Conficker
Posted: January 27, 2009
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 9/10 |
---|---|
Infected PCs: | 59 |
First Seen: | July 24, 2009 |
---|---|
Last Seen: | July 11, 2020 |
OS(es) Affected: | Windows |
Conficker is a worm whose greatest notoriety was gained during the year of its appearance, 2008, but which has spread sufficiently to warrant warning PC users even as of 2014. Even taking its age into account, Conficker is a worm with sophisticated means of distribution that may employ brute-force attacks against password-protected against, as well as the exploitation of general software vulnerabilities. Conficker-afflicted PCs are linked to a botnet that may distribute spam or launch other threatening activities, and victims may be unable to access critical security features. Malware researchers recommend using updated and proven anti-malware tools for removing Conficker, which often is patched to stay ahead of the curve of threat-defining database updates.
Conficker: the Worm of Seven Years Long that Still is Going Strong
Although Conficker is a worm of many names, including Downup, Kido and Downadup, Conficker is a worm that has had a consistent focus on enabling illegal botnets by compromising large numbers of PCs. Variants of Conficker, such as Conficker.A or Conficker.B, may use different mechanisms to infect new PCs, and new variants of Conficker periodically are discovered, even in recent years. Conficker's basic strategies for distribution include:
- Distributing copies of itself to local network-connected computers. Password-protected networks may be 'hacked' by Conficker attempting to use dictionary attacks that guess weak passwords.
- Exploiting vulnerabilities on outdated Windows XP, 2000 and Server 2003 operating systems. Patched operating systems are protected from this attack, which has been deactivated in exchange for alternate infection techniques.
Some variants of Conficker worms also are installed on already-infected PCs, and are intended to be 'updates' to old variants of Conficker. The outdated worm may download this update automatically along with multiple forms of additional threats.
The use of secondary equipments such as USB thumb drives also should be monitored to prevent Conficker or related PC threats from compromising these devices. A standard infiltration technique could allow any PC sharing these devices to be infected as soon as the device is inserted.
Keeping Your PC from Being Conned by a Conficker Worm
Since Conficker's major payloads are related to botnet activities, the bulk of its attacks take place 'behind the scenes.' However, Conficker infections sometimes cause various symptoms, particularly ones that are related to blocking its deletion. As of malware researchers' last acquired samples, these symptoms may include the reset of Windows account policies, blocked Windows accounts, the automatic disabling of basic Windows features (such as Windows Update or Windows Defender), slow server response times, unusually high network activity and browser hijacks that block your access to some security websites.
Conficker is a good case study of an old threat that has seen regular updates from committed and highly-skilled criminal programmers in order to remain relevant to the landscape of modern computing. Some of the last known variants of Conficker worms even have been used to install fake anti-spyware programs and spambots. Although deleting Conficker is nothing less than extremely urgent for keeping your computer safe, malware researchers recommend leaving that task to appropriate PC security products that are able to detect all copies of Conficker and any related threat.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:malware.exe
File name: malware.exeSize: 188.88 KB (188886 bytes)
MD5: 38c3d2efdd47b1034b1624490ce1f3f2
Detection count: 50
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
malware.exe
File name: malware.exeSize: 110.59 KB (110592 bytes)
MD5: 09edf06953b56ee6a8cb6823cb3b2996
Detection count: 34
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
vhoinp.dll
File name: vhoinp.dllSize: 89.08 KB (89088 bytes)
MD5: e80c7cb77020f9326e15b3a0fb298045
Detection count: 29
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
my computer will not allow me to log into windows it logs back off as soon as you log in can you give me any help please thank you