption hello world virus how to remove
- caption hello world virus how to remove
- conficker remover
- conficker remover
- how to remove hello world virus
- how to remove hello world virus
- virus hello world
- win32 conficker b
- win32 conficker b
- virus hello world
- fawasr ow
- Win32/Conficker AA
- fawasr ow
- Win32/Conficker AA
- remove conficker
- remove conficker
- svchost exe could not be repaired
- svchost exe could not be repaired
- Worm Win32 FakeFolder a
- Worm Win32 FakeFolder a
- hello world caption virus
- hello world caption virus
- caption hello world virus
- caption hello world virus
- kidokill ñêà÷àòü
- kidokill ñêà÷àòü
- conficker removal
- conficker removal
- et-worm win32 kido ir
- et-worm win32 kido ir
- kill conficker
- worm/conficker autorun gen
- conficker cleaner
- how to remove conficker
- kill conficker
- conficker cleaner
- how to remove conficker
- worm/conficker autorun gen
- w32/conficker!mem
- svchost conficker
- conficker svchost
- clean conficker
- conficker svchost
- clean conficker
- svchost conficker
- w32/conficker!mem
- fixer32 exe
- cara menghilangkan conficker
- conficker windows 7
- cara menghilangkan conficker
- at1 job conficker
- conficker autorun gen
- at1 job conficker
- conficker windows 7
- conficker autorun gen
- fixer32 exe
- how to remove caption hello world virus
- how to remove caption hello world virus
- c:windowssystem32fawasr owfawasr ow
- how to clean conficker
- c:windowssystem32fawasr owfawasr ow
- conficker svchost exe
- conficker svchost exe
- how to clean conficker
- svchost exe w32 conficker mem trojan
- win32/conficker AE
- virus configer
- virus configer
- win32/conficker AE
- svchost exe w32 conficker mem trojan
- free fix for generic host process w2
- cara menghapus virus trojan fake folder di registry komputer
- 7 steps how to remove kido
- 7 steps how to remove kido
- conficker superhidden
- conficker superhidden
- conficker for w2k
- w32 win configure worm
- cara menghapus virus trojan fake folder di registry komputer
- conficker for w2k
- w32 win configure worm
- w32/conficker mem removal tool
- free fix for generic host process w2
- w32/conficker mem removal tool
- SUPPRIMER w32/conficker!mem Trojan
- cara ngilangin sorry we are unable to register your account at this time di kaskus
- The file C:WINDOWSTasksAt1 job contains W32/Conficker worm!job Virus The file was successfully deleted
- how to clean conficker virus
- SUPPRIMER w32/conficker!mem Trojan
- how to remove lan virus
- how to clean conficker virus
- how to remove lan virus
- Conficker Generic Host
- cara menghilangkan autorun inf
- kill conflicker virus
- cara menghilangkan autorun inf
- remove-conficker
- win32 conficker x worm removal tool
This was very helpful thanks.regards
great info, though I managed to clean it already without reading your page.. interestingly enough, conficker immediately allows me to access the blocked websites when I disabled exceptions in windows firewall.
thanks for yr help
You welcome, I’m happy to find out this article help people with their conficker problem 🙂
Thanks great info thanks again for sharing!!!
Hello from the USA. I am trying to fix this from our small business network. I have one question.
Although I have experience taking viral items off system I am not sure how to delete fake host in “registery” in step 4. Should I simply replace the svchost.exe from \i386 to \system32?
I can be contacted via my email listed entered…
Hi Shawn sorry for late response, Can you find similar text on your registry editor? if not then you can skip this step. It’s not necessary to replace windows system files but you can do that to make sure all system files are genuine, type “sfc /scannow” from run command.
Thanks a lot my friend..
The only “lame” thing is your fucking grammar man. Given the chance, Downadup will kill your father and rape your mother. Go lol on that.
you’re just bullshit…..man
i got your site googgle
when i tried to remove conficker vr.
but what i found you’re just a
big mouth with hollow brain
Do I give warranty this will works for all conficker variant? get a life kid, you’re not help people but talk about shit, I can banned you permanently from all my network site if you talk like this again.
Haha LOL man, I read tech notes all day long. It was a pleasure to read your site. Love your grammer. I bet it is better now since 2009. Keep up the good work Istanto! LoL haha you made my day.
Pretty! This was a really wonderful post. Thanks for supplying these details.
Pingback: URL