Solved

w32/Conficker!mem trojan

Posted on 2009-07-04
8
7,854 Views
Last Modified: 2013-11-08
w32/Conficker!mem trojan
svchost could not be repaired
c.JPG
0
Comment
Question by:tomar_10
8 Comments
 
LVL 3

Expert Comment

by:Saxtus
ID: 24778941
0
 

Author Comment

by:tomar_10
ID: 24778961
i have tried but it says nothinf foun you can see the log

But stinger says it exist

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\admin>cd desktop

C:\Documents and Settings\admin\Desktop>cd conficker

C:\Documents and Settings\admin\Desktop\conficker>econfickerremover
Win32/Conficker worm Removal Tool build: Jun 22 2009 (c) 2009 ESET, spol. s r.o.

Usage: removaltool.exe <options>
Options:  -autoclean  - clean automatically without confirmation
          -reboot     - reboot machine after successful cleaning
          -force      - force deletion of Conficker-like scheduled tasks
Win32/Conficker worm has not been found active in the memory.
Do you want to perform scanning and cleaning anyway? (y/n)
Nothing was found.
Checking for Win32/Conficker.AA files:
Nothing was found.



0
 

Author Comment

by:tomar_10
ID: 24778966
i face this problem
c1info.JPG
0
 
LVL 3

Expert Comment

by:Saxtus
ID: 24778976
I was trying to save you from a lot bigger download.
Here it is: ftp://ftp.f-secure.com/anti-virus/tools/beta/fsmrt.zip
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 24779038
You would need to install the MS Patch mentioned in the link if you haven't yet.
http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx


And run removal like the tools below:
F-Secure Removal tool:
ftp://ftp.f-secure.com/anti-virus/tools/DownadupRemovalTool.zip
ftp://ftp.f-secure.com/anti-virus/tools/beta/f-downadup.zip

MS Malicous Removal tool:
http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&disp 
laylang=en

Symantec's W32.Downadup Removal Tool:
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99



Also good idea to run Combofix, it should replace svchost.exe if it finds a clean one in the system.

Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(If it doesn't run re-download but rename before saving to your desktop)


Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 

If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix 

 
0
 

Author Comment

by:tomar_10
ID: 24779044
this tool dose not detect anything, its of no use.
0
 
LVL 13

Expert Comment

by:JeremySBrown
ID: 24780620
Try scanning with...Dr. Web Anti-Virus
http://www.freedrweb.com/
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24867974
Hello,

Open this webpage and see how many images you can actually see:

http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

That will help us track down which variant of Conficker you have (and if you actually have it or not).

Hope it helps.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Malicious software is nothing new. Viruses have been created and spread since before physical networks became popular; back then viruses spread via floppy disk and modem connections with shared systems. Viruses weren't so rampant and protecting your…
In every aspect, security is essential for your business, and for that matter you need to always keep an eye on it. The same can be said about your computer network system too. Your computer network is prone to various malware and security threats t…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now