Virus Info

DCC Computer Virus & Malware Documentation Menu

Antivirus software developers often refer to the same virus by different names and may offer slightly or substantially different removal instructions. If you have difficulty finding information or effective removal instructions for a virus on one site then you might want to check other sites.

• Scam Alert •   You should not run or install software from unknown or untrusted sources. There are a lot of bogus "anti-virus" and "repair" tools available online that cause more problems than they fix! They may not always overtly ask you for your credit card numbers, your friends' email addresses, and other personal information. They may just offer you "free" software that will covertly send it all to them after you are kind enough to install their "helpful" (to them) tools.

Conficker
Removal Procedure

Here's a list of steps to clean Conficker from an infected NPS UDT 3.0 or 3.1 computer.

  • Turn off UDT Protection
  • Log into local admin account
  • Install Security Patch
  • Reboot the computer
  • Run a repair tool
  • Turn on UDT Protection

    • Conficker:

    Conficker congests (slows) access to authentication servers and shared network drives and is notorious for causing general network sluggishness.

    The Conficker worm/virus exploits a security hole in Microsoft Windows and will actively attempt to spread itself to other unpatched computers, removable media (e.g., USB drives), and network shares. The Conficker 'Eye Chart' test for infection does not work for computers accessing the Internet through a proxy server such as we use in the NPS district. If possible, you should patch and disinfect a computer using a local administrative user account to reduce the opportunities for the virus to spread to your personal and shared network folders. You might consider burining the security patch and your removal tool(s) of choice to a CD-R or DVD-R so your media doesn't get infected.

    Protect yourself from the Conficker Worm virus
    This Microsoft web page offers a brief introduction to the Conficker worm/virus.

    Microsoft Security Bulletin MS08-067 (KB958644)
    This Microsoft security patch will plug the hole Conficker attempts to exploit. The link above leads to a Microsoft page where you can download the appropriate security patch for the version of Windows on your computer. If you want to patch NPS computers running UDT 3.0 - 3.1 (Windows XP Service Pack 2) then you can download the appropriate patch here. Applying this patch to UDT 3.0 and 3.1 computers is a good way to prevent future infections - whether or not they are currently infected. UDT 3.2 computers are automatically updated every day they are on so they already include this patch. Don't forget to temporarily turn off UDT Protection before installing/updating software or running malware/virus scans.

    • Timesaver Tip •   If a UDT 3.2 image exists for your UDT 3.0 and 3.1 computer(s) then it may be faster and easier to upgrade to 3.2 rather than patch, scan, and repair your older version. This would also gain you the ongoing benefits of daily automatic updates and continuous real-time protection using Microsoft Security Essentials anti-virus software.

    After a computer has been updated with the MS08-067/KB958644 patch then Conficker can be removed using Microsoft MSRT or one of the other proven repair tools - preferably run in Windows Safe Mode. If an active Windows service (system support program) is infected then the repair tool (anti-virus software) must stop the service to remove the virus. Sometimes this requires a restart. You may be able to avoid this complication by running the scan in Windows Safe Mode.

    Conficker Aliases: W32/Conficker.worm (McAfee), W32.Downadup (Symantec), Win32.HLLW.Shadow.based (Dr.Web), Mal/Conficker-A(Sophos), Win32/Conficker.A (CA), W32/Downadup.A (F-Secure), Conficker.A (Panda), Net-Worm.Win32.Kido.bt (Kaspersky), Win32.Worm.Downadup.Gen (BitDefender), Win32:Confi (avast!), WORM_DOWNAD (Trend Micro), Worm.Downadup (ClamAV)

    Malware Scanners and Removal Tools:

    Caution: There are many rogue anti-malware 'tools' that cause more problems than they fix. You should investigate software before you install or run it on your computer. See our Malware web page for a list of malware tools and sites we've found useful.

    Microsoft Security Essentials
    This antivirus software is free for use at home and at work and offers real-time, continual protection against virus infections when it is installed and regularly updated. NPS computers running UDT 3.2 (or newer) software will automatically update the virus definitions the first time the computer boots each day. Older systems require manual updates after temporarily disabling UDT Protection

    Microsoft Malicious Software Removal Tool (MSRT)
    This document describes the procedure for downloading and running the free Malicious Software Removal Tool from Microsoft. This tool can detect and remove the dreaded Conficker worm variants as well as several other malware threats. Since the Conficker worm blocks Microsoft.com and many antivirus web sites we have also made the MSRT availble for download from the NPS web site by clicking here. (Version 2.8 - current as of April 1, 2009)

    Dr.Web CureIt!
    This document describes the procedure for downloading and running the free malware removal tool Dr.Web CureIt!. These instructions show an example of removing the Trojan.Downloader.based - a pesky piece of malware that attempts to download even more problems to your computer. Note the CureIt tool is based on the Dr.Web antivirus scanner so it also finds and removes many other malware infections and annoyances.

    Online Virus Scanners
    If you suspect a virus infection - in a file (perhaps an email attachment) or an entire computer - then you can scan it using one of the online virus scanning tools listed below. Online scanners do not run continuously. They merely scan what you tell them to scan, then report the results. Most online scanners merely report infections; they do not remove the infections. Trend Micro's online scanner can remove infected files but may require more setup than most of the online tools listed below. Not all virus scanners are created equal. Some find infections that others overlook. Therefore some of the sites below (e.g., Virustotal & Jotti's) submit your file to multiple virus scanners and show the results from each.

    Malware Information:

    Microsoft Malware Protection Center
    A searchable encyclopedia of Internet malware that includes top-10 lists of threats as well as links to their Malicious Software Removal Tool and Windows Defender.

    Symantec Security Response
    The Symantec Security Response web site is one of the oldest and most trusted sources of virus informantion available on the Internet. Their Virus Encyclopdia is a very valuable virus research tool.

    Trend Micro
    Trend Micro offers some excellent information. Their Virus Encyclopedia Search page is a handy place to find more info on specific viruses.

    McAfee Virus Information
    McAfee offers some of the best antivirus info and tools on the web. Their Virus Information Library allows you to search for specific info. McAfee's Stinger virus removal tool removes about 4 dozen viruses (including Bagle, Klez, MyDoom, Nachi, Netsky, Nimda, and SoBig) that may prove difficult for many antivirus scanners to completely eradicate. It also allows you to manually add your P:, U:, and W: drives - as well as any specific folders you maintain on the district S: drive (or on other network servers) - to the scan list. The C: drive is scanned automatically. Stinger does not identify all computer viruses. After using this removal tool you should update the virus scanner on your computer and run a complete scan of your C:, P:, U:, and W: drives and any folders you maintain on network drives to ensure you are virus-free.

    Malware
    Malware includes viruses, worms, trojans, adware, browser hijackers, key/password loggers, spyware, etc. (See malware glossaries listed below to learn more about these terms.) Since viruses are covered reasonably well by the page you are currently reading, (this index page) the Malware page focuses on spyware and offers links & tips.

    Google
    If the links above don't provide the info you need you might also try searching the internet.

    Malware / AntiVirus Links:

  • How Computer Viruses Work - a HowStuffWorks.com web site
  • Viruses & Worms - a Microsoft Security At Home web site
  • The Antivirus Defense-in-Depth Guide - a Microsoft TechNet online resource
  • CA Security Advisor - a Computer Associates web site
  • F-Secure Security Center - an F-Secure web site
  • Viruses - a Kaspersky web site
  • Virus Bulletin - an independent source of information
  • Vmyths.com - info about computer virus hysteria & hoaxes
  • AVIEWS - the Anti-Virus Information & Early Warning System
  • WildList - info on viruses spreading 'in the wild'
  • Malicious Code - 60+ documents from SANS InfoSec
  • ICSA Labs - tests AV software
  • US-CERT - US Computer Emergency Readiness Team (Homeland Security)

    • Malware / AntiVirus Glossaries:

  • Microsoft Malware Protection Center
  • Symantec Security Response Web Glossary
  • Glossary of Virus Terms - Trend Micro
  • McAfee Virus Glossary
  • SearchWindowsSecurity.com

    •  Back 

    		This page last updated 4-19-11. We have made every reasonable attempt to insure that our web pages are educationally sound and do not contain links to materials that violate the Norman Public School District's Policies on Internet and Internet Safety for the Computer Network. Opinions expressed on these web pages do not necessarily reflect those of the Norman Public School District. For more information concerning this site please email webmaster@norman.k12.ok.us.