Romanians find cure for conficker
- 12 March, 2009 17:16
- Comments 12
BitDefender has released what it claims is the first vaccination tool to remove the notorious Conficker virus that infected some 9 million Windows machines in about three months.
The worm, also known as Downadup, exploits a bug in the Windows Server service used by Windows 2000, XP, Vista, Server 2003 and Server 2008. It spreads primarily through a buffer overflow vulnerability in Windows Server Service where it disables the operating system update service, security center, including Windows Defender, and error reporting.
Security experts claim the worm is the worst infection to date, second to the SQL slammer worm that devastated the Internet in 2003.
The Romanian security vendor said its removal tool, available here, will delete all versions of Downadup and will not be detected by the virus.
Senior malware analyst Vlad Valceanu said the worm is difficult to remove because it contains an in-built update service.
“BitDefender Labs has been seeing an increase in worms, like Downadup, that have a built-in mathematical algorithm, generating strings based on the current date,” Valceanu said in a written statement.
“The worms then produce a fixed number of domain names on a daily basis and check them for updates.
“This makes it easy for malware writers to upgrade a worm or give it a new payload, as they only have to register one of the domains and then upload the files.”
Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.
- Bookmark this page
- Share this article
- Got more on this story? Email Computerworld
- Follow Computerworld on twitter
- Getting Real About Security Management and Big Data – A Roadmap for Big Data in Security Analytics
- Pathways Advanced ICT Leadership Development Program Course Outline and Big 6 2013
- Endpoint Security and Virtualisation
- Batten Down the Hatches! A Guide to Protecting Data in Motion
- The Foundation for Cloud Management
-
How to provide IT support to a dispersed workforce
-
Intel claims Haswell will offer 50 per cent more battery life in laptops
-
Intel claims Haswell will offer 50 per cent more battery life in laptops
-
Verizon, Jennifer Lopez partner on Latino-focused wireless stores
-
Santos migrates to Windows 7 before XP support ends














Comments
Anonymous
1
BitDefender Tool Unsuccessful
i just ran the bd tool on a conficker-infected XP SP2. it said that it found the infection; it then killed some processes and then prompted for a reboot. before rebooting, however, i ran http://www.enigmasoftware.com/a1/download/cfremover.exe - it detected the infection as well. after rebooting, i ran both tools again. bd tool found no infection. but the infection was still present - its presence was confirmed by enigma's removal tool. the enigma tool is able to successfully remove the infection.
Anonymous
2
The _first_ cure for Conficker? Surely some mistake?
A range of cleanup tools for various versions of this virus have been available from a range of different security companies and helpful websites for quite some time...
Anonymous
3
Don't download Enigma
Enigma is spyware. The contact info is a Mail Boxes Etc. in Connecticut -- not a real company.
Anonymous
4
:o) Romanians
Proud to be a Romanian...
Bogdan
5
Conficker B
Use Kidokiller from Kaspersky.
The only tool that did the job 4 me.
Anonymous
6
First tool?
Just checked out their website...I think the key is in the details...it says:
"BitDefender is the first to offer a free tool which disinfects all versions of Downadup"
So I believe they meant first to remove ALL versions? But probably not THE first...if that makes sense.
eliana_ary
7
As you might now the worm blocks your access to a big number of sites which could provide you removal tools.
so...bdtools.net is THE ONLY site that can be accessed if you are infected.you run the tool there and your problem is solved.BitDefender never said they are the first to discover the worm, but the first to offer an accessible tool to help you solve the problem.
now bdtools.net redirect to downadup.org, still a BitDefender site, where you can find the removal tool for networks also.
Zephyr
8
thanks for the tool
Thanks for the article and the tool provided. I was just having some hard time with removing this from a laptop.
Good thing I read about it and disconnected it from my network before something else would have gone wrong.
I just went ahead with the tool from BitDefender and now my computer is squeaky clean. :) I think I'll also move away from that crappy symantec that permited this intrusion.
Anonymous
9
Enigma is not Spyware. They are a completely legitimate company. And the tool works and it is free. So I don't know what you are talking about!
Anonymous
10
I hear ya brother. Me too in this case, although not always.
Anonymous
11
BitDefender tool is great!
I’ve seen a bunch of anti-viruses and ‘specialized’ tools, therefore dedicate as such, for removing the said viruses. But I’ve seen some of them reporting for a virus that is not, initially, on your PC before system scan - but guess what, now it ‘found’ the virus you were afraid of. Now, you feel good about it - even if it’s bogus?
BitDefender provides the tool, for this particular bug, for FREE. And if they cannot find the bug, probably your machine doesn’t have it.
Go purchase an Enigma license if that makes you feel good.
Good luck
Anonymous
12
Does this really work?