While the whole Silicon Valley was waiting with fingers crossed to see what will happen on April 1, 2009 as the Conficker was to takeover a significant portion of internet for acquiring and sending the stolen data from the infected computers, nothing happened on the D Day. However, some activities on the infected computers last week raise the many doubts again.
While the whole Silicon Valley was waiting with fingers crossed to see what will happen on April 1, 2009 as the Conficker was to takeover a significant portion of internet for acquiring and sending the stolen data from the infected computers, nothing happened on the day, giving a sigh of relief to most IT security centers.
As written in my previous article, the Conficker already infected around more than 90 million computers by the year start, most of the people in the IT industry were nervous. However nothing happened on April 1. This led research experts to believe that the virus was more hyped that its reality.
But wait… it is still April and on the start of the last week most of the computers infected by the virus received a message saying that the computer was now on a peer to peer network so that they can exchange information easily with others. However, when the experts tried to find out the other computers on the so-called network, no other unknown computer was detected!
Obviously, the message was a fake one but it shows that Conficker has awakened. The doubts at the moment are whether there is any other network that is not visible through normal procedures of network detection. Experts are working on this to find out the truth.
Meanwhile, in the research lab of Kapersky, a well-known anti-virus company, the infected computers downloaded some software that called itself SpywareProtect2009. This software claimed that it will remove viruses and spyware from the computers at a nominal charge of USD50. After two days of research on the SpywareProtect2009, the researchers have declared the software, a fake anti-virus that is related to one of the Conficker’s many pranks.
Other reports from the Panda Group, another anti-virus company, say that the Conficker is downloading latest viruses to the infected machines.
Finally, it turns out that there is nothing much special about the Conficker virus. It is just another computer virus, which has some extra capabilities of keeping itself updated and refusing to let go of the machine. But it can be removed and the removal tool is available at the Microsoft site.
Conficker Removal Tool
To remove the Conficker from your machine, use Malicious Software Removal Tool (MSRT) from the Microsoft site. The tool works for all three versions of the Conficker (A,B, and C)
For more information on the virus and to download the MSRT, check out the following links:
- http://support.microsoft.com/kb/890830
- http://www.microsoft.com/windows/enterprise/technologies/mdop.aspx
For manual method to remove the virus, use the following link. Make sure you backup everything important as this involves making changes in the registry.
http://support.microsoft.com/kb/962007
All the best.
Thu, Apr 16, 2009, by Arun M Kumar
Security