Tuesday, 2024/11/05, 4:18 AM


Main
Registration
Login
Hackersoft Welcome Guest | RSS  
Site menu

Our poll
Rate my site
Total of answers: 11048

Statistics

Total online: 1
Guests: 1
Users: 0

Tricks to play with conflicker b and c

Conficker C Prevention

When it comes to preventing Conficker C or Conficker B the key is to already be protected so you do not have to worry about it. Here are a few tips that will help to prevent the Conficker C virus as well as every other threat on the web.

1. The first step you should take is to ensure that your Windows operating system is up to date. Many people turn of the automatic updates because they find it anoying or just don’t want to take the time to install the updates. These updates are very important and they help to plug security holes. Ensure you have download the update support.microsoft.com/kb/958644 . This

2. The second step you need to take is to ensre you have active protection. NO FREE CLIENT gives enough active protection. In fact almost ALLLLLLLLL and I stress that piont, don’t even give you any protection on the front end. They only kick in after you have been infected. If you are using a free client or yours is about to expire then consider downloading a trial of Spyware Doctor with Antivirus. This is the client I personally use and recommend out to everyone. The makers are PCTOOLS. This is a superb product and will prevent infection in the first place.

3. The next step to avoid the Conficker C virus is to avoid websites you are not familiar with and free products that you are unfamiliar with. Such items include, Torrent websites and files that can be downloaded from those sites, PRON sites. Just about any website that is ofering free software. While many can be trusted be sure to do your research on the product before you attempt to download it.

If you practice just these 3 prevention tips then chances are you will not become infected and your computer will live a happy life. You can see it’s not hard to do. The biggest problem many people have is they want to use a free virus client. That is a big mistake and it will come back to bite you.



What will Conficker do on april 1st


One question on many peoples mind is what will conficker do on April 1st?

In case you do not know what the Conficker Worm is here is a brief description: Conficker first apeared in October of 2008. At that time it went by several names such as Downadup. This worm has mutated 2 times and in it’s current form it still is a worm but acts more like a trojan virus.

In a nutshell the third version of this strain known as Conficker.c is far more concerned about protecting it’s self then spreading at this piont. The web has not seen the likes of this type of infection since Zlob and Virtumonde first hit the market several years back.

On April 1st this trojan will activate and contact it’s maker to get an update for it’s code. While no one knows what will happen I personally belive the below is the most likely senerio. As an expert at removing viruses and spyware I can honestly tell you I do not know the below will happen but based on past viruses and spyware this bad boy will most likely follow the same path. Some of the below is aleady known and I will state those facts first.

Known:

Worm will block DNS so user will be unable to get updates for their operating system and most likely will not be able to get updates to for their security product.

System restore pionts will be removed.

Access to safe mode will be disabled

Many admin features will be disabled.

Unkown but my guess of what will happen

On April first when Conficker get’s it’s update you will most likely find several other viruses that will be installed onto your computer. Items like a Fake security software product that shows bogus scan results is all but certain to happen in my mind. Users will also find that they get nothing but re-directs and pop-ups when they try to search the web.

NO ONE has a fix yet for Conficker.C. However conficker A and B can be fully removed using Spyware Doctor with Antivirus. As well I have contacted PCTOOLS. They are the makers of Spyware Doctor with Antivirus and they have been able to identify and block Conficker.C. In just another day or so they will have an update that should 100% remove Conficker.C. For now as we stated it will fully remove Conficker A and B but will only block conficker.C.

We still recommend using Spyware Doctor with Antivirus to remove and block this threat. If you have been infected to the point were you can not even install any software or you are just not that computer literate then we recommend www.onlinecomputerrepair.org. This computer repair company is one of the few places out there that have great experience dealing with conficker and they will be able to remote into your computer and fully remove all virus and spyware.



The spread of Conficker


Conficker.c .b .a, also known as Downadup is spreading fast. The simplest way to stop the spread is to ensure you have the latest Windows updates. This one simple tip can really help to stop the spread of Conficker. As well you need to make sure your antivirus client is up to date.

If you are using a free client then you do not have enough protection and we would recommend Spyware Doctor with Antivirus.

In just 4 days Conflicker.b went from 2.4 million infections to over 8.9 million infections. This was reported by F-secure.

According to F-Secure, recent variants of Conficker attach themselves to several processes, disable Windows security services such as Windows Defender, Windows Error Reporting Services, and others, and create a registry entry for faster propagation across a network.

As Symantec points out, the W32.Downadup.B variant not only exploit the original Windows Server Service RPC Handling Remote Code variation, but can also spread through infected USB flash memory drives and by cracking weak network passwords. These latter methods are widely used by Conficker/Downadup to attack corporate networks.

Conficker/Downadup.B also infects mapped drives with autorun.inf files that spread the worm and blocks DNS requests to security sites to prevent downloading of updated antivirus and antimalware programs.

Perhaps the scariest facts about Conficker, though, are these:

* Conficker generates hundreds of domain names daily, but will only use a single one of the domains listed for downloading malicious files, making it very difficult to trace the actual infection sites.
* Conficker’s payload - what it was designed to do - has not been triggered and is not yet known. What the developers of Conficker could do with millions of compromised PCs, the majority of which are on corporate networks, is frightening.

If you are already infected then you need to check with your security maker IE.. the maker of your security product. If you do not have a security product yet then you should consider Spyware Doctor with Antivirus.

In adition you may find these other tools helpful as well.



Removal of Conflicker B

Good afternoon. With the help of Brandon Enright, I just posted a Downadup.B/Conflicker.B IP generation and domain name predictor tool. You can use it to predict the list of domain names that the worm will contact on a given date. Downadup.B uses a completely different algorithm for selecting IPs to attack with MS08-067. Fortunately, you can also use this tool to mimic the random IP address generation algorithm to predict which IPs the worm will attempt to attack.

To predict the list of C&C domains for any given day:

C:\> downatool.exe -domains 20090127
zjnannre.cc
[...]

To mimic the random IP address generation algo:

C:\> downatool.exe -ips 1000
195.115.162.105
63.98.101.24
* 240.73.140.93 (special)
* 192.98.44.111 (rfc 1918)
[...]

An asterisk implies that the PRNG will generate the IP, but the worm
skips it due to the specified reason.

You can throw it into statistics mode (recompile with #define
COUNT_MODE) instead of printing the addresses:

C:\> downatool.exe -ips 50000
Statistics on 50000 generated IPs:

Num. RFC 1918: 35
Num. multicast/other: 4309
Num. blacklisted: 33
Num. valid: 45623
Num. impossible: 0 (sanity check!)

The "impossible" count is the number of IPs in the set with a 2nd or 4th octet larger than 127 - a limit set forth by the author's use of Windows rand().

You can print the list of blacklisted IPs too:

C:\> downatool.exe -blacklist
[0] 81.12.221.96 - 81.12.221.127 (AVIRA)
[1] 91.199.104.0 - 91.199.104.255 (BitDefender)
[2] 192.88.209.0 - 192.88.209.255 (CERT)
[...]

Sign in

Calendar
«  November 2024  »
SuMoTuWeThFrSa
     12
3456789
10111213141516
17181920212223
24252627282930

IP

Copyright Hackerssoft © 2024