Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Wednesday, August 22, 2012

Conficker worm removal

ESET OnlineScan

Detect and remove rootkits on your PC.

TDL Rootkit Detector
Detect presence of the TDL rootkit in your system
  • RKill
    Kill running malware processes that stop the use of normal antivirus
  • SuperAntiSpyware Fr...
    SuperAntiSpyware Fr...
    Detect and remove spyware, malware, rootkits, trojans, hijacker...
  • Kaspersky TDSSKille...
    Kaspersky TDSSKille...
    Detect and remove rootkit malware on your PC.
  • ====================
    December 30, 2008
    March 24, 2009 12:05:35 PM
    Also Known As:
    Worm:W32/Downadup.AL [F-Secure], Win32/Conficker.B [Computer Associates], W32/Confick-D [Sophos], WORM_DOWNAD.AD [Trend], Net-Worm.Win32.Kido.ih [Kaspersky], Conficker.D [Panda Software]
    Systems Affected:
    Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
    CVE References:
    W32.Downadup.B is a worm that spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (BID 31874). It also attempts to spread to network shares protected by weak passwords and block access to security-related Web sites.
    Microsoft Windows Server 2003 Datacenter Edition SP1,Microsoft Windows Server 2003 SP1/SP2
    Note: For more information, please see the following resource:
    This tool is designed to remove the infections of:
    • If you are on a network or have a full-time connection to the Internet, such as a DSL or cable modem, disconnect the computer from the network and Internet. Disable or password-protect file sharing, or set the shared files to Read Only, before reconnecting the computers to the network or to the Internet. Because this worm spreads by using shared folders on networked computers, to ensure that the worm does not reinfect the computer after it has been removed, Symantec suggests sharing with Read Only access or by using password protection.

      For instructions on how to do this, refer to your Windows documentation, or the document: How to configure shared Windows folders for maximum network protection.

      For further information on the vulnerability and patches to resolve it please refer to the following document:
      Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability
    • If you are removing an infection from a network, first make sure that all the shares are disabled or set to Read Only.
    • This tool is not designed to run on Novell NetWare servers. To remove this threat from a NetWare server, first make sure that you have the current virus definitions, and then run a full system scan with the Symantec antivirus product.
    How to download and run the tool

    No comments: