AVG Anti-Virus and Internet Security products protect your Windows PC from all known variants of the recent Conficker/Downadup/Kido worm that has been infecting numerous PCs worldwide. On Windows PCs already infected with the Conficker/Downadup/Kido worm, AVG products also detect and remove all known variants.
The AVG Technologies Labs has been actively tracking the spread of the Conficker/Downadup/Kido worm since the end of November 2008. Unpatched PCs are most at risk, as well as networks with weak or no passwords. This worm, alternativelly known as I-Worm.Generic, is able to spread very quickly because it uses three effective ways to propagate:
1. Exploits a Windows vulnerability, see MS Security Bulletin MS08-067. The Microsoft patch was released released on 23 October 2008, but it seems there are still a lot of unpatched computers.
2. Exploiting network shares with weak or no passwords. The worm contains a list of common passwords - a good reason to use strong passwords.
3. Copies itself to removable media, usually USB sticks. Using the AutoRun function (creates autorun.inf file)
The first versions of Conficker/Downadup/Kido were seen at the end of November / begining of December, 2008. By late January 2009 the AVG Technologies Labs had observed more than 300 different variants. All known variants are detected and healed by AVG products. Besides spreading, the worm can also download other malware and can redirect legitimate URLs access to various other malicious Web pages.
How to protect against the Conficker worm:
It is necessary to install the mentioned Windows update and make sure your AVG product is fully up-to-date. Microsoft have also released a special KB article: Microsoft Virus alert about the Win32/Conficker.B worm.
Download the latest AVG update for maximum protection.
In case your computer is infected by Conficker:
If your PC is already infected by the Conficker/Downadup/Kido worm, it may not be possible to update your AVG product correctly. In order to allow correct AVG updates, please proceed as follows:
* Open Start -> Run.
* Type 'cmd'.
* In the opened command line windows type the following command and press Enter: net stop dnscache
* It will be possible to update your AVG product now. Once updated, run an AVG scan to remove the infection: AVG -> Computer Scanner -> Scan whole computer
* When the scan is finished, please restart your computer.
Share