Khamis, 2 April 2009

The worm Conficker.C has been activated on 1st April 2009.

The worm when infects the PC will query about 30,000 websites for further instructions, thus when the PC queries 30,000 sites your Network most probably will be congested and users will be experiencing high latency in internet.


1. WHAT is the symptoms:

    So far, the worm is new, there's no unique signature, but basically, look for these:
   * task manager disabled
   * regedit disabled
   * user cannot view my network
   * network is up, but microsoft sites and all antivirus sites cannot be open


2. HOW to avoid..
 For Microsoft users,  please follow link below
 http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx


3.HOW to clean the worms
     Refer to table below

Removal Instructions
Microsoft:  http://support.microsoft.com/kb/962007
Kaspersky:  http://support.kaspersky.com/faq/
BitDefender: http://www.bitdefender.com/VIRUS-1000462-en--Win32.Worm.Downadup.Gen.html
TrendMicro: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp

To be able to access Anti-Virus vendors and SANS, Microsoft and others, from an infected Conficker.C machine, TrendMicro suggests to use "net stop dnscache" from the command line.
Sophos:  http://www.sophos.com/support/knowledgebase/article/51416.html

Removal Tools

Microsoft MSRT:  http://www.microsoft.com/security/malwareremove/default.mspx
F-Secure:  ftp://ftp.f-secure.com/anti-virus/tools/beta/f-downadup.zip
AhnLab:  http://global.ahnlab.com/global/file_removeal_down.jsp?filename=12371830475821&down_filename=v3conficker.zip
Symantec:  http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99
McAfee:  http://vil.nai.com/vil/stinger/
ESET:  http://download.eset.com/special/EConfickerRemover.exe
BitDefender:  http://www.bdtools.net/
Kaspersky:  http://data2.kaspersky-labs.com:8080/special/KidoKiller_v3.3.3.zip
TrendMicro:  https://securecloud.com/support/sysclean
Sophos:  https://secure.sophos.com/products/free-tools/conficker-removal-tool-network/download (registration required)

Other Related Post About Conficker.C : ERM Blog