date of April 1 virus conficker aka downadup aka kido latest official released. According to this new type of anti-virus company Kaspersky Russia is different from the previous variants. Conficker download updates to itself from some web sites change. He also uses the local network as a path to obtain updates. And do not forget, conficker have a mechanism to turn off security features.
As we know before, conficker spread using the MS08-067 slit on MsWindows. Users who have not mempatchnya (menambal) cleft is very vulnerable exposed to this virus. Update Kido made in March and began yesterday actively the new system on 1 April 2009 is considered more difficult. What do Kido, with command over 50,000 domain random per day, the criminals make the action difficult to predict. In fact, the computer network of the victim Kido aka Downadup this can be used to perform the attack Distributed Denial of Service (DDoS). In addition, the botnet can be used to perform action data theft and spam to spread.
Following ways to clean the virus conficker, quoted from here:
Cleaning the entire computer and server
1. Install the patch from Microsoft that the rift MS08-067, MS08-068, MS09-001.
2. Make sure that the local administrator account password can not be easily diterka-password must consist of at least 6 characters which is a mix between capital letters and non-capital, numbers and special characters such as punctuation.
3. Turn off features that run the file in a USB flash disk automatically.
Peranti KKiller.exe can be run locally on the computer that is infected or run a remote bantukan with Kaspersky Administration Kit.
To Delete The Local
1. KKiller_v3.4.3.zip Download and extract the package to a folder in the computer that is infected.
2. Run the file KKiller.exe. When the scan is complete, bsia command prompt window appears on the screen. To me, that minimize the window, press any ombol. So that the window is closed automatically, it is suggested KKiller.exe gar run with the parameter "-y".
3. Wait until the scan selesai.Bila Agnitum Outpost Firewall installed on computers that run KKiller.exe, restart after KKiller.exe.
4. Make a full scan on the computer with Kaspersky Anti-Virus.
To Delete the Administration Kit
1. KKiller_v3.4.3.zip Download and extract the contents into a folder.
2. In the console Administration Kit, create installation packages for KKiller.exe. In the package installation, select "Make installation package for speficied executable file." In the box "command line executable file (optional)" any posts of the parameters "-y" to the console window is closed automatically after the process is complete.
3. Create a task for remote installation can be done globally or only a certain group. Run the task. KKiller.exe can be run on all computers in the network.
4. When KKiller.exe work is completed, scan the computer using Kaspersky Anti-Virus.Kalau Agnitum Outpost Firewall is installed on the computer, restart the PC after KKiller.exe used. To obtain additional information, run KKiller.exe with additional parameter "-help".
Computer Virus Distribution Method via Yahoo Messenger
Today, I fell ill by computer viruses. Gara garanya-time message with a friend that happens on-line are suddenly appearing in my yahoo messenger screen a message from a friend who also are on-line. I think that he was to send me a web address to see (the messages that appear on my screen message that time is a web address), I just click directly. And in fact one and all ... gubrakk ... muncullah the virus. Automatic message and friend, I also experienced similar things like me. Fortunately he was quick to catch more and ask me: "What is this? Not just a spam?" I answered: "Virus ..!" terlanjur because I have to click. :-( (
Method of distribution of this virus through yahoo messenger. So one and all, if an when we are preoccupied asyiknya-chat with friends and then appears a message from a friend who at that time we are also on-line that displays a web address (unfortunately I do not remember what the web address, the terlanjur panic ..) better direct diclose aja. Because once we click the address of the virus will automatically attack all account records at contact us. A pity that our friend does not know what I suddenly emerged virus. Because so happened to me, so my friend to confirm that he is sending the packet says he does not know if it is a virus. She said to get it from friends. Perplexedly kan ..?
My (new) found three viruses on my computer, the Worm. Win32.VB.ck, IM-Worm.Win32.Sohanad.ai and Trojan-Downloader.JS.Small.dn. The characteristics of this virus (I know the new) he will be the first attack on the system application internet explorer and change the homepage address we have on our setting. And it automatically shut off option for change. So .. so we connect to the internet that appears first is the web site: quicknews.info. The second characteristic is the way we enable yahoo messenger will appear warning from anti-virus we used (if it works correctly).
Now I have to help one and all, first please inform this matter to my friends brother. And the second for between one and all know that there are ways to recover its share knowledge to help me. I have scanned the computer but the virus is immune to my anti-virus. He can not be deleted. Hii ... eerie .. kan? For information I use Active Virus Shield (free edition) from Kaspersky Lab.
Hopefully we can take ibrah from this incident. :-( (
Method of distribution of this virus through yahoo messenger. So one and all, if an when we are preoccupied asyiknya-chat with friends and then appears a message from a friend who at that time we are also on-line that displays a web address (unfortunately I do not remember what the web address, the terlanjur panic ..) better direct diclose aja. Because once we click the address of the virus will automatically attack all account records at contact us. A pity that our friend does not know what I suddenly emerged virus. Because so happened to me, so my friend to confirm that he is sending the packet says he does not know if it is a virus. She said to get it from friends. Perplexedly kan ..?
My (new) found three viruses on my computer, the Worm. Win32.VB.ck, IM-Worm.Win32.Sohanad.ai and Trojan-Downloader.JS.Small.dn. The characteristics of this virus (I know the new) he will be the first attack on the system application internet explorer and change the homepage address we have on our setting. And it automatically shut off option for change. So .. so we connect to the internet that appears first is the web site: quicknews.info. The second characteristic is the way we enable yahoo messenger will appear warning from anti-virus we used (if it works correctly).
Now I have to help one and all, first please inform this matter to my friends brother. And the second for between one and all know that there are ways to recover its share knowledge to help me. I have scanned the computer but the virus is immune to my anti-virus. He can not be deleted. Hii ... eerie .. kan? For information I use Active Virus Shield (free edition) from Kaspersky Lab.
Hopefully we can take ibrah from this incident. :-( (
