Skip navigation

Tag Archives: Virus

I do want you to know that it is April 4, 2009 and the only thing that changed that is that the worm Conficker.C code base has changed. Also the servers that the worm connects to are open and not sending data yet so now it will be a waiting game now of what will it do next! This was said on “Security Now” a show hosted by Steve Gibson at grc.com. This worm is a very crafty viris that is out there now. If you want more info about this virus or how to remove it go to my post at

Conficker Worm PANIC on April 1, 2009.

Remember any computer that is comprimized by a virus, spyware, worm, or any type of mallisious code/program. If you remove it you can never say it is safe again because it was comprimized and remember if you were a hacker would you put a backdoor?

Advertisements

We hear all this talk about the worm called Conficker, also known as ZLOB, Downup, Downadup and Kido in the news latly. The worm is occuping approximately six percent of computers scanned by Panda Security are currently infected by the worm. In the news people are scared and it is like the blaster worm all over again. Well people found out their is a date ingrained in the worm that it is set to receve a set of instructions from the new programmer of the virus. This worm is exploiting the auto run feature in windows (all of it, Network shares, Pen drives, CD Drives, etc…). Also It has a warnning on Microsofts site at http://support.microsoft.com/kb/962007 about the worm. Also I found a link that talks about it at http://www.tinyurl.com/Confickerinfo and also on wikipedia at http://en.wikipedia.org/wiki/Conficker This worm finds a port that is open on your pc and gets in and or it uses vanribilities in programs to gain access. To advoid it is to turn auto run COMPLETLY OFF and keep programs upto date like Adobe readder, Windows etc… Windows has a security patch that semi fixes auto run but not really. It is only available in Vista and Server 2008. But I seen one for XP But I forget what it is called something like auto run patch, or something like that. Well I hope you scann your PC’s on April 1 2009, I know I will on my windows baced PC’s and friends/Family PC’s. Keep upto date and scan with everything you got. I give everyone the best of luck and keep safe online and off. Talk to you all next time!

More info and tools to try to remove it from Microsoft go to: http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx#EUB

Or try this removal method

To Remove it try this (found at http://www.xp-vista.com/spyware-removal/zlob-removal-instructions )

NOT RECOMMENDED TO USE:  SpyHunter* Spyware Detection Utility. Like They say on the site use my method in my post called

The Guide to Locking Down a PC

Stop Zlob Processes:
(Learn how to stop a process)
nvctrl.exe
msmsgs.exe

Unregister Zlob DLL Files:
(Learn how to do this)
oyopu.dll
yronl.dll
isadd.dll
pkgvyg.dll
qzviz.dll
Ygjun.dll
yuspej.dll
czxtyx.dll
bpvol.dll
splug.dll
dxovx.dll
lcsrsrv.dll
iesplg.dll (new)
iesbpl.dll (new)
vzfhprk.dll (new)
hymww.dll (new)

Remove Zlob Registry Values:
(Learn how to delete a registry value)
Software\Microsoft\Windows \CurrentVersion \Explorer\SharedTaskScheduler\{aed6f6a3-183c-488d-9f90-23db99f56e7f}
Software\Microsoft\Windows \CurrentVersion \Explorer\SharedTaskScheduler\{634be415-da12-496b-b89e-329b73c4807f}
Software\Microsoft\Windows \CurrentVersion \Explorer\SharedTaskScheduler\{8329660f-e248-4872-98cc-fb9c4fec7ba8}
SOFTWARE\MICROSOFT\Windows \CURRENTVersion \POLICIES\EXPLORER\RUN\C:\Windows \System32\issrch.exe
SOFTWARE\Microsoft\Windows \CurrentVersion \Explorer\SharedTaskScheduler\{2016a466-91a2-43c6-97d8-2fd380f065ef}

Find and Delete these Zlob Files:
(Learn how to do this)
Trojan.Zlob.D
nvctrl.exe
msmsgs.exe
Trojan.Zlob
hp[X].tmp
msvol.tlb
ncompat.tlb
RSA
Protect
vnp7s.net
zxserv0.com
dumpserv.com
oyopu.dll
yronl.dll
isadd.dll
pmsnrr.exe
pmmnt.exe
isamntr.exe
avD.exe
codecaddon1169[1].exe
pkgvyg.dll
qzviz.dll
Ygjun.dll
yuspej.dll
czxtyx.dll
bpvol.dll
splug.dll
dxovx.dll
lcsrsrv.dll
iesplg.dll (new)
iesbpl.dll (new)
vzfhprk.dll (new)
hymww.dll (new)