SEARCH :

Custom Search

Monday, September 27, 2010

Win32/Conflicker.C

Type: Worm
Category : Win32

Win32/Conficker.C is a worm capable of blocking security related websites, terminating system security services and
downloading component files using time-based generated URLs.

When executed, Win32/Conficker.C drops a copy of itself using a random filename in the %System% directory. It may also
drop copies of itself in the following directories:

%Program Files%\Windows Media Player
%Program Files%\Internet Explorer
%Program Files%\Movie Maker

For these and other dropped files, Win32/Conficker.C:

* Sets Read Only, Hidden and System file attributes
* Generates a file creation/access time-stamp based on that of "kernel32.dll"
* Creates access control entries
* Exclusively locks the file, thus restricting access and privileges

Note: %System% and %Program Files% are variable locations. The malware determines the locations of these folders by
querying the operating system. The default installation location for the System directory for XP and Vista
is C:\Windows\System32. A typical location for the Program Files folder would be C:\Program Files.

In order to automatically execute at each startup, it adds the registry entry below:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
= "rundll32.exe , "

Conficker also registers a service with a random name created by combining a word from this list:
"App,Audio,DM,ER,Event,help,Ias,Ir,Lanman,Net,Ntms,Ras,Remote,Sec,SR,Tapi,Trk,W32,win,Wmdm,Wmi,wsc,wuau,xml"

for this worm you can use "Microsoft Security Essentials", Microsoft Security Essentials can remove this worm.
Microsoft Security Essentials is not make you computer working hard. you will be receive update from Microsoft
Security Essentials server if Microsoft Security Essentials send notifications for new update.

you can download this Microsoft Security Essentials in this link :

download here for XP!!

download here for vista!!

download here for vista 64-bit!!