|
Articles -
Computer
|
|
Written by Administrator
|
|
Thursday, 26 November 2009 01:57 |
|
Removal Instructions
Microsoft: http://support.microsoft.com/kb/962007
Kaspersky: http://support.kaspersky.com/faq/
BitDefender: http://www.bitdefender.com/VIRUS-1000462-en--Win32.Worm.Downadup.Gen.html
TrendMicro: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp
To be able to access Anti-Virus vendors and SANS, Microsoft and others, from an infected Conficker.C machine, TrendMicro suggests to use "net stop dnscache" from the command line.
Sophos: http://www.sophos.com/support/knowledgebase/article/51416.html
Removal Tools
Microsoft MSRT: http://www.microsoft.com/security/malwareremove/default.mspx
F-Secure: ftp://ftp.f-secure.com/anti-virus/tools/beta/f-downadup.zip
AhnLab: http://global.ahnlab.com/global/file_removeal_down.jsp?filename=12371830475821&down_filename=v3conficker.zip
Symantec: http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99
McAfee: http://vil.nai.com/vil/stinger/
ESET: http://download.eset.com/special/EConfickerRemover.exe
BitDefender: http://www.bdtools.net/
Kaspersky: http://data2.kaspersky.com:8080/special/KK_v3.4.6.zip
TrendMicro: https://securecloud.com/support/sysclean
Sophos:
https://secure.sophos.com/products/free-tools/conficker-removal-tool-network/download (registration required)
Conficker Remote Scanners
nmap nmap 4.85BETA5 now includes Conficker detection http://
insecure.org/
nessus http://www.nessus.org/plugins/index.php?view=single&id=36036
McAfee http://www.mcafee.com/us/enterprise/confickertest.html
Conficker Working Group Information
Conficker Working Group http://www.confickerworkinggroup.org
ShadowServer http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090212 (very good explanation of the importance of this group)
Arbor networks http://asert.arbornetworks.com/2009/02/the-conficker-cabal-announced/
ICANN http://www.icann.org/en/announcements/announcement-2-12feb09-en.htm
Symantec https://forums.symantec.com/t5/Malicious-Code/Coalition-Formed-in-Response-to-W32-Downadup/ba-p/388129
General Information
Microsoft End user/Consumer page
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
IT Security/Professional Page
http://technet.microsoft.com/en-us/security/dd452420.aspx
Centralized information about Conficker
http://blogs.technet.com/mmpc/archive/2009/01/22/centralized-information-about-the-conficker-worm.aspx
SecureWorks http://www.secureworks.com/research/threats/downadup-removal/
Research (technical)
SRI http://mtc.sri.com/Conficker
MNIN Security Blog http://mnin.blogspot.com/2009/01/downatool-for-downadupbconflickerb.html
This is an awesome tool that generates domains, and ips to scan using the reversed algorithms from conficker.
ThreatExpert Blog http://blog.threatexpert.com/2009/01/confickerdownadup-memory-injection.html
CERT.at http://www.cert.at/static/conficker/TR_Conficker_Detection.pdf
Great paper that covers setting up your local DNS server to mitigate/alert on infections.
Sample zonefiles can be downloaded here: http://www.cert.at/english/downloads/downloads.html
CA Writeup dated 3/11/09
Screenshots of April 1st Trigger
Honeynet Project A useful analysis and supporting tools from the Honeynet project can be found at:
https://www.honeynet.org/files/KYE-Conficker.pdf and
http://iv.cs.uni-bonn.de/wg/cs/applications/containing-conficker/
Source: http://www.dshield.org/conficker
|
group