Identify Virus or Worm Downadup / Kido / Konficker
Downadup virus is infecting millions of computers around the world. He infect a computer through a network password, the Windows software that is not patched, and primarily through a USB stick. Because the virus can be men-disable auto update from Microsoft and the company's corporate anti-virus, the immune system your computer to be weak and vulnerable to attacks from outside.
How do we know whether a computer has this virus fell ill?
Usually after a computer-scanned with anti virus, we will get warning that the computer has been infected by our Downadup, Kido, or Conficker, which is usually mentioned with the names as follows:
• Net-Worm.Win32.Kido
• W32/Conficker.worm.gen
• Worm.Conficker
• W32.Downadup
• W32/Downadup.AL
• W32/Confick-A
• Win32/Conficker.A
• Local / Conficker
Then there connection and Windows Errors, among others:
• Auto update from Microsoft auto update and anti virus repeatedly failed
• Unable to update Windows Defender
• The random errors "svchost"
• Not able to browse sites that provide prophylactic for this virus (for example, can not browse to www.microsoft.com)
In addition, services Windows can not work, for example:
• wuauserv: Windows Automatic Update Service
• Bits: Background Intelligent Transfer Service
• wscsvc: Windows Security Center Service
• WinDefend: Windows Defender Service
• ERSvc: Windows Error Reporting Service
• WerSvc: Windows Error Reporting Service
How does the spread of this virus?
The virus is spread to the four ways, namely:
• The exploit of Windows PC that has not been in the patch that is connected to a network
• With the attack of "brute force dictionary" of the administrator password using a weak password
• With menginfeksi removable drive stick (thumb drive)
• By using the Windows Scheduled tasks and Autorun menginfeksi back to a PC that has been cleaned with anti-virus (that is, not the trigger-happy anti-virus if we said that our computer is clean, because after re-start, the virus will be present again if re-scan )
Once on the computer, the virus akan:
• Replicating itself into the Windows system folder (eg C: \ \ Windows \ System 32)
• Change the Windows registry
• Changing the access right-click and registry keys so that users can not modify and delete
• make me able to restart Windows at the start
• Contact the site with a public IP address (for example http://www.getmyip.org) to find the IP address the computer we
• Download-version of a modified version of the virus itself from a number of websites based on the time and date which is very difficult to predict when there will be a
• Starting your own web server on port random from our PC to download the virus that has been modified
How to cope with the virus:
First, try get rid of the virus with the Microsoft Windows Malicious Software Removal Tool. However, if the computer has been infected with our virus, most likely all the sites that host this tool is already in the block-by. So we can download it for free from the Microsoft website's content distribution network in:
http://mscom-dlcecn.vo.llnwd.net/dow...90830-v2.6.exe
Vista for x64-based computer, Windows XP x64 and Windows 2003 x64, you can download the tool free of charge from:
http://mscom-dlcecn.vo.llnwd.net/dow...0-x64-v2.6.exe
If Windows fails tool, we can also try using the K7 or K7 Computing Antivirus Free Virus Removal Tool. Because the domain is also already in the block by the virus, use the link below to download:
http://70.32.74.100/tools/k7downadupremover.zip
After installation, the steps recommended to be done is:
• Meng-update version of this tool
• Me-restart Windows in safe mode
• Launch a full system scan
• Delete all the files that have been infected with this virus
• Re-start Windows in normal mode
Fix Windows Registry
This virus, like the kind of virus other, always momodifikasi Windows Registry. So do not forget to men-mem-scan and fix Windows Registry with regcure / Mindsoft Utilities / RegDefense or other similar tools.
After fixing windows registry, you are advised to always update your Windows.
Disable Autorun and AutoPlay
Highly recommended for men-disable Autorun and Auto (lay to avoid the kind of virus infection in the future.
Autorun and AutoPlayadalah one feauture default of Windows that enables the media and devices to launch the program using the commands listed in the "autorun.inf" that are stored on the medium's root directory. The creator of malware is very like Autorun and AutoPlay difficult due to the easy to disable and exploited.
To men-disable Autorun and AutoPlay quickly and easily, we can do the following manner:
• Download a free tool DisableAuto 0.2 (Softpedia) free of charge from the website http://www.softpedia.com/get/Tweak/R...ableAuto.shtml
• Unzip the file to. It will appear a reg file that is called "disableauto.reg"
• Double click the Reg file to modify the Registry
• Windows Reboot. Now AutoPlay and Autorun is disabled in the status. But we can still access and run all the media manually.
Happy trying, hopefully successfully.
Diintisarikan and translated from the source: www.downadup.com. For more information and play, please visit the site.
0 comments:
Post a Comment