AutoRun offers no chance to worms with Windows 7

Microsoft Windows 7 has included autorun function to protect your pc from Worm. You no need to install anti-virus to extra protection.

The continuing circulation of the Conficker worm has prompted Microsoft to make changes to the AutoRun function in the Windows 7 release candidate, due for release tomorrow. As well as exploiting vulnerabilities in Windows and guessing simple passwords, Conficker also penetrates computers by using the Windows AutoRun function, which allows programs to be run automatically when a USB flash drive is connected or CD inserted.

Conficker programmers have also taken into account the behaviour of AutoRun under Vista, where the AutoRun function requires confirmation from the user. After connecting an infected USB flash drive, the AutoRun dialogue box shows a fake icon to fool users into thinking that clicking on it will open a folder. Instead, it runs the worm. Suspicions should be raised by the apparent duplication of the menu item for opening the folder, but nevertheless this trick has clearly been, and remains, fairly effective.

To stop users from falling into this trap in future, Microsoft has completely removed the option of running a program from the dialogue box for writeable media such as USB sticks, memory cards and external drives. The change does not, however, apply to CDs and DVDs. Testing will be required to determine what this means for U3 USB drives, which emulate a CD-ROM.

See also On this site
How Do You Remove Conficker Worm Files?
How to remove Conficker Worm registry keys
Online Virus Removal
Variant of Conficker worm

Conficker Computer Virus Poses New Threat

The Conficker worm computer virus updated itself late Wednesday, bringing a new threat to the millions of PCs currently infected by it.

The discovery was made by Internet security company Trend Micro, who stated in a press release that the ybercriminals behind the notorious Conficker worm may finally be gearing up for more serious attacks.ԍ

As many as 12 million computers could be infected by the worm. Microsoft is offering a $250,000 bounty for its creator.

The worm can be used to steal data from computers. It can also control infected computers to be used in what is called a otnet.The army of computers in the botnet can then be used by a hacker to launch cyberattacks against anything from Web sites to government computer networks.

Such an attack was launched against the U.S. Pentagon in 2007 by Chinese hackers. The Pentagon was forced to temporarily shut down its network and lost an unknown amount of information.

The activation of the Conficker worm came the same day (Wednesday) as reports of cyber spies infiltrating the U.S. power grid. The Wall Street Journal reported that Chinese and Russian spies were behind it, leaving software in the system that could shut down the U.S. electric grid.

Canadian researchers also discovered late last month the Chinese ԇhostNetԗa spyware system that is being used to monitor and steal documents from 1,295 computers in 103 countries. Among their targets were the Dalai Lama, the media, and hundreds of government and private offices.

Whether the Conficker worm has any connection to the other attacks is yet to be known.

On Oct. 26, 2008, just three days after the discovery of the worm was announced by Microsoft, Chinese hackers created a toolkit that would allow anyone to exploit the system gap. The kit was originally sold for $37.80 but was later made available for free download.

The surprisingly rapid spread of the Conficker worm is attributed to its ability to pass between computers on USB memory sticks. It is also able to invade computer networks. The worm spreads through vulnerabilities in Microsoftӳ operating system, Windowsءlthough an update is now available to repair the vulnerabilities.

The update of the worm was originally suspected to be taking place on April 1. According to Trend Micro the new variant of the worm, known as WORM_DOWNAD.E, runs using a random file name and random service name. It updated itself through P2P communications. The new file was discovered in the Windows Temp folder.

Its effects are yet to be known.

Strangely, according to a BBC report, researchers from the Symantec internet security company said the new update has instructions for the worm to remove virus itself on May 3, 2009, yet a gap in the machine will remain open so that its creators can still control the compromised PC

How antivirus software and System Restore work together

With System Restore in Windows XP, you can restore your computer to a previous state, and you do not lose private data files (such as Word documents, graphic files, and e-mail). System Restore actively monitors computer file changes and some program file changes to record or store earlier versions before the changes occurred. You do not have to take computer snapshots because System Restore automatically creates identifiable restore points that you can use to revert to a previous time. Restore points are created when significant computer events occur (such as the installation of a program or a driver) and periodically (each day).

To help protect critical computer and program files, System Restore monitors, records, and in some cases copies these files before they are modified. For example, when a process or a program (such as an upgrade, an inadvertent user change, a driver installation, or a virus) modifies a critical computer file or program file, System Restore records and saves a copy of the file before the change occurs. If a problem occurs, a restore operation can replace files with previously saved versions of those files. Antivirus support programs use auto-detection or scanning mechanism to monitor critical and personal files on the computer for signs of infectivity. The antivirus program then takes action to clean, remove, or quarantine (isolate) files that known viruses have infected. System Restore also tracks an antivirus program when it modifies (cleans), moves, or deletes a monitored, critical, computer or program file.

During a restoration, an active antivirus program scans for infected files. If the antivirus program detects any infected files, the antivirus program tries to modify, move, or delete the infected files. If the antivirus program successfully cleans the infected files, System Restore restores the cleaned files. However, if the antivirus software cannot clean a file, the antivirus software deletes or quarantines the file. As a result, the restoration does not work because these actions to the file cause an inconsistent restoration state. As a result, System Restore reverts to the state immediately before the restoration.

Signature files for antivirus programs are updated as viruses become known. As a result, a restoration that did not work several days ago might succeed after the antivirus program is updated. However, if you undo and retry a restoration to a point that succeeded before, the restoration may not work if a new signature or definition detects a virus that the antivirus program cannot clean on a backed-up file.

How to download AVG Removal Utility

This post provide further information about AVG antivirus support. AVG Remover utility removes all parts of AVG installation on your computer, including registry items, installation and user files on your disk, etc. AVG Remover is the least option to be used in case the AVG uninstallation / repair installation process has failed repeatedly.

Warning: All AVG user settings will be removed after the uninstallation, as well as the Virus Vault content and other item related to AVG installation and use. During the removal procedure you will be asked to restart your computer. Therefore please make sure to finish your work and to save all important data prior to AVG Remover launch.

AVG Remover(32bit) (avgremover.exe) for 32 Bit System
AVG Remover(64bit) (avgremoverx64.exe) for 64 Bit System

How to manually remove Power Antivirus 2009

This post provide antivirus support for remove Power antivirus from computer. PowerAntivirus2009, is a fake anti-spyware. Like other fake antispyware, Power Antivirus 2009 might launch false system alerts. This Power Antivirus 2009 popup is supposed to scare you into buying Power Antivirus 2009.

Step 1:- Stop unwanted process running in background.

Click Start then Run and type taskmgr.exe.
Click on Process tab in Task Manager and locate the following Image name(s).
Power Antivirus 2009
Highlight the Image name and Click End Process to stop.
Close the Task Manager.

Step 2:- Delete the suspicious file(s) or folder(s) from the computer

Click on Start and Run, type c:\progra~1, press Enter.
Locate the following file(s) and Delete.
Click on Start and Run, type %UserProfile%\Application Data , press Enter.
Locate the following file(s) and Delete
Click on Start and Run, type c:\Documents and Settings\All Users\Start Menu\Programs , press Enter.
Locate the following file(s) and Delete
Close the Window.
Step 3:- Uninstall the Suspicious program from the computer.

Click on Start and Run, type appwiz.cpl, press Enter.
Locate Power-Antivirus-2009 in Add and Remove Program.
Click on Remove (Uninstall) button.
Close Add or Remove program.
Restart the computer.
Step 4:- Manual Removal of suspicious entries from Registry.

CAUTION: Changing the Registry incorrectly could cause your comuter to stop working. Please make sure to create backup of registry or create system point before proceeding.

Click Start, Click run and type regedit.
Create a registry backup.
Locate the following registry keys, right click and Delete.
Restart the computer.

Easy Steps to Protect Your Computer From Conficker Warm

The “Conficker” worm / virus also known as “Downadup” infection, is actually a virus code programmed in such a way that it can infect your computer and spread itself to other computers across a network automatically, without human interaction.This post provide antivirus support for remove conficker warm from your computer in 5 easy steps.

If you have a Mac or a Linux machine, breath a sigh of relief; you don't have the right code to be infected. If you're running Windows as your platform of choice, listen up, because this is critical; time is of the essence. You may experience any number of symptoms which are common like loss of Internet connection and loss of local network connection and which are less common like Automatic updates and Microsoft services being disabled.

Update your anti-virus software. Disconnect your computer from the Internet and scan your system, if you believe you are already infected. To stop the spread of the worm, see step 3. If possible, back up your data ASAP.

Disable Auto-play in Windows. For Vista: Start > Control Panel > click Play CD's or other media automatically > uncheck Use Autoplay for all media and devices. > click OK. For XP: Start > Run Enter GPEDIT.MSC >
The Group Policy dialogue box will appear. On left panel, double-click Computer Configuration > Administrative Templates > System > Double-click the Turn autoplay off option. The reason behind disabling autoplay is that Conficker can be spread through USB flash drives infected with code that starts on auto-play when the infected drive is inserted into the computer. Disabling auto-play is a good way to ensure against any malicious code automatically gaining access to your computer.

If you have the Conficker worm, DO NOT DO A SYSTEM RESTORE. Like most malware, Conficker hangs in the restore points and reactivates when you do a system restore. Utilize a decent anti-virus solution such as AVG, Avast!, or Malwarebyte's Anti-Malware. Again, disconnecting your computer from the Internet is critical to prevent the spread of the worm or the continued use of your computer by the worm for devious purposes. Windows Malicious Software Removal Tool can be used to detect and remove the Conficker worm as an option as well.

Regardless if you are on a network or a standalone computer, download the Microsoft update patch KB958644 (MS08-067) This will fix a security vulnerability that is exploited by the Conficker worm. For more information on how to exactly deploy this update across a network as well as additional information on Conficker, please visit the link in the Resources section.

©2009 Antivirus Support | by TNB