Romanians find cure for conficker
- 12 March, 2009 17:16
- Comments 12
BitDefender has released what it claims is the first vaccination tool to remove the notorious Conficker virus that infected some 9 million Windows machines in about three months.
The worm, also known as Downadup, exploits a bug in the Windows Server service used by Windows 2000, XP, Vista, Server 2003 and Server 2008. It spreads primarily through a buffer overflow vulnerability in Windows Server Service where it disables the operating system update service, security center, including Windows Defender, and error reporting.
Security experts claim the worm is the worst infection to date, second to the SQL slammer worm that devastated the Internet in 2003.
The Romanian security vendor said its removal tool, available here, will delete all versions of Downadup and will not be detected by the virus.
Senior malware analyst Vlad Valceanu said the worm is difficult to remove because it contains an in-built update service.
“BitDefender Labs has been seeing an increase in worms, like Downadup, that have a built-in mathematical algorithm, generating strings based on the current date,” Valceanu said in a written statement.
“The worms then produce a fixed number of domain names on a daily basis and check them for updates.
“This makes it easy for malware writers to upgrade a worm or give it a new payload, as they only have to register one of the domains and then upload the files.”
- Bookmark this page
- Share this article
- Got more on this story? Email Computerworld
- Follow Computerworld on twitter
-
CeBit 2012: Social media a legal minefield
-
VOIP a wake-up call for global phone competition
-
CeBIT 2012: Will NBN speed up freight delivery times?
-
HTC announces Titan 4G
-
Pure Storage's next-generation flash array offers high-availability option
-
Windows 7 for Seniors for Dummies®
-
Windows 7 for Dummies® Dvd+book Bundle
-
Computers for Seniors for Dummies, 2nd Edition
-
Windows 7 for Dummies®
-
Office 2007 All-In-One Desk Reference for Dummies
-
Teach Yourself Visually Windows 7
-
MYOB Software for Dummies 6E Australian Edition
-
Excel 2007 All-In-One Desk Reference for Dummies
-
Office 2007 for Dummies
Comments
Anonymous
BitDefender Tool Unsuccessful
i just ran the bd tool on a conficker-infected XP SP2. it said that it found the infection; it then killed some processes and then prompted for a reboot. before rebooting, however, i ran http://www.enigmasoftware.com/a1/download/cfremover.exe - it detected the infection as well. after rebooting, i ran both tools again. bd tool found no infection. but the infection was still present - its presence was confirmed by enigma's removal tool. the enigma tool is able to successfully remove the infection.
Anonymous
The _first_ cure for Conficker? Surely some mistake?
A range of cleanup tools for various versions of this virus have been available from a range of different security companies and helpful websites for quite some time...
Anonymous
Don't download Enigma
Enigma is spyware. The contact info is a Mail Boxes Etc. in Connecticut -- not a real company.
Anonymous
:o) Romanians
Proud to be a Romanian...
Bogdan
Conficker B
Use Kidokiller from Kaspersky.
The only tool that did the job 4 me.
Anonymous
First tool?
Just checked out their website...I think the key is in the details...it says:
"BitDefender is the first to offer a free tool which disinfects all versions of Downadup"
So I believe they meant first to remove ALL versions? But probably not THE first...if that makes sense.
eliana_ary
As you might now the worm blocks your access to a big number of sites which could provide you removal tools.
so...bdtools.net is THE ONLY site that can be accessed if you are infected.you run the tool there and your problem is solved.BitDefender never said they are the first to discover the worm, but the first to offer an accessible tool to help you solve the problem.
now bdtools.net redirect to downadup.org, still a BitDefender site, where you can find the removal tool for networks also.
Zephyr
thanks for the tool
Thanks for the article and the tool provided. I was just having some hard time with removing this from a laptop.
Good thing I read about it and disconnected it from my network before something else would have gone wrong.
I just went ahead with the tool from BitDefender and now my computer is squeaky clean. :) I think I'll also move away from that crappy symantec that permited this intrusion.
Anonymous
Enigma is not Spyware. They are a completely legitimate company. And the tool works and it is free. So I don't know what you are talking about!
Anonymous
I hear ya brother. Me too in this case, although not always.
Anonymous
BitDefender tool is great!
I’ve seen a bunch of anti-viruses and ‘specialized’ tools, therefore dedicate as such, for removing the said viruses. But I’ve seen some of them reporting for a virus that is not, initially, on your PC before system scan - but guess what, now it ‘found’ the virus you were afraid of. Now, you feel good about it - even if it’s bogus?
BitDefender provides the tool, for this particular bug, for FREE. And if they cannot find the bug, probably your machine doesn’t have it.
Go purchase an Enigma license if that makes you feel good.
Good luck
Anonymous
Does this really work?
Post new comment