Win32:Confi

Win32:Confi is a mass spreading worm

Summary
Type Worm
Aliases W32/Downadup, Net-Worm.Win32.Kido, W32/Conficker
Platform Windows
Known locations %WINDIR%\system32, recycle bin

Description

Win32:Confi exploits a security hole in Windows (http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx ) to propagate itself over networks. After infecting a machine, Confi creates a service with a randomly generated name and tries to infect other computers in the same subnet. It also drops itself into any removable media (USB sticks) plugged into the infected machine. When the attempt to exploit neighbouring computers fails, the worm runs a brute-force attack against weak passwords. Filesystem operations above the Win32:Confi files are not accessible for common users (not even for administrators), because the worm removes the rights and ownership from its files.

Detection/Removal

Manually download the corresponding patch from MS (Confi blocks access to some anti-malware sites). Update avast! VPS to the latest version. Unplug the LAN cable. Schedule the boot time scan and move all Win32:Confi files to the virus chest. After rebooting, install the MS patch. Reconnect the LAN cable and everything should be fine.

Viry
Viry in the Wild Souhrn z hlášení Windows viry Starší windows viry 2002 Starší windows viry 2001 Starší windows viry 2000 Script viry Macro viry Testovací soubor EICAR Historie VPS
Zasílání informací
informace o standardní VPS
avast! Home Registration
avast! 4 Home for free non-commercial use free - link to registration page
Home pageWeb site mapPrint this pagePrivacy policy
Copyright © 1988 - 2009 ALWIL Software a.s.
Domovská stránka
Viry  windows viry  Win32:Confi