Mal/Conficker-A

Kategorie: Viren und Spyware Schutz verfügbar seit:26 Nov 2008 14:13:32 (GMT)
Typ: Malicious behavior Zuletzt aktualisiert:28 Okt 2011 04:51:25 (GMT)
Verbreitung:

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Alias

  • WORM_DOWNAD.AD
  • W32/Conficker.worm
  • Worm:Win32/Conficker.gen!A
  • Worm:W32/Downadup
  • Net-Worm.Win32.Kido

Eigenschaften

  • Lädt Code aus dem Internet herunter.
  • Nimmt eine Selbstinstallation in der Registrierung vor.
  • Nutzt bekannte Schwachstellen aus.
  • Scannt das Netzwerk auf Schwachstellen.
  • Scannt das Netzwerk auf anfällige Kennwörter.

Betroffene Betriebssysteme

Mal/Conficker-A can be removed with either Sophos Anti-Virus or the standalone Conficker removal tool.

For a more detailed guide to cleaning up a Conficker infection on a Windows network, please refer to the knowledgebase article.

Ensure Windows is fully updated to fix the MS08-067 vulnerability that the Conficker family of worms uses to spread.

Ensure that all removable storage devices are scanned after being connected to a computer infected with the Conficker family of worms.

Ensure HIPS and buffer overflow prevention are both turned on and that "alert only" mode is turned off.

Ensure the on-access scanner is turned on and that "on write" scanning is enabled.

If W32/ConfikMem-A is detected on the computer, clean up this item first and then immediately run another full scan. Cleaning up W32/ConfikMem-A removes the worm from memory and allows Sophos Anti-Virus to scan files that may have been locked by the virus while it was running.

If a full scan reports unscannable files and W32/ConfikMem-A is not found in memory, ensure the on-access scanner is enabled and the virus data is up to date, reboot the computer and immediately perform another full scan. This causes the on-access scanner to prevent the Conficker worm from loading as a service and should unlock those files so they can be scanned.

After cleaning up an active infection of the Conficker worm, a reboot may be required.

Download Sophos Produkte kostenlos testen
Jetzt downloaden