Conficker
7 views
Skip to first unread message
ePCdoctor
May 5, 2009, 1:16:51 AM5/5/09
to EPCDOCTOR
Realtime Alerts from ePCdoctor
Don’t panic about the Conficker worm strike on April 1st
Everybody is talking about Conficker and its variants. And not
surprisingly, given the concern about the worm’s reactivation due on
April 1. But there’s no need to worry.
Information on Conficker worm
What is exactly Conficker worm? Conficker is a malicious program that
creates random URLs everyday and computers infected with it check
these URLs to see if there are any new versions of the code available
to download. It does so 250 times a day.
What will happen then on April 1? Well, on this day, the latest
variant will create 50,000 new URLs, although we don't know if any of
these will host an update of Conficker. The creator may even use the
URLs to host other malware.
Conficker checks the date on the Internet so there's no point in
changing the date on your computer.
Tips to stay protected
- Servers and Workstations should be patched by following the
Microsoft Bulletin related to this vulnerability, available here:
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
- Install an antivirus and if you have one make sure that all
antivirus and security solutions are updated to their latest product
version and signature file version.
- Install Panda USB Vaccine, a free security solution designed to
block malware which spreads through USB drives.
This warning post describes rootkit infection with TDSSserv.sys/
msqpd*.sys that is usually connected with Antivirus 2009 infection.
Symptoms of such infections include:
* Fake pop-up infection warnings advising user to buy some fake
antivirus application that claims to remove the infection (e.g
Antivirus 2009, Antivirus XP).
* Dektop background is changed to a warning message and cannot be
changed back.
* Access to Task Manager and Registry editor is disabled.
* Web pages being redirected to wrong ones in internet browser.
* Windows cannot be updated (page www.windowsupdate.com is
inaccessible).
* Antivirus software cannot be updated.
* Panda detects infection using Anti-Rootkit scan as hidden
drivers or files in system folders. Names of the detected files start
with ‘TDSS’/'MSQPD' e.g. TDSSserv.sys, tdsslog.dll, TDSSl.dll,
msqpdxserv.sys.
If your computer seems to be infected with the above described
infection, you can remove the infection this way:
* Download the TDSS REMOVER utility under the file section here
* Run this file by double-clicking on it.
* If rootkits are found you will get a prompt telling you this
* Confirmation will be displayed.
* Restart computer.
* Update your Antivirus.
* Run your Antivirus software with a complete scan and remove all
detected infection.
This utility also removes side effects of the infection such as
disabled access to system functions. If you are still unable to use
some functions, please run the utility again as described above.
Don’t panic about the Conficker worm strike on April 1st
Everybody is talking about Conficker and its variants. And not
surprisingly, given the concern about the worm’s reactivation due on
April 1. But there’s no need to worry.
Information on Conficker worm
What is exactly Conficker worm? Conficker is a malicious program that
creates random URLs everyday and computers infected with it check
these URLs to see if there are any new versions of the code available
to download. It does so 250 times a day.
What will happen then on April 1? Well, on this day, the latest
variant will create 50,000 new URLs, although we don't know if any of
these will host an update of Conficker. The creator may even use the
URLs to host other malware.
Conficker checks the date on the Internet so there's no point in
changing the date on your computer.
Tips to stay protected
- Servers and Workstations should be patched by following the
Microsoft Bulletin related to this vulnerability, available here:
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
- Install an antivirus and if you have one make sure that all
antivirus and security solutions are updated to their latest product
version and signature file version.
- Install Panda USB Vaccine, a free security solution designed to
block malware which spreads through USB drives.
This warning post describes rootkit infection with TDSSserv.sys/
msqpd*.sys that is usually connected with Antivirus 2009 infection.
Symptoms of such infections include:
* Fake pop-up infection warnings advising user to buy some fake
antivirus application that claims to remove the infection (e.g
Antivirus 2009, Antivirus XP).
* Dektop background is changed to a warning message and cannot be
changed back.
* Access to Task Manager and Registry editor is disabled.
* Web pages being redirected to wrong ones in internet browser.
* Windows cannot be updated (page www.windowsupdate.com is
inaccessible).
* Antivirus software cannot be updated.
* Panda detects infection using Anti-Rootkit scan as hidden
drivers or files in system folders. Names of the detected files start
with ‘TDSS’/'MSQPD' e.g. TDSSserv.sys, tdsslog.dll, TDSSl.dll,
msqpdxserv.sys.
If your computer seems to be infected with the above described
infection, you can remove the infection this way:
* Download the TDSS REMOVER utility under the file section here
* Run this file by double-clicking on it.
* If rootkits are found you will get a prompt telling you this
* Confirmation will be displayed.
* Restart computer.
* Update your Antivirus.
* Run your Antivirus software with a complete scan and remove all
detected infection.
This utility also removes side effects of the infection such as
disabled access to system functions. If you are still unable to use
some functions, please run the utility again as described above.
Reply all
Reply to author
Forward
0 new messages