Conficker.B Worm – What the heck ??

“According to F-Secure, a well known security company, more than one million computers have been infected with the worm in the past 24 hours alone with over 9 million computers infected worldwide to date and that’s being conservative. We highly recommend that everyone patch their computers ASAP and be sure that you are running the latest anti-virus definitions for your anti-virus software that you run.”

Well , this was a nasty little B****.  The worst thing about this little nut is that it creates congestion on your network and that cuts down your download speed to half  and disables all security installers to run on the system. We even tried to follow the steps of our good old Microsoft and downloaded the Microsoft “Malicious Software Removal Tool” (http://support.microsoft.com/kb/962007).  Well , it looks nice and zippy , installed find and ran the quick scan , found nothing!!!. Ran a complete scan and still no joy.  We booted system in safe mode with networking , ran COMBO FIX (You might not be able to run it in normal mode).  Now Malware Bytes / CC Cleaner will be able to take off the left over ( which would ideally be a trojan , thats the thumb rule )!!!

Stay back Mr. Zango

What is Zango ( a definition from Wikipedia)  :  Zango, formerly ePIPO, 180solutions and Hotbar, produces software that provides access to partners’ games and restricted videos and software. Zango software is listed as adware, spyware and malware by Symantec. MCafee states, “this program may have legitimate uses”, but describes it as a “potentially unwanted program”, and an “adware downloader”.

My experience:  Our poor customer’s internet explorer all of a sudden stopped working. She is on Windows XP and using Internet explorer 6.0. When ever she tries to open IE it comes up with the classical Microsoft Error ” This program has caused an illegal operation”. We tried taking her in Safe Mode and Internet Explorer was working fine. We came to know that she has Zango installed on her system. Took no chance and removed every single component of Zango. The number of infected objects were 48 !!!!!!!. Rebooted the system in normal mode and up goes Internet Explorer with good old MSN homepage.

So , should we or should we not : Trust me guys , i have been new to all these. As a kid i used to work with MSDOS in a dark “school computer lab” , struggling for my share with 3 other guys ( with those classical things like “please take off your shoes” , ” Do not yell, ” Do not carry eatables”  , “LARGE 5.5 floppy discs to boot up systems , ” Space Commander ” , Prince of Persia” , “Dave” being the coolest games. Hell yes !! i am talking about India in the early 90s  ).  Since Music is my passion and we all love free stuff by human nature ,  I have got Limewire , BitLord on my system and i am frequest visitor to PirateBay , still i will not install Zango because :

1.) Too many payloads , installs a hell lot of stuff in your system

2.) Keeps an eye as what you are checking on the net.

3.) Hacking the Browser with hotbars

4.) Messing up your system security settings.

So , Stay away MR.Zango. Stay away from our systems for good.

Win32.zafi d – A kick ass trojan

15.01.09 (12:30 AM IST )

This is what i hate most , a deadly worm and i am all stuck with this . Customer has reported about a virus called win32.zafi d which has infected the system. I tried to boot up the system in Safe mdoe with networking , downloaded Malwarebytes ,  tried booting up in normal mode and installing super anti spyware , can not install that as well. when tried to enter msconfig the worm disconnected me from the customer’s  system . Download and ran the Symantec work removal tool from Here.

Alas !! , that did not help , what to do now , installed one more removal tool from Bitdefender , still little to cheer about. I am all stuck . Advised poor customer that i shall do some research (Downloading mp3 and torrents back home ) and get back the next day, advised to back up the data in the meantime.

16.01.09 ( 3:34 pm IST )

Well , As i am sitting at my desk typing this , i have half an hour to log in . I would get back to our customer between 5pm – 6pm GMT to fight back against the trojan. Some one on youtube advised me to rename the Malware Bytes executable and retry. Lemme check the Malware Bytes forum … OK , nothing found , i have posted my query , lets see how soon i get a reply. …

16.01.09 ( 4:20 pm IST )
No luck . Malware Bytes folks do not have a clue . The moderator advised me on forum etiquette as i had typed using CAPS LOCK on …. ;). Thanks ever so much Malware Bytes Forum.

Here is what i have found :
http://www.malwarebytes.org/forums/index.php?showtopic=9859
will try this surely

How did i get success:

Ok , here is how we removed the virus from the system .

First , you need to download , install and run an application called Combo Fix to scan and repair the system files . Details on download and usage is here.

After you run Combo Fix you would be able to run Malware Bytes , run a complete scan and remove the infected objects , reboot your system and rescan till Malware Bytes can nto find any more such infection. Next , uninstall your Antivirus product and reinstall the latest version with all the updates. If the issue still persists , please use the post to get in touch with me.