Giedrius Majauskas blog » conficker http://www.majauskas.com Thu, 02 Feb 2012 15:37:59 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 New development in virus market – Conficker family http://www.majauskas.com/new-development-in-virus-market-conficker-family http://www.majauskas.com/new-development-in-virus-market-conficker-family#comments Fri, 27 Mar 2009 12:17:39 +0000 Giedrius Majauskas http://www.majauskas.com/?p=115 Conficker (latest one is Conficker.C) is one of the few malwares nowdays that bring something new in the market that relies on new names and new skins only. The thing distinguishing it from crowd is unique registry modification scheme that makes its removal difficult for comon spyware removers.

The trick used by Conficker.C is seting up registry permissions instead of inserting registry keys only. And you can not modify registry permission from the lowest leaf of affected tree – you need to traverse whole tree and start modifying it from top node. Thus removal instructions, just stating that you need removing single node  like

HKCUSoftwareMicrosoftWindowsCurrentVersionRun[Random String] = “rundll32.exe [Worm Executable], [Random String]”

are not fully correct. You need to check and fix the whole tree!.

There are couple dedicated tools that help you with removing Conficker and similar parasites. One of them is produced by enigma software group – conficker remover. Though I would suggest using complete spyware remover like Spyware Doctor or Malwarebytes Anti-Malware.

]]> http://www.majauskas.com/new-development-in-virus-market-conficker-family/feed 0