Virus Conficker / W32.Downadup.B
Written by pnyet   
Page 7 of 7

5. To run a full system scan
  1. Start your Symantec antivirus program and make sure that it is configured to scan all the files.

    For Norton AntiVirus consumer products: Read the document: How to configure Norton AntiVirus to scan all files.

    For Symantec AntiVirus Enterprise products: Read the document: How to verify that a Symantec Corporate antivirus product is set to scan all files.


  2. Run a full system scan.
  3. If any files are detected, follow the instructions displayed by your antivirus program.
Important: If you are unable to start your Symantec antivirus product or the product reports that it cannot delete a detected file, you may need to stop the risk from running in order to remove it. To do this, run the scan in Safe mode. For instructions, read the document, How to start the computer in Safe Mode. Once you have restarted in Safe mode, run the scan again.


After the files are deleted, restart the computer in Normal mode and proceed with the next section.

Warning messages may be displayed when the computer is restarted, since the threat may not be fully removed at this point. You can ignore these messages and click OK. These messages will not appear when the computer is restarted after the removal instructions have been fully completed. The messages displayed may be similar to the following:

Title: [FILE PATH]
Message body: Windows cannot find [FILE NAME]. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

6. To delete the value from the registry
Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. For instructions refer to the document: How to make a backup of the Windows registry.
  1. Click Start > Run.
  2. Type regedit
  3. Click OK.

    Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.

  4. Navigate to and delete the following registry entries:

    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[RANDOM NAME]" = "rundll32.exe "[RANDOM FILE NAME].dll", ydmmgvos"
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\"dl" = "0"
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\"dl" = "0"
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\"ds" = "0"
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\"ds" = "0"
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[WORM GENERATED SERVICE NAME]\"DisplayName" = "[WORM GENERATED SERVICE NAME]"
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[WORM GENERATED SERVICE NAME]\"Type" = "4"
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[WORM GENERATED SERVICE NAME]\"Start" = "4"
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[WORM GENERATED SERVICE NAME]\"ErrorControl" = "4"
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[WORM GENERATED SERVICE NAME]\"ImagePath" = "%SystemRoot%\system32\svchost.exe -k
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[WORM GENERATED SERVICE NAME]\Parameters\"ServiceDll" = "[PATH TO WORM]"

  5. Restore the following registry entries to their previous values, if required:

    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"TcpNumConnections" = "00FFFFFE"
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL\"CheckedValue" = "0"

  6. Exit the Registry Editor.

    Note: If the risk creates or modifies registry subkeys or entries under HKEY_CURRENT_USER, it is possible that it created them for every user on the compromised computer. To ensure that all registry subkeys or entries are removed or restored, log on using each user account and check for any HKEY_CURRENT_USER items listed above.
Writeup By: Sean Kiernan
Source: Symantec Official Website
+/-
Write comment
Name:
Email:
 
Title:
 
:):grin;)8):p:roll:eek:upset:zzz:sigh:?:cry
:(:x
 
Please input the anti-spam code that you can read in the image.
+/- Comments
Add New Search RSS
cheap warhammer gold  - cheap warhammer gold   |221.6.130.xxx |11-08-2010 08:14:00
Do you know link:http://www.wargold4game.com?if you play online game,you will know link:http://www.wargold4game.comis the game gold,in the game,if you had
more link:http://www.wargold4game.com,you can had a tall level.but you want to
bought link:http://www.wargold4game.com.you can come here and spend a little
money to bought link:http://www.wargold4game.com.Quickly come here.
Reply
0 0
Audemars Piguet Watches 14908O  - Audemars Piguet Watches 14908OR.OO.D067CR.01   |59.61.138.xxx |13-11-2010 10:51:36
link:http://www.replica-watches-all.com specializes during export you the
critical link:http://www.replica-watches-all.com/Replica-h ampton_c2133 little both
retailer in the midst of broker. both brittle watches we has wellle
are imitated restack beginning the ingenious ones. killing our link:http://www.replica-watches-all.com, you awith regard tomizer silent
gawk fashionable. during through advantageously
informal manufacturers, our link:http://www.replica-watches-all.com/replica-a rmani-ceramica-watch-ar1
408_p7114.html are clearly praised earlier patron's. every utter of
built-up is under precise authority and through elevation order.
Reply
0 0
Anonymous   |60.6.208.xxx |25-02-2011 13:21:09
The fashionable handbags provided by our company feature high quality
leather, and I think that the exquisite designs of our bags will attract
your eyes.We have been in the market for selling well known handbags
for many years.The handbags on our website are the exact copies of popular
branded handbags. The material, the craftsmanship and the detailing of
our handbags is so good that it is very hard to differentiate between a
genuine fashionable handbag and the replica.Our bags are as following:
link:http://www.everrichbags.com/, link:http://www.everrichbags.com/, link:http://www.everrichbags.com/, link:http://www.everrichbags.com/Prada/, link:http:...
Reply
0 0
Anonymous   |60.6.208.xxx |25-02-2011 13:21:23
In modern society, women handbags develop into a necessarity for women
exterior. Handbags have played an important role in our
daily life.Amazingly replica handbags will not only protect your
precious accessories like gold jewelry, glasses, clips, replica wallets,
scarves, belt, and costumes inside them but also maintain their worth
for long time.By the way, Our replica handbags will instantly give a huge
shape to your figurines in a completely hot and lustrous manner. Bags
offered by us include: link:http://www.everrichbags.com/, link:http://www.everrichbags.com/, link:http://www.everrichbags.com/, link:http://www.everrichbags.com/Prada/, link:http...
Reply
0 0
Anonymous   |60.6.208.xxx |25-02-2011 13:21:39
Our replica watches have ultimate precision,and every detail of our replica
watches is highly mirrored the originals.these two versions
look almost the same.By the first sight, you would be impossible to
distinguish them.So they are in greater demand. Functional and precise
movements are equipped inside our replica watches of the best grade,
further assuring the high quality and excellent performance. Those replica
watches offered by us include the following : link:http://www.towatchit.com/, link:http://www.towatchit.com/Breitling/, link:http://www.towatchit.com/Bvlgari/, link:http://www.towatchit.com/MontBlanc/, link:http://www.towatchit.com/Tag-Heuer/, link...
Reply
0 0
Anonymous   |60.6.208.xxx |25-02-2011 13:21:51
Some of our replica watches are marvelously crafted to suit your fashion needs
and requirements;you can get a perfect match with accessories and costumes.Since
our Replica watches are available in numerous colors as well as in 2-3 color
combination,when selecting one for the party dress you don
Reply
0 0
Anonymous   |60.6.208.xxx |25-02-2011 13:22:09
Our replica watches are designed to complete your style. If you want to
know more about our watches, Please check our site, our different styles
of replica watches are as following: link:http://www.towatchit.com/Emporio-Armani/, link:http://www.towatchit.com/Vacheron-Constantin /, link:http://www.towatchit.com/IWC/, link:http://www.towatchit.com/Luxury-Pens/, link:http://www.towatchit.com/Audemars-Piguet/, link:http://www.towatchit.com/Bell-Ross/, link:http://www.towatchit.com/Hublot/, link:http://www.towatchit.com/Zenith/, link:http://www.towatchit.com/Zenith/Elite/, link:http://www.towatchit.com/Patek-Philippe/, link:http://www.towatchit.com/Franck-Muller/. It is well known that a
watch...
Reply
0 0
cheap air jordan sneakers  - cheap air jordan sneakers   |121.205.202.xxx |28-06-2011 01:02:38
link:http://www.supernflnhljerseys.com link:http://www.brand-sports.com link:http://www.nike-sneaker.org link:http://www.supernflnhljerseys.com link:http://www.brand-sports.com link:http://www.nike-sneaker.org link:http://www.supernflnhljerseys.com link:http://www.brand-sports.com link:http://www.nike-sneaker.org link:http://www.supernflnhljerseys.com link:http://www.brand-sports.com link:http://www.nike-sneaker.org link:http://www.brand-sports.com link:http://www.nike-sneaker.org link:http://www.brand-sports.com link:http://www.nike-sneaker.org link:http://www.brand-sports.com link:http://www.nike-sneaker.org link:http://www.brand-sports.com link:http://www.brand-sports.com
Reply
0 0
nba shoes  - nba shoes   |175.44.23.xxx |14-08-2011 07:51:23
To do the honors to the link:http://www.nbashoesssales.com/ Americans, coming from Latvia where
they followed the FIFA World u-19, there was also the President of
the Consorzio Ancona for Sport, Renzo Lucioli, the impression given to
the staff of the San Antonio from the sports facility; the American
entourage in link:http://www.nbashoesssales.com/lebron-james-s hoes/ occasion confirmed
the excellent link:http://www.nbashoesssales.com/ friendship established with the
company marches which, link:http://www.nbashoesssales.com/ in turn, through this interchange can
have a watch on players of interest and the dense network of scout  link:http://www.n...
Reply
0 0
SOCCER CLEATS  - SOCCER CLEATS   |112.111.172.xxx |19-08-2011 14:56:27
link:http://shenhq.parenting.gr/

link:http://shenhq.mylivepage.com/blog/index

link:http://www.thoughts.com/SHENHQ

link:http://www.mywebprofile.com/user/SHENHQ/blog s

link:http://shenhq.over-blog.com/

link:http://www.darksiders.net/user/SHENHQ/blogs
 
link:http://www.blurty.com/users/shenhq/

link:http://shenhq.fotopages.com/

link:http://www.graphicdesigncommunity.com/blogs. php?action=show_member_b
log&ownerID=60089

link:http://gvrl.com/blogsearchresults.asp?basics earch=SHENHQ

link:http://www.equestrianblogging.com/blogs/shen hq

link:http://shenhq.createblog.com/blog/

link:http://www.safetyissues.com/community/blogs/ posts/SHENHQ

link:http://my.opera.com/hqshen/blog/

link:htt...
Reply
0 0
emmar  - replica vacheron constantin watches   |123.153.66.xxx |24-08-2011 12:35:00
aquatimer watches samantha link:http://www.watchesbasic.org/omega-watches.ht ml omega replica put
complications watches link:http://www.sanwatches.org/rolex-watches.html replica rolex watches
for sale link:http://www.watchestype.net/tag_heuer-watches .html replica tag heuer
watches chopard watches link:http://www.maticwatches.com/ wrist watches link:http://www.appwatches.org/breitling-watches. html watches breitling link:http://www.watchescode.org/cartier-watches.h tml replica cartier.
Reply
0 0
makayla  - bvlgari watches   |123.153.66.xxx |24-08-2011 14:35:46
millenary watches link:http://www.cor-watches.org/ formula watches words link:http://www.stilwatches.com/breitling-watches .html replica breitling
watches for sale link:http://www.maticwatches.com/cartier-watches. html replica cartier
bentley motors watches patri link:http://www.canwatch.org/omega-watches.html replica omega watches link:http://www.watchesfaner.org/rolex-watches.ht ml replica rolex grow
gmt master ii watches link:http://www.watchesun.net/tag_heuer-watches.h tml replica tag heuer.
Reply
0 0
bubles  - never comes back   |123.153.66.xxx |24-08-2011 16:05:31
datejust watches link:http://www.tricwatches.com/tag_heuer-watches .html tag heuer watches
issue carrera watches link:http://www.cor-watches.org/ leaves rustle link:http://www.keepwatches.org/breitling-watches .html replica breitling
watches for sale editha link:http://www.watchescode.org/cartier-watches.h tml replica cartier
watches for sale royal oak offshore link:http://www.maticwatches.com/omega-watches.ht ml watches omega link:http://www.sanwatches.org/rolex-watches.html puberty fake rolex
watches cartier tankissime watches.
Reply
0 0
christian louboutin sale  - christian louboutin sale   |117.26.201.xxx |31-08-2011 13:36:11
Bailey released season shoes casual link:http://www.christianlouboutin2011sale.com/ch ristian-louboutin-wedges
-c-29.html shoes with link:http://www.christianlouboutin2011sale.com/ch ristian-louboutin-wedges
-c-29.html reference to the traditional link:http://www.christianlouboutin2011sale.com/ American style, with a link:http://www.christianlouboutin2011sale.com/ch ristian-louboutin-pumps-
c-26.html sporty link:http://www.christianlouboutin2011sale.com/ch ristian-louboutin-evenin
g-c-33.html and link:http://www.christianlouboutin2011sale.com/ch ristian-louboutin-evenin
g-c-33.html slim link:http://www.christianlouboutin2011sale.com/ch ristian-louboutin-flats-
c...
Reply
0 0
outlet   |117.28.249.xxx |08-11-2011 09:35:45
Get the Latest and Greatest link:http://www.toryburchfactory-outlet.com/tory- burch-outlet-c-17.html
Styles at Toryburchfactory-outlet.com. Free Shipping! Designer link:http://www.toryburchfactory-outlet.com/tory- burch-outlet-c-17.html
up to 68% off. No Sale Tax. Hurry up to shop now!
Reply
0 0
toryburchmall   |117.28.249.xxx |08-11-2011 09:37:41
Huge Selection of link:http://www.outlettoryburchmall.com/. Free Shipping & Fast Delivery
Always on all link:http://www.toryburchsoutletstores.com/. Don't Buy link:http://www.toryburchsoutletsus.com/tory-burc h-flats-c-3.html Shoes
and Handbags Until You See Insider Pricing Here! New arrvials Tory
Burch Outlet Boots are so versatile, we can't help but fall in love.
Reply
0 0
Coach Outlet Online  - Coach Outlet Online   |121.158.55.xxx |16-11-2011 13:31:10
One link:http://www.coachsfactoryoutlet.org/ of clothing

link:http://www.coachfactorysoutletstoreonline.ne t/ be loose

link:http://www.coachfactorystore-online.com/ compliment the

link:http://www.coachoutletstoreonline.ca/ of
the [url=http://www.coachsfactory-

online.net/]Coach Factory[/url]. A
loose link:http://www.coachfactorysoutletstoreonline.ne t/ or a skirt link:http://www.coachsfactoryoutlet-online.net/ help the

link:http://www.coachfactoryoutletonlineh.com/ Bags flow

link:http://www.mycoachfactorystoreonline.org/ what you

link:http://www.coachoutletstoreonlineh.com/ wearing. Small

link:http://www.coachfactorystore-online.com/ with a

link:...
Reply
0 0

3.26 Copyright (C) 2008 Compojoom.com / Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."


<< Start < Prev 1 2 3 4 5 6 7 Next > End >>
 
[ Back ]

Yahoo Chatt

Blogroll

Dhanuxe
fl3xu5
Kamas Muhammad
Irving Nazmi
Masterpop3
Melwin
Ozie
P. Nanang Sg.
Pataka
Republik Blogger
Yogie
Yusuf Hadiwinata
Vavai

Community

CentOS ID
ECHO
Forum Linux
Kecoak Elektronik
Linux Questions
OS Commerce's Forum
Security Focus
Zimbra ID

Security Advisories

ECHO
IPSecs
Milw0rm
mod_vvisit_countermod_vvisit_countermod_vvisit_countermod_vvisit_countermod_vvisit_countermod_vvisit_countermod_vvisit_counter
mod_vvisit_counterToday63
mod_vvisit_counterYesterday236
mod_vvisit_counterThis week1770
mod_vvisit_counterThis month3973
mod_vvisit_counterAll288711

My Google Page Rank

My Google Page Rank