Newest kido.ih virus, kido.dv, kido.fx, and kido.bt another aliases name for this virus are downadup, downad, conficker ,One type of worm virus that make very rapid distribution and has a very serious impact of computers on the network.
Conficker and it`s symptoms
1. Not able to open web security & can not update antivirus
This is one of the characteristics of conficker. check with open web security such as www.microsoft.com, www.kaspersky.com. Compare with access through the ip from the web page, http://65.55.12.249 (microsoft), http://195.27.181.34 (Kaspersky). If your browser can not access the site by typing the address of the site BUT it can open when you type the Ip address, then your computer may infected by Conficker. This happens because Conficker patching the DNS Query,so if access to certain DNS conficker blocked it.
2.shutdown and disabled some Windows Service
To create an effective infection, Conficker turn off some services such as Automatic Updates (wauserv), Background Intelligent Transfer Service (Bits), Error Reporting Service (ERSvc), Help and Support (helpsvc), the Security Center (wscsvc).
3.Create a new running services and inject svchost
This is aimed so that the virus is active and can be easily infect another computers and download new virus.
4.Create a new firewall rule
Conficker create a new firewall rule that can infect other computers and update new virus easily. Conficker use the port between 1024 to 10000. if the port used by conficker is the same port used by another application program, the application will be delayed.
5.Create Scheduled task
conficker done this so that virus remain running on the infected computer.
6.Disable Show Hidden Files & System Restore
conficker done this so that the victim is not easy to cleaning the virus.
7.Disable System Restore
conficker done this so that the infected computer cannot be returned to the initial setting before the conficker infection .
This are newest removal tool for cleaning kido/downadup/conficker
KidoKiller (Kaspersky)
Special tools made by Kaspersky Lab to remove Conficker virus. This tools is the third revision from kaspersky. This tools able to detect and remove the kido C / III version. Feature that added on this latest version are, able to detect and remove Scheduled task, and able to recover system restore. The superiority of this tool is it`s ability to recover DNS Query function without restarting computer. This Tools is running at the command prompt. Unlike the Symantec tools, this tools only scanning on a certain path that suspected of being infected by conficker, that`s made the scanning time becomes faster. Download here
Fix Downad (Trend Micro)
Tools made by Trend Micro to clean conficker virus , unfortunately this tools does not include a database when downloaded, so we need to download its database first . The database can be used for scanning of another virus / worm, so this tool can also clean another virus. If other tools consist of only one file, this tool has some application file that consists of : a checking database file, check scheduled task file, checking the windows patch file, virus checks, registry checks and services checks. Even if it consists of many files, we just need to one run bat file (batch file), which will then execute the other file. Download here
W32.Downadup Removal (Symantec) This Tool was made by the symantec antivirus company to remove conficker virus. This tools are very simple, there are only the start, cancel and about menu. This tool does not have the option of scanning the drive you want. This tool is able to kill the virus process, remove virus file and fix the registry that has been modified by the virus. Unfortunately this tool does not remove the “task schedule” created by the virus, does not remove the firewall rule created by the virus and does not restore the system restore back to normal. Download here
EConficker Remover (ESET/NOD32)
ESET/NOD32 also issued a special tools to overcome conficker for its users. This tool is very simple, because it is too simple, so you must run through the command prompt. Tools can kill the virus and delete them, but no other special things that can be done. Download here
