Subscribe For Free Updates!

We'll not spam mate! We promise.

Sunday

Widgets

How to Stop and Remove Conficker


Conficker How to Stop and Remove Conficker
What is Conficker?
Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in October 2008. The worm propagated through the Internet by exploiting a vulnerability in the network stack of Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, Windows 7 Beta, and Windows Server 2008 R2 Beta.
The worm has been unusually difficult for network operators and law enforcement to counter because of its combined use of advanced malware techniques.
How to Check if you are Infected by Conficker?
Conficker.B and Conficker.C infections can be detected simply by surfing a web-page.
Conficker.A infections cannot be detected this way. (for Conficker.B or Conficker.C) infection.
How to Remove Conficker?
Below are removal instruction and tools on how to remove conficker.
Removal Instructions
Removal Tools
Conficker Remote Scanners
Conficker Memory Disinfector
It is hard to identify files containing Conficker, because the executables are packed and encrypted. When Conficker runs in memory, it is fully unpacked. Our memory disinfector scans the memory of every running process in the system and terminates Conficker threads without touching the process it runs in. This helps to keep the system services running.
The tool itself and the source code can be downloaded here:
Detecting Conficker Files and Registry
Despite other reports, the file names and registry keys Conficker.B and Conficker.C use are not random. They are calculated on the basis of the hostname. We have developed a tool that you can run on your system to check for Conficker’s Dlls. Unfortunately,Conficker.A really uses random names and can therefore not be found this way.
It is at a very early development stage, but usable. We would be grateful to benefit from your changes if you develop it further.
Tool and source code are here:
Nonficker Vaccination Tool
Conficker uses different global and local mutexes to ensure that only the most up-to-date version is run on the system. This fact can be exploited to scan for and to prevent infections.
We have developed our Nonficker Vaccination dll that can be installed as a system service and pretends to be a running Conficker by registering all mutexes from version .A, .B, and .C (and possibly .D depending which naming scheme you refer to). A setup tool to install the dll as system service is provided as well.
Removal instructions:
  • Open your favorite registry editor (e.g. Start->Run…->regedit.exe->ok)

  • Go to registry key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvcHost

  • Remove the “aaaaanonficker” from the “netsvcs” key

  • Remove registry key and all sibling keys: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesaaaaanonficker

Besides vaccination, the mutexes can be used to scan for local infections. We have developed a small mutex scanner that tells you if you are infected.
Both tools and source code can be downloaded here:
More information on using Network Scanner and Intrusion Detection Signatures. (viaUniversitat Bonn)

INCOMING SEARCH TERMS:

  • conficker mem removal tool

  • conficker!mem

  • conficker scr

  • aaaaanonficker

  • Conficker mem

  • w32 conficker mem removal tool

  • nonficker

  • conficker mem removal

  • conficker removal tool

  • conficker!mem removal



Please Give Us Your 1 Minute In Sharing This Post!
SOCIALIZE IT →
FOLLOW US →
SHARE IT →
Powered By: AdDy FiZzi

1 Comments:

Post a Comment

Really thanks for taking time to leave a comment..