Skip navigation

We hear all this talk about the worm called Conficker, also known as ZLOB, Downup, Downadup and Kido in the news latly. The worm is occuping approximately six percent of computers scanned by Panda Security are currently infected by the worm. In the news people are scared and it is like the blaster worm all over again. Well people found out their is a date ingrained in the worm that it is set to receve a set of instructions from the new programmer of the virus. This worm is exploiting the auto run feature in windows (all of it, Network shares, Pen drives, CD Drives, etc…). Also It has a warnning on Microsofts site at http://support.microsoft.com/kb/962007 about the worm. Also I found a link that talks about it at http://www.tinyurl.com/Confickerinfo and also on wikipedia at http://en.wikipedia.org/wiki/Conficker This worm finds a port that is open on your pc and gets in and or it uses vanribilities in programs to gain access. To advoid it is to turn auto run COMPLETLY OFF and keep programs upto date like Adobe readder, Windows etc… Windows has a security patch that semi fixes auto run but not really. It is only available in Vista and Server 2008. But I seen one for XP But I forget what it is called something like auto run patch, or something like that. Well I hope you scann your PC’s on April 1 2009, I know I will on my windows baced PC’s and friends/Family PC’s. Keep upto date and scan with everything you got. I give everyone the best of luck and keep safe online and off. Talk to you all next time!

More info and tools to try to remove it from Microsoft go to: http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx#EUB

Or try this removal method

To Remove it try this (found at http://www.xp-vista.com/spyware-removal/zlob-removal-instructions )

NOT RECOMMENDED TO USE:  SpyHunter* Spyware Detection Utility. Like They say on the site use my method in my post called

The Guide to Locking Down a PC

Stop Zlob Processes:
(Learn how to stop a process)
nvctrl.exe
msmsgs.exe

Unregister Zlob DLL Files:
(Learn how to do this)
oyopu.dll
yronl.dll
isadd.dll
pkgvyg.dll
qzviz.dll
Ygjun.dll
yuspej.dll
czxtyx.dll
bpvol.dll
splug.dll
dxovx.dll
lcsrsrv.dll
iesplg.dll (new)
iesbpl.dll (new)
vzfhprk.dll (new)
hymww.dll (new)

Remove Zlob Registry Values:
(Learn how to delete a registry value)
Software\Microsoft\Windows \CurrentVersion \Explorer\SharedTaskScheduler\{aed6f6a3-183c-488d-9f90-23db99f56e7f}
Software\Microsoft\Windows \CurrentVersion \Explorer\SharedTaskScheduler\{634be415-da12-496b-b89e-329b73c4807f}
Software\Microsoft\Windows \CurrentVersion \Explorer\SharedTaskScheduler\{8329660f-e248-4872-98cc-fb9c4fec7ba8}
SOFTWARE\MICROSOFT\Windows \CURRENTVersion \POLICIES\EXPLORER\RUN\C:\Windows \System32\issrch.exe
SOFTWARE\Microsoft\Windows \CurrentVersion \Explorer\SharedTaskScheduler\{2016a466-91a2-43c6-97d8-2fd380f065ef}

Find and Delete these Zlob Files:
(Learn how to do this)
Trojan.Zlob.D
nvctrl.exe
msmsgs.exe
Trojan.Zlob
hp[X].tmp
msvol.tlb
ncompat.tlb
RSA
Protect
vnp7s.net
zxserv0.com
dumpserv.com
oyopu.dll
yronl.dll
isadd.dll
pmsnrr.exe
pmmnt.exe
isamntr.exe
avD.exe
codecaddon1169[1].exe
pkgvyg.dll
qzviz.dll
Ygjun.dll
yuspej.dll
czxtyx.dll
bpvol.dll
splug.dll
dxovx.dll
lcsrsrv.dll
iesplg.dll (new)
iesbpl.dll (new)
vzfhprk.dll (new)
hymww.dll (new)

Advertisements

2 Comments

  1. Conficker.A and Conficker.B can both be removed using free software like F-Secure’s Downadup removal software as well as bdtools which was made just for this. However Conficker.C has to be removed manually still. In just another day a fix will be made for it. You can view the Microsoft site for more information on how to remove this manually.

  2. I do want you to know that it is April 4, 2009 and the only thing that changed that is that the worm Conficker.C code base has changed. Also the servers that the worm connects to are open and not sending data yet so now it will be a waiting game now of what will it do next!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: