Mulai dari kemarin sampai hari ini bertepatan dengan april mop, orang² di kantor pada panik dengan virus/worm conflicer. Saya rasa tidak masalah selama system windows mereka ter-update dengan patch terbaru dan juga terdapat anti virus di systemnya. Virus/worm ini biasanya menyebar via internet dan USB.
Putar² hasil browsing dapat segambreng peruhal worm ini, hanya jenis lama yang sudah terdeteksi oleh anti virus pada umumnya. Berikut cuplikan dari berbagai sumber dan pembersihan manual ada disini.
Am I at risk of having the Conficker worm?
Most antivirus software could detect and block the Conficker worm, so if you have updated antivirus software on your computer, you are at a much lower risk of being infected by the Conficker worm.
If you or your network administrator have not installed the latest security updates from Microsoft and your antivirus provider, and if you have file-sharing turned on, the Conficker worm could allow remote code execution. Remote code execution allows an attacker to take control of your computer and use it for malicious purposes.
What does the Conficker worm do?
To date, security researchers have discovered two variants of the worm in the wild.
| • | Win32/Conficker.A was reported to Microsoft on November 21, 2008. |
| • | Win32/Conficker.B was reported to Microsoft on December 29, 2008. |
| • | Win32/Conficker.C was reported to Microsoft on February 20, 2009. |
| • | Win32/Conficker.D was reported to Microsoft on March 4, 2009. |
Win32/Conficker.B might spread through file sharing and via removable drives, such as USB drives (also known as thumb drives). The worm adds a file to the removable drive so that when the drive is used, the AutoPlay dialog will show one additional option.
The Conficker worm can also disable important services on your computer.
In the screenshot of the Autoplay dialog box below, the option Open folder to view files — Publisher not specified was added by the worm. The highlighted option — Open folder to view files — using Windows Explorer is the option that Windows provides and the option you should use.
If you select the first option, the worm executes and can begin to spread itself to other computers.
The option Open folder to view files — Publisher not specified was added by the worm.
How does the Conficker worm work?
Here’s an illustration of how the Conficker worm works.
How do I remove the Conficker worm?
If your computer is infected with the Conficker worm, you may be unable to download certain security products, such as the Microsoft Malicious Software Removal Tool or accessing certain Web sites, such as Microsoft Update. If you can’t access those tools, try using the Windows Live OneCare Safety Scanner.
