Virus Conficker / Recycler / Kido this (hereinafter Conficker virus) is a virus that has spread to more than 10 million computers in the world. In Indonesia was estimated to have tens of thousands of computers infected with this virus. Very sophisticated distribution via the Internet, network, and the Autorun USB Flashdisk. This virus also take advantage of a bug in Microsoft Windows to infecting for most of the corporate network. Microsoft censure of this virus, and even Microsoft promised to provide $ 250,000 (Rp3 billion) to anyone who can catch the making of virus.
Maybe other sites already in very many ways the analysis and cleaning this virus Conficker for example vaksin, Kaspersky, Microsoft, and thousands of sites / other blogs. But almost all provide a solution that is not so clear and even the most technical things that confuse the user beginners. As a result, many users and beginners who are still confused ask how this virus cleaning. This paper aims to discuss only the easy way to detect and clean this virus Conficker.
Detecting whether your computer is infected with the virus Conficker?
1. Can not access the site security
Your computer is likely infected if your computer can not access sites such as microsoft.com, kaspersky.com, or other sites associated with the following words:
nai, ca, AVP, avg, vet, bit9, sans, cert, windowsupdate, wilderssecurity, threatexpert, castlecops, spamhaus, cpsecure, arcabit, emsisoft, sunbelt, securecomputing, rising, prevx, pctools, norman, k7computing, ikarus, hauri, hacksoft, gdata, fortinet, ewido, clamav, comodo, quickheal, avira, avast, esafe, ahnlab, centralcommand, drweb, grisoft, eset, NOD32, F-Prot, jotti, Kaspersky, f-secure, computerassociates, networkassociates, etrust, panda, Sophos, trendmicro, McAfee, norton, Symantec, Microsoft, defender, rootkit, malware, spyware, virus
2. Hidden files can not be displayed
You can not show hidden files in the computer even though the settings have changed "show hidden" in the folder options or in Smadav.
During the scanning using Smadav, Smadav akan detect 1 registry value of the damaged caused by a virus conficker:
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Hidden \ SHOWALL
3. Smart-display Smadav Protection Alert
Smart-Protection (SmaRTP) Smadav display when the Alert Flashdisk dicolok to the infected computer. There are 2 files are detected, the address files detected akan shaped like this:
[x]: \ autorun.inf
[x]: \ RECYCLER \ S-5-3-42-2819952290-8240758988-879315005-3665 \ jwgkvsq.vmx
* [x] is a flash drive such as F, G, or H
You have been infected with a computer connected Smadav before, definitely will not be infected with this virus Conficker because SmaRTP will directly detect and remove them as soon as the USB Flashdisk connected.
Cleaning Conficker quite easy just by using the tools already made some anti-virus. In fact almost all Antivirus Import can clean the virus, provided that in the update. I suggest here 2 special tools to clean Conficker, namely PCMAV Express Conficker or Kidokiller Kaspersky.
1. Use one of PCMAV Express Conficker or Kidokiller Kaspersky.
Download PCMAV Express Conficker
how to use the open on this page: pcmav-express-for-conficker
Download Kaspersky Kidokiller
how to use the open on this page: Kidokiller Kaspersky
2. Windows Update Patch
Fixed bug to Microsoft and to prevent re-infection Conficker, Please Patch Windows Update page on Microsoft: MS08-067
3. Place SmaRTP Smadav
Already said before, You have been infected with a computer connected Smadav before, definitely will not be infected with this virus because Conficker akan SmaRTP directly detect and remove them as soon as the USB Flashdisk connected. So, good for the computers that were infected or not Conficker, attach Smadav in the computer so that it's safe infection.
For bloggers / other sites are expected to publish this article to help users who infected Conficker.
From Nafarin blog
And copied by hisyam from kaynere.hisyam will be stand alone and leave more .....
Tampilkan postingan dengan label TIPS ABAUT KOMPUTER VIRUS. Tampilkan semua postingan
Tampilkan postingan dengan label TIPS ABAUT KOMPUTER VIRUS. Tampilkan semua postingan
Rabu, 29 April 2009
Jumat, 03 April 2009
DHS Releases Conficker/Downadup Computer Worm Detection Tool
hisyam sad abaut conficker .....noo it's ...be carefull ya
Release Date: March 30, 2009
For Immediate Release
Office of the Press Secretary
Contact: 202-282-8010
The U.S. Department of Homeland Security (DHS) announced today the release of a DHS-developed detection tool that can be used by the federal government, commercial vendors, state and local governments, and critical infrastructure owners and operators to scan their networks for the Conficker/Downadup computer worm.
The department's United States Computer Emergency Readiness Team (US-CERT) developed the tool that assists mission-critical partners in detecting if their networks are infected. The tool has been made available to federal and state partners via the Government Forum of Incident Response and Security Teams (GFIRST) Portal, and to private sector partners through the IT and Communications sector Information Sharing and Analysis Centers (ISACs). Additional outreach to partners will continue in the coming days.
Department cyber experts briefed federal Chief Information Officers and Chief Information Security Officers today, as well as their equivalents in the private sector and state/local government via the ISACs and the National Infrastructure Protection Plan framework.
"While tools have existed for individual users, this is the only free tool – and the most comprehensive one – available for enterprises like federal and state government and private sector networks to determine the extent to which their systems are infected by this worm," said US-CERT Director Mischel Kwon. "Our experts at US-CERT are working around the clock to increase our capabilities to address the cyber risk to our nation's critical networks and systems, both from this threat and all others."
In addition to the development of this tool, DHS is working closely with private sector and government partners to minimize any impact from the Conficker/Downadup computer worm. This worm can infect Microsoft Windows systems from thumb drives, network share drives, or directly across a corporate network if network servers are not protected by Microsoft’s MS08-067 patch.
US-CERT recommends that Windows Operating Systems users apply Microsoft security patch MS08-067 (http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx) as quickly as possible to help protect themselves from the worm. This security patch, released in October 2008, is designed to protect against a vulnerability that, if exploited, could enable an attacker to remotely take control of an infected system and install additional malicious software.
Home users can apply a simple test for the presence of a Conficker/Downadup infection on their home computers. The presence of an infection may be detected if users are unable to connect to their security solution Web site or if they are unable to download free detection/removal tools.
If an infection is suspected, the system or computer should be removed from the network. In the case of home users, the computer should be unplugged from the Internet.
Instructions, support and more information on how to manually remove a Conficker/Downadup infection from a system have been published by major security vendors. Each of these vendors offers free tools that can verify the presence of a Conficker/Downadup infection and remove the worm:
Symantec:
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99
Microsoft:
http://support.microsoft.com/kb/962007
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
Home users may also call Microsoft PC Safety hotline at 1-866-PCSAFETY, for assistance.
McAfee:
http://www.mcafee.com/us/threat_center/default.asp
US-CERT encourages users to prevent a Conficker/Downadup infection by ensuring all systems have the MS08-067 patch, disabling AutoRun functionality (see http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and maintaining up-to-date anti-virus software.
In addition, US-CERT recommends that computer users and administrators implement the following preparedness measures to protect themselves against this vulnerability, and also from future vulnerabilities:
* Keep up-to-date on security patches and fixes for your operating system. The easiest way to do this is to set your system to receive automatic updates, which will ensure you automatically receive security updates issued by Microsoft. If your system does not allow automatic updates, we recommend that you manually install the Microsoft security patch today through Microsoft Update at http://update.microsoft.com/microsoftupdate
* Install anti-virus and anti-spyware software and keep them up-to-date
* Enable a firewall which will help block attacks before they can get into your computer
To access the alerts for this vulnerability and for additional information on cyber security tips and practices, please visit www.us-cert.gov.
Release Date: March 30, 2009
For Immediate Release
Office of the Press Secretary
Contact: 202-282-8010
The U.S. Department of Homeland Security (DHS) announced today the release of a DHS-developed detection tool that can be used by the federal government, commercial vendors, state and local governments, and critical infrastructure owners and operators to scan their networks for the Conficker/Downadup computer worm.
The department's United States Computer Emergency Readiness Team (US-CERT) developed the tool that assists mission-critical partners in detecting if their networks are infected. The tool has been made available to federal and state partners via the Government Forum of Incident Response and Security Teams (GFIRST) Portal, and to private sector partners through the IT and Communications sector Information Sharing and Analysis Centers (ISACs). Additional outreach to partners will continue in the coming days.
Department cyber experts briefed federal Chief Information Officers and Chief Information Security Officers today, as well as their equivalents in the private sector and state/local government via the ISACs and the National Infrastructure Protection Plan framework.
"While tools have existed for individual users, this is the only free tool – and the most comprehensive one – available for enterprises like federal and state government and private sector networks to determine the extent to which their systems are infected by this worm," said US-CERT Director Mischel Kwon. "Our experts at US-CERT are working around the clock to increase our capabilities to address the cyber risk to our nation's critical networks and systems, both from this threat and all others."
In addition to the development of this tool, DHS is working closely with private sector and government partners to minimize any impact from the Conficker/Downadup computer worm. This worm can infect Microsoft Windows systems from thumb drives, network share drives, or directly across a corporate network if network servers are not protected by Microsoft’s MS08-067 patch.
US-CERT recommends that Windows Operating Systems users apply Microsoft security patch MS08-067 (http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx) as quickly as possible to help protect themselves from the worm. This security patch, released in October 2008, is designed to protect against a vulnerability that, if exploited, could enable an attacker to remotely take control of an infected system and install additional malicious software.
Home users can apply a simple test for the presence of a Conficker/Downadup infection on their home computers. The presence of an infection may be detected if users are unable to connect to their security solution Web site or if they are unable to download free detection/removal tools.
If an infection is suspected, the system or computer should be removed from the network. In the case of home users, the computer should be unplugged from the Internet.
Instructions, support and more information on how to manually remove a Conficker/Downadup infection from a system have been published by major security vendors. Each of these vendors offers free tools that can verify the presence of a Conficker/Downadup infection and remove the worm:
Symantec:
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99
Microsoft:
http://support.microsoft.com/kb/962007
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
Home users may also call Microsoft PC Safety hotline at 1-866-PCSAFETY, for assistance.
McAfee:
http://www.mcafee.com/us/threat_center/default.asp
US-CERT encourages users to prevent a Conficker/Downadup infection by ensuring all systems have the MS08-067 patch, disabling AutoRun functionality (see http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and maintaining up-to-date anti-virus software.
In addition, US-CERT recommends that computer users and administrators implement the following preparedness measures to protect themselves against this vulnerability, and also from future vulnerabilities:
* Keep up-to-date on security patches and fixes for your operating system. The easiest way to do this is to set your system to receive automatic updates, which will ensure you automatically receive security updates issued by Microsoft. If your system does not allow automatic updates, we recommend that you manually install the Microsoft security patch today through Microsoft Update at http://update.microsoft.com/microsoftupdate
* Install anti-virus and anti-spyware software and keep them up-to-date
* Enable a firewall which will help block attacks before they can get into your computer
To access the alerts for this vulnerability and for additional information on cyber security tips and practices, please visit www.us-cert.gov.
