Let's assume you're on the acquiring end of the worst April Fool's Day joke of 2009: your computer's been infected with the Conficker virus. It's a frustrating but not insurmountable problem. This guide will walk you through how to cleanse your computer and inoculate against other Conficker variants. First off, make sure that you are actually infected. There aren't many warning signs, but a few will stand out if you know what to look for. One fast way to check is to try to visit any major security software publisher's Web site. If you've cleared your browser cache beforehand, and you may load the sites of Symantec, Eset, Avira, or AVG, you're clean because Conficker blocks access to them. Another good litmus test is to check on the status and functionality of Windows services such as Automatic Updates, the Background Intelligent Transfer Service, Windows Defender, and Error Reporting Services. If any of those have been disabled without your consent, or if your account lockout policies have changed without approval, you may be infected. Other warning signs include unusually high traffic on your local area network, and domain controllers responding slowly to client requests. If you're running an up-to-date virus scanner, it's unlikely you'll get infected unless you've configured your computer to not receive automated Windows updates. Gobble up Thanksgiving screensavers here. Checking your list of installed updates for security update MS08-067 (KB 958644) is not recommended because the worm, alternatively known as Kido, Downup, or Downadup, fakes the patch job. Assuming you've got the virus, the next step is to download one of several free removal clients. The Conficker-specific tools are McAfee's Stinger, Eset's Win32/Conficker Worm Removal Tool, Symantec's W32.Downadup Removal Tool, and Sophos' Conficker Cleanup Tool. Avira particularly mentions on their Web site that Antivir will prevent infection and remove the virus if you have it, although I don't have an infected machine to confirm this against. AVG states that AVG Free will protect you against the virus, but doesn't say if it can remove it once you've been infected. If none of these programs work for you, Avira also offers Conficker-specific instructions about how to use their rescue CD to fix your computer. This requires a secondary computer so the CD can be created by you, if you haven't done so prior to infection. It is strongly recommended that if you're infected and you have the luxury of a second machine, disconnect the infected computer from the Internet and install any repair programs or other fixes via CD or USB key. One of the most frequent infection vectors for Conflicker and its ilk is the Windows AutoRun feature. Eset claims that one out of every 15 threats they detected in 2008 used autorun.inf. Unfortunately, disabling it is not as simple as you may think, because even when disabled through conventional means it parses the majority of the autorun still.inf file, of not reading it at all instead. To disable it completely, users will need to copy the text below into Notepad. It should be one line from the left bracket to the final quotation mark. Save it as something memorable, such as StopAutoRun.REG. Double-click on the saved file, and you close the AutoRun loophole. You also won't be able to automatically play DVDs just by putting them in the disc drive, but that seems a reasonable price to pay for slamming the hinged door on this gaping security flaw. Once you've gotten your computer clean and killed off the AutoRun feature, there's still more to do. These changes, however, are behavioral. Stay on top of Windows security updates from Microsoft, do not under any circumstances click on any Web-based ''free virus scan'' offers, and make sure you're not only running a reputable security suite, but that it's configured for daily virus definition file updates.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |