If already infected W32/Conficker.AA, the virus will cause symptoms / effects as follows:
- If the previous variant lethal service 'Workstation, Server and Windows Firewall / Internet Connection Sharing (ICS)'. So this time the virus tries to shut down and disable some services, namely wscsvc: Security Center, wuauserv: Automatic Updates, BITS: Background Intellegent Transfer Service, ERSvc: Error Reporting Service and others.
- Viruses can do a block of application programs that run when you access a website containing the following strings: Ccert, sans, bit9, windowsupdate, wilderssecurity and much more. This is done without making changes to your existing hosts file. By making the block, can prevent anti-malware program to update its antivirus and prevent the user when attempting access to the site security.
- Viruses try to make changes to the system Windows Vista / Server 2008 by using command: 'netsh interface tcp set global AutoTuning = disabled'. With this command, then windows will auto tuning disabled. Windows Auto-Tuning is one of the features of Windows Vista and Server 2008 that is useful to improve the performance when trying to access the network.
- Viruses try to download and execute files (bmp, gif, jpeg, png) are then entered in the temporary internet.
- The virus will check the internet connection and download files to adjust the date after January 1, 2009. For it is a virus check on some of these sites: Baidu, google, yahoo, msn, until ask.com
- The virus will create a firewall rule on the local network gateway which makes an attack from the outside to connect and get the external IP address Address infected through a variety of ports (1024 to 10000).
- The virus will create a service with certain characteristics in order to run automatically at start-up windows and make an HTTP server on a random port
- Viruses create a scheduled task to run a virus file that is copied with the command: 'rundll32.exe. [% Random% extension], [% random]'
Use the following ways to remove Win32/Conficker.AA 1. Download the patch MS08-67 vulnerability according to your Windows version from here
2. Install patch MS08-67 vulnerability.
3. Download Win32.Worm.Downadup.Gen (Win32/Conficker.AA) removal tool from BitDefender from here .
4. Unzip / extract the file.
5. Unplug / disconnect the network cable.
6. Run Anti-downadup file-graphics.exe sehinggu windows appear as below
7. Click the start button
8. Reboot your computer when finished.
9. Plug the network cable again.
10. Create a new restore point following manner. : :
8. Reboot your computer when finished.
9. Plug the network cable again.
10. Create a new restore point following manner. : :
- Disable system restore to flush out infected restore points.
- Reboot the computer again
- Turn back to the Windows System restore
- Click START -> ALL PROGRAMS -> ACCESSORIES -> SYSTEM TOOLS -> System Restore.
- Click on "create new restore point", then click NEXT and follow the onscreen instructions
No comments:
Post a Comment