W32/Conficker is a family-propagating network worms. There are several variants. Worm is the most interesting features that spread to other computers via security vulnerabilities in the Windows Server Service Vulnerability is possible to download from himself to a remote computer without the user’s knowledge.
When executed, the worm will copy itself as a randomly named DLL to the Windows System folder. He also copied to the network share itself and tries to run itself on the remote machine.
Conficker aliases: W32.Downadup, W32/Conficker.worm, Net-Worm.Win32.Kido
Computers that have been infected will try to connect to some site that is:
http://checkip.dyndns.org
http://www.whatismyip.org
http://www.whatsmyipaddress.com
http://www.getmyip.org
Please check the internet gateway in your location. If there is a connection to the site above the block only.
To turn off this virus:
1. Update on the windows computer (better all the infected computer is updated before all). see ref: http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx
2. Use the special removal tool virus, one of which is the Anti-Downadup.exe From http://www.bitdefender.com
Do not forget to restart the computer after that.
0 comments
Post a Comment