| Antivirus | Spyware & Adware removal | Registry Cleaner | Windows updates | Web Protection |

    ¤ Solutions
 »  Security Main Page
 »  Virus Removal
 »  Spywares Removal
 »  Trojans Removal
 »  Our Forums
 »  Our Blogs
    ¤ Populer Threads
 »  Remove fake Antivirus
 »  Rmov SpywareGuard 2008
 »  Remove Sinowal trojan
 »  Remove Virtumonde
 »  Remove Vundo troajn
 »  Google Search redirect
 »  Trojan Downloader
 »  Trojan Dropper
 »  Trojan Generic
 »  Worm32 NetBooster
 »  Zlob trojan removal
 »  Generic Host Proccess
 »  Remove Winweb Security
 »  Virus Trigger Removal
 »  Spyware CyberLog-x
 »  Cookies - 207.net
 »  AdWare.Adrotator
 »  See Other virus removal
    ¤ Tweaks
 »  Proxy Sites
 »  Computer & Internet
 »  Folder Lock
 »  Hack Windows Admin
 »  Windows Utilities - Tips

    ¤ Downloads
 »  Super Anti Spyware
 »  MalwareBytes
 »  Threat Fire
 »  Anti Viruses
 »  Firewalls
 »  Registry Cleaners
 »  See all Downloads

 
How to remove Conficker.dv virus manually

Also Known As:
TA08-297A (other)
CVE-2008-4250 (other)
VU827267 (other)
Win32/Conficker.A (CA)
Mal/Conficker-A (Sophos)
Trojan.Win32.Agent.bccs (Kaspersky)
W32.Downadup.B (Symantec)
Trojan-Downloader.Win32.Agent.aqfw (Kaspersky)
W32/Conficker.worm (McAfee)
Trojan:Win32/Conficker!corrupt (Microsoft)
W32.Downadup (Symantec)
WORM_DOWNAD (Trend Micro)
Confickr (other)

This virus can be removed using 7 simple step only. Anyway this virus make some people mad because it’s attacking network (they might have more trouble when try to clean it) and of course your protection , If we look more deeply this virus using mostly lame virus technique included all in one packet. but in advanced the virus maker understand and really know how really weak windows protection is.

Detection of conficker: There are many signs like, Error message Generic Host Process, You can’t access some important site ex: www.microsoft.com, www.symantec.com, www.norman.com, www.clamav.com, www.grisoft.com, www.avast.com, etc. You can’t update your antivirus, Many application not working like usually specially network application, and many more sign.
This virus created with UPX compression with size 162kb, You might get trouble when try to killed this virus process because it’s using lame technique by running .dll files following fake svchost.exe file. Virus is not automatically active, it will start downloading some image files and create temporary files then build himself LAME.

Once virus build completed it will start disabling some windows services, Virus will blocking any string he found on each active application, here is the list:
Ccert  -  sans. -  bit9. -  windowsupdate -  wilderssecurity -  threatexpert -  castlecops -  spamhaus -  cpsecure -  arcabit -  emsisoft -  sunbelt -  securecomputing -  rising -  prevx -  pctools -  norman -  k7computing -  ikarus -  hauri -  hacksoft -  gdata -  fortinet -  ewido -  clamav -  comodo -  quickheal -  avira -  avast -  esafe -  ahnlab -  centralcommand -  drweb -  grisoft -  nod32 -  f’prot -  jotti -  kaspersky -  f’secure -  computerassociates -  networkassociates -  etrust -  panda -  sophos -  trendmicro -  mcafee -  norton -  symantec -  microsoft -  defender -  rootkit -  malware -  spyware -  virus

Lame technique (again) virus will try download and executed some images files from some website, Virus will make firewall rule that can make your computer attacked from outside and totally control your computer (scary…. some people know this as botnet).

Virus Spreading:
Brute force default share administrator account.
Lame autorun.inf and hidden file on recycler folder (mostly on each drive with hidden attributes)
SVCHOST.exe exploited (that’s why there is microsoft update).
Alright enough, here are the 7 simple steps to remove conficker:

 1. Unplug every computers from network.

2. Deactivated system restore service (XP/Vista)

3. Kill active virus in background service, you can use Norman Malware Cleaner (Click To Download). (Since this virus using UPX compression, the easiest way to detect it is by using Ansav Utility and killed any UPX packet in background)

4. Delete fake SVSHOST.exe in registry.

5. Delete “Schedule Task” that virus created (%systemrot%\WINDOWS\Tasks)



6. Repair your registry using code below or download repair.inf

[Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKCU, Software\Microsoft\Windows\CurrentVersion\
Explorer\Advanced, Hidden, 0×00000001,1

HKCU, Software\Microsoft\Windows\CurrentVersion\
Explorer\Advanced, SuperHidden, 0×00000001,1

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\Advanced\Folder\Hidden\SHOWALL, CheckedValue, 0×00000001,1

HKLM, SYSTEM\CurrentControlSet\Services\BITS, Start, 0×00000002,2
HKLM, SYSTEM\CurrentControlSet\Services\ERSvc, Start, 0×00000002,2
HKLM, SYSTEM\CurrentControlSet\Services\wscsvc, Start, 0×00000002,2
HKLM, SYSTEM\CurrentControlSet\Services\wuauserv, Start, 0×00000002,2

[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Applets, dl
HKCU, Software\Microsoft\Windows\CurrentVersion\Applets, ds
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Applets, dl
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Applets, ds
HKLM, SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, TcpNumConnections

*NOTE: For files active on startup you can disabled it from msconfig or using hijackthis or deleted it manually in registry “HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

7. Scan with your best and updated antivirus to stop virus coming back in the future, and update your computer with this patch http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx




 

 
 
eXTReMe Tracker
Anti Virus - Spyware Removal - Trojan Removal - Registry Repair

         About DARFUN INC © Copyright darfuns.com
                 DARFUN CORPORATION. 2004 est