The Conficker worm, also called the Downadup or Kido has already affected millions of computers worldwide.
What does it do?
----------------
It is not clear exactly as to what it actually does but the security analysts are of the opinion that its main aim is to create a safe haven for cybercrime. Some kind of a secure infrastructure
for running botnets. It will of course steal Credit Card information, and a host of other personal information, if your computer is compromised. However if you are running a Windows XP based system and if the Automatic Updates are turned on, then you are automatically protected. But if your system is compromised then you will not be able to visit, Microsoft, Symantec and a lot of other Anti-virus websites. Also it deletes all the previous System Restore points besides opening doors for all sort of Malware.
How does it infect?
--------------------
It spreads through USB memory sticks, networks and of course the Internet. This Conficker virus takes advantage of a Windows vulnerability and once infected, then the first thing it does is to
disable Automatic Updates, stop all the security update services (like that of your Anti-Virus's), blocks Internet access to most of the security websites. And after it has established base and contacted its author, then it remotely installs all sorts of Worms, Trojans, Backdoors, and Malware besides redirecting your browser phishing sites and scam websites.
What is the cure? - The healing touch
---------------------------------------------
Visit the Microsoft website from a clean computer and download 'MS08-067' security patch. If your Windows Automatic Updates service is turned on, this patch is already installed and your
computer is not compromised. The next step is to download to Symantec's Conficker removal tool. The link is given here.
http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99
If you want to download and install the Windows Security Patch and the Symantec Conficker Removal Tool on your own system then do the following :
1. Go to the command prompt by either pressing 'Winkey + R' or Click : Start>Run>and type 'cmd'.
2. Go to the root level (meaning : going to the drive letter where your operating system is loaded. This letter is most of the times 'C') by typing the following : 'cd\' and hitting 'Enter'.
3. You will now be at 'C:\'.
4. Now type 'net stop dnscache' and press 'Enter' This command will stop the domain blocking feature of the Conficker virus.
5. Now type 'net start dnscache'. And now you should be able to go the security websites.
6. Now download the following Windows security patch MS-08-067. Here are the links :
For Windows XP :
For Windows Vista :
7. If you still want to be sure, then download Symantec's Removal Tool here :
http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99
Tips : Always remember to Turn on the Automatic Update feature of Windows operating systems. Also regularly update your Anti-virus database. Have a good Malaware Removal Application. I personally recommend 'Spybot Search & Destroy'. This is available for free. Keep the Registry healthy by removing unused & unnecessary entries left over by previous uninstalls. There's a good free software available called 'CCleaner'. Also have a good Uninstaller installed on your system and make sure to use this when you want to uninstall. It provides a step-by-step interface which is easy to understand. What it does apart from cleanly uninstalling an unwanted software, is remove any entries left behind by the program from the folders and from the registry as well. When you uninstall a software cleanly then you are stopping any conflicts arising in the future. No conflicts means a healthy system! I recommend 'Revo Uninstaller', which again is free. And PLEASE do not fall prey to some really impressive websites offering a 'Free Virus/Security Scan'. All it does is install spyware even while it appears to be scanning for infections! You will be issued with a 'dire' warning as to how several 'infections' have been found on your system and how you can get rid of them by buying their Anti-Virus.
