Step 7 Wipe Virus 'Conficker'

>> Friday, November 27, 2009

Virus 'Conficker.DV' using a different distribution method than its predecessor. With the sophistication, the virus tried to access the network using a slit windows 'Default Share' (ADMIN $ \ system32) to guess the administrator password.

Also 'Conficker.DV' also makes files on removable media like flash, hard drive and card reader to save the hidden files on the root drive.

While the same action as its predecessors, namely trying mengexploitasi or MS08-067 security holes Windows, Windows Server Service or svchost.exe. Many users are infected due to not enable Automatic Updates feature and do not do windows patch MS08-067.

If you have this, consider a short step 7 of the virus analyst Adi Saputra Vaksincom to eradicate the virus 'Conficker.DV' received ITGazine, Wednesday (28/1/2009):

1. Decide who will clean your computer from the network / Internet.
2. Turn off system restore (Windows XP / Vista).
3. Turn off the active virus process in services. Use the removal tool from Norman to clean the virus is active. If you do not have, can be downloaded at the site norman.
4. Delete service svchost.exe implanted fake virus in the registry. You can search the registry manually.
5. Delete Task Schedule made by the virus. (C: \ WINDOWS \ Tasks)
6. Remove string registry created by the virus. To make it easier to use the registry script below:

[Version]
Signature = "$ Chicago $"
Provider = Vaksincom Oyee

[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del

[UnhookRegKey]
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced,
Hidden, 0x00000001, 1
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced,
SuperHidden, 0x00000001, 1
HKEY_LOCAL_MACHINE
SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Hidden \ SHOWALL,
CheckedValue, 0x00000001, 1
HKLM, SYSTEM \ CurrentControlSet \ Services \ BITS, Start, 0x00000002, 2
HKLM, SYSTEM \ CurrentControlSet \ Services \ ERSvc, Start, 0x00000002, 2
HKLM, SYSTEM \ CurrentControlSet \ Services \ wscsvc, Start, 0x00000002, 2
HKLM, SYSTEM \ CurrentControlSet \ Services \ wuauserv, Start, 0x00000002, 2

[del]
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Applets, dl
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Applets, ds
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Applets, dl
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Applets, ds
HKLM, SYSTEM \ CurrentControlSet \ Services \ TCPIP \ Parameters, TcpNumConnections

Use the notepad, then save with the name 'repair.inf', then 'Save As Type' to 'All Files' to avoid mistakes. Run repair.inf with right click, then select install.

As for active files on startup, you can disable via 'msconfig' or can be manually mendelete the string: 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'

7. For cleaning the virus W32/Conficker.DV optimally and prevent reinfection, should use the updated antivirus and able to detect this virus very well and patch your computer with an official patch from Microsoft in order to prevent reinfection.

Diposkan oleh bestechno.com
Label: ,

0 Comment:

Post a Comment

Subscribe to: Post Comments (Atom)

My Rank



Update News

Get the latest update of this site via email, Enter your email address:

We Don't Use Your Email For Spam Activity.

Link Banner

Copy Code Below, Insert Into Your Technology Site And Bestechno Team Can Review Your Web

  © Blogger templates Palm by Ourblogtemplates.com 2008

Back to TOP