Archive for March, 2009

31
Mar

Don’t get taken in by the Conficker panic – PandaLabs

By epcdoctor Comments
Categories: Latest Thought

Don’t get taken in by the Conficker panic – PandaLabs.

Share This Post
31
Mar

Don’t panic about the Conficker worm strike on April 1st

By epcdoctor Comments
Categories: Latest Thought

Everybody is talking about Conficker and its variants. And not surprisingly, given the concern about the worm’s reactivation due on April 1. But there’s no need to worry.

Information on Conficker worm

What is exactly Conficker worm? Conficker is a malicious program that creates random URLs everyday and computers infected with it check these URLs to see if there are any new versions of the code available to download. It does so 250 times a day.

What will happen then on April 1? Well, on this day, the latest variant will create 50,000 new URLs, although we don’t know if any of these will host an update of Conficker. The creator may even use the URLs to host other malware.

Conficker checks the date on the Internet so there’s no point in changing the date on your computer.

Tips to stay protected

- Servers and Workstations should be patched by following the Microsoft Bulletin related to this vulnerability, available here: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

- Install an antivirus and if you have one make sure that all antivirus and security solutions are updated to their latest product version and signature file version.

- Install Panda USB Vaccine, a free security solution designed to block malware which spreads through USB drives.

This warning post describes rootkit infection with TDSSserv.sys/msqpd*.sys that is usually connected with Antivirus 2009 infection.

Symptoms of such infections include:

  • Fake pop-up infection warnings advising user to buy some fake antivirus application that claims to remove the infection (e.g Antivirus 2009, Antivirus XP).
  • Dektop background is changed to a warning message and cannot be changed back.
  • Access to Task Manager and Registry editor is disabled.
  • Web pages being redirected to wrong ones in internet browser.
  • Windows cannot be updated (page www.windowsupdate.com is inaccessible).
  • Antivirus software cannot be updated.
  • Panda detects infection using Anti-Rootkit scan as hidden drivers or files in system folders. Names of the detected files start with ‘TDSS’/’MSQPD’ e.g. TDSSserv.sys, tdsslog.dll, TDSSl.dll, msqpdxserv.sys.

If your computer seems to be infected with the above described infection, you can remove the infection this way:

  • Download the TDSS REMOVER utility.
  • Run this file by double-clicking on it.
  • If rootkits are found you will get a prompt telling you this
  • Confirmation will be displayed.
  • Restart computer.
  • Update your Antivirus.
  • Run your Antivirus software with a complete scan and remove all detected infection.

This utility also removes side effects of the infection such as disabled access to system functions. If you are still unable to use some functions, please run the utility again as described above.

Share This Post

 

March 2009
M T W T F S S
« Sep   Aug »
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

Google Talk

UserOnline

Get Adobe Flash playerPlugin by wpburn.com wordpress themes