Академический Документы
Профессиональный Документы
Культура Документы
Well this is one of the new emerging popular virus. It has spread rapidly,
and most of your computers are infected. Conficker spreads via the USB
pendrive along with the autorun.inf
or via network by exploiting bugs in the Network Stack on Windows systems.
Skip to Manual Removal steps.
RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\
with
jwgkvsq.vmx
[AUTorUN
icon=%syStEmrOot%\sySTEM32\sHELL32.Dll,4
shelLExECUte=RuNdLl32.EXE.\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-
3665\jwgkvsq.vmx,ahaezedrn
useAuTopLAY=1
The presence of conficker can be detected by looking at the ICON of the USB
Pen drive. If it is a folder icon, then its almost sure that the drive is infected
with "conficker".
Run regedit.exe registry editor
Goto
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVers
ion\SvcHost\netsvcs
Double click the key to see if there is a random value at its end.
Note the "zbtthjd" at the end, this is the virus. A list of valid entries in the field
(from Microsoft) is given below to help you find the random string. (Usually at the
end).
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
EventSystem
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Sacsvr
Schedule
Seclogon
SENS
Sharedaccess
Themes
TrkWks
TrkSvr
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wuauserv
BITS
ShellHWDetection
uploadmgr
WmdmPmSN
xmlprov
AeLookupSvc
helpsvc
Try deleting the DLL file or else rename the DLL file to something else
Restart the System.
Renable Services Automatic Updates and BITS.