TDL Rootkit Detector
Detect presence of the TDL rootkit in your system
Descargar
SuperAntiSpyware Fr...
Detect and remove spyware, malware, rootkits, trojans, hijacker...
Descargar
Kaspersky TDSSKille...
Detect and remove rootkit malware on your PC.
Descargar
blog.eset.com/2009/03/28/conficker-removal
download.cnet.com/Conficker-Removal-Tool
dw.com.com/redirected
symantec.com/security_response/writeup.jsp?
- Discovered:
- December 30, 2008
- Updated:
- March 24, 2009 12:05:35 PM
- Also Known As:
- Worm:W32/Downadup.AL [F-Secure], Win32/Conficker.B [Computer Associates], W32/Confick-D [Sophos], WORM_DOWNAD.AD [Trend], Net-Worm.Win32.Kido.ih [Kaspersky], Conficker.D [Panda Software]
- Type:
- Worm
- Systems Affected:
- Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
- CVE References:
- CVE-2008-4250
W32.Downadup.B is a worm that spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability
(BID 31874). It also attempts to spread to network shares protected by
weak passwords and block access to security-related Web sites.
Microsoft Windows Server 2003 Datacenter Edition SP1,Microsoft Windows Server 2003 SP1/SP2
W32.Downadup
======
This tool is designed to remove the infections of:Microsoft Windows Server 2003 Datacenter Edition SP1,Microsoft Windows Server 2003 SP1/SP2
-
Microsoft Security Update for Windows Server 2003 (KB958644)
http://www.microsoft.com/downloads/details.aspx?familyid=F26D395D-2459 -4E40-8C92-3DE1C52C390D&displaylang=en
W32.Downadup
======
Important:
- If
you are on a network or have a full-time connection to the Internet,
such as a DSL or cable modem, disconnect the computer from the network
and Internet. Disable or password-protect file sharing, or set the
shared files to Read Only, before reconnecting the computers to the
network or to the Internet. Because this worm spreads by using shared
folders on networked computers, to ensure that the worm does not
reinfect the computer after it has been removed, Symantec suggests
sharing with Read Only access or by using password protection.
For instructions on how to do this, refer to your Windows documentation, or the document: How to configure shared Windows folders for maximum network protection.
For further information on the vulnerability and patches to resolve it please refer to the following document:
Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability - If you are removing an infection from a network, first make sure that all the shares are disabled or set to Read Only.
- This tool is not designed to run on Novell NetWare servers. To remove this threat from a NetWare server, first make sure that you have the current virus definitions, and then run a full system scan with the Symantec antivirus product.
LibreOffice
Firefox
No comments:
Post a Comment