Conficker.C Virus Truth or Rumor Spreading from 1 April

A new virus Conficker.C also named as Downadup, will Start spreading from 1April. Well Who knows it’s a rumor or a True news but if it is Exactly a News then it will be very pain full experience of this year, for corporate sector. Expert says it is much more dangerous, then its other two forms ( Conficker.A and Conficker.B ), Its main target is Security Center of your System, its alone capable in blocking security update sites.

When it execute it will make its multiple copies to system folder in form of small dll files , which will randomly and independently execute itself, some time it drop a copy in Program Files, Documents and settings folders also. It will start automatically in startup, register itself as a service and start blocking to access the security sites, it block some services like Automatic Update (wuauserv), Background Intelligent Service(BITS), Windows Security Center(wscsvc), and Antivirus/Security services, so that it will do its work properly.

When it blocks all Security related websites, services then it start connecting with other threat, and malware websites and download updates from the sites, means it will invite more, virus, Worms, spyware to come on to your system and then also send information of your system, sperms mails from your system to other or on your system too. If in case you try to restore your system to back date then you unable to do so because it will already deleted all system restore points in your system after execute.

How you find that your system is infected with this virus?

Well no one know how it infect the system but check these to find is really your system is infected or not .

  1. Check the services are disable itself :

  • wscsvc - Security Center

  • WinDefend Windows Defender ( In windows Xp and available already in Vista)

  • wuauserv - Automatic Updates

  • BITS - Background Intelligent Transfer Service

  • ERSvc - Error Reporting Service

  • WerSvc - Windows Error Reporting Service (available in Vista)

2. Check system restore point is created daily on your system or not

  •  Click START--- RUN--- and type without quota “msconfig” and then click on LAUNCH SYTEM RESTORE --- and then RESTORE MY COMPUTER TO EARLIER POINT and click NEXT and see at right side is it showing you restore point or not .

  • You also reach at Restore settings through START--- ALL PROGRAMS --- ACCESSORIES--- SYSTEM TOOLS --- SYSTEM RESTORE

  • Or try START—RUN and type “rstrui.exe” without quota.

  1. Check the registry value available if not then your system is infected.

  1. Check Your antivirus software is updating automatically or not and check all the services of your antivirus is on and working or not.
If you found any of the issue that means your system is infected with the Conficker.C worm.

How to stop it to spread and make less impact of Conficker.C virus ?

To stops the impacts of the virus to spread just follow some steps:

  1. First of all if it is connected with Network, Internet, Domain then disconnect it.
  2. Try to install Some updated and newer version of antivirus software and then full scan your system .
  3. Scan USB drive before backup data and transferring date because it start automatically after just insert in system
  4. Try to start the disable services (RUN--- START--- type “services.exe” ) mention already.
  5. If you suicide then update your system with MS08-067 patch and critical updates by manually download them.
  6. If you not suicide then first format whole computer and scan it with Antivirus software(try to scan with bootable antivirus software cd then apply MS08-067 patch.
  7. Install latest antivirus software and Change the weak system password with stronger and encrypted password which is harder to crack.
  8. It will try to contact one or more of the following domains in order to download further (and, presumably, malicious) updates –
btddc.com, d34ft.com, 23drf.com, cscs7.com, mgaazz.com, hhgg3.com, trafficconverter.biz so make them block completely

Check the system periodically . to ensure it will not infected again.

For further reading see the posting ::::::

post 1, Post:2 Post 3 Post 4