Is your computer infected with the virus Conficker (aka Kido or Downadup)?  If yes, whether you have used the popular anti-virus, but can not afford Conficker thoroughly cleaned with? No sad especially disappointed. Media PC is now, as the market-leader in computer magazines, the PCMAV Express Conficker for that at this time is * the only * special Conficker superior antivirus in the world capable of providing complete solutions in the virus.  And this proves that antivirus PCMAV is always the pride of Indonesia, although the virus is faced by foreign-nan sophisticated.

NOTE: Due to the complexity of handling Conficker this virus, mainly due to the implementation of rootkit technology is a relatively neat and “beautiful”, scan engine architecture PCMAV 2.0 standards that are not designed and are not prepared to handle new types of virus such as this. Therefore why PCMAV Express for this Conficker present pending the rising PC Media magazine 05/2009 which will load the latest release PCMAV.

Unlike the other anti-virus, PCMAV for Conficker Express is designed specifically for the special and can identify 100% accurately and thoroughly eradicate Conficker to the “radical”, even though this virus has antidebugging techniques, anti-VM, double-layer and obfuscated code rootkit (invisible), which include sophisticated and complex.

Please note that, despite PCMAV Express is able to identify accurately, and the 3 variants of Conficker (Conficker.A, B, & B-1) that we get from the many faithful readers of the magazine PC Media, but only 2 main variants (Conficker.A & B) is known and we believe has spread to such an extent of hundreds of thousands of PC in the country.  So not true that at the time that this virus Conficker entry has until hundreds of thousands of variants. Info astray this speculation is only a handful of resellers / vendors / amatiran the antivirus did not have sufficient competence to analyze the virus is really quite complex. Despite that, not closed possibility there will be new variants Conficker. Please tell to edit if you find it.

In addition, if there are other antivirus as if so many are able to detect this virus variants (up to tens of dozens), it can be ascertained that the antivirus has been terkecoh by engineering obfuscated code that applies to this virus, or can be also due to the inability of the technical antivirus is the only simple to understand techniques pendeteksian / amateur using hash (CRC, MD5, SHA).And technically, this type of antivirus will Conficker beaten so active in memory.

The first and the only one in Indonesia, PCMAV Express for Conficker equipped with the latest technology RootScan smart-nan, who is able to safely penetrate through to the ring0 (kernel-mode) to detect virus with technology rootkit. This is the main key to be able to eradicate anti-rootkit similar Conficker. Any Sehebat an antivirus in the world, during the active and capable Conficker hiding in ring0, all the power and business anti-virus to detect and cleared most of the configuration of the system will be quite useless. And sepengetahuan our new Express PCMAV this is the only antivirus Conficker special in the world who use sophisticated techniques such nan-unique to this virus from the herd with a secure memory.

In addition, PCMAV Express this can Conficker and the clean settingan system that has been infected and able to restore it to its original state, including re-enable services that it turn off. Difficult to find another antivirus Conficker in the world that have this ability, such as: clean and complete!

In addition, analysis of complete virus Conficker, which is still a hot topic discussions antivirus researchers around the world, will be published in the magazine PC Media 05/2009 and its latest release PCMAV is capable of it. So, keep-in-touch ! FAQ summaries and analysis of this virus will soon be added in this blog. So, keep-in-touch!

Rules of Use:

1. Make sure your users have Administrator equivalent rights.
2. Disable the antivirus installed in order not to disrupt PCMAV Express.
3. Make sure that your computer before * not * connected to the network or the Internet during the scan.
4. Once completed, it is recommended to restart and re-scan (if necessary).
5. After the virus was successfully dituntaskan, immediately update / patch your Windows. PCMAV Express is also able to detect when your computer is not in the patch.
6. Make sure all the PC that is connected in the network have also been free Conficker, before you return the PC connected to the network.
7. Make sure the Administrator password on the right of your PC is not easy to guess, because Conficker have the ability to penetrate the “guess” the password to the Administrator with the vocabulary that is common in kamusnya. Change your password with a combination of alphabet and numerical order is not easy to guess.
8. If steps 3-7 above do not follow you correctly, then most likely Conficker can attack again, as well as any anti-virus you use.

Download Now!

Source : http://www.virusindonesia.com

REDMOND, Wash. – Feb. 12, 2009 - Today, Microsoft Corp. announced a partnership with technology industry leaders and academia to implement a coordinated, global response to the Conficker (aka Downadup) worm. Together with security researchers, Internet Corporation for Assigned Names and Numbers (ICANN) and operators within the Domain Name System, Microsoft coordinated a response designed to disable domains targeted by Conficker. Microsoft also announced a $250,000 reward for information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code on the Internet.

“As part of Microsoft’s ongoing security efforts, we constantly look for ways to use a diverse set of tools and develop methodologies to protect our customers,” said George Stathakopoulos, general manager of the Trustworthy Computing Group at Microsoft. “By combining our expertise with that of the broader community we can expand the boundaries of defense to better protect people worldwide.”

As cyberthreats have rapidly evolved, a greater level of industry coordination and new tactics for communication and threat mitigation are required. To optimize the multiple initiatives being employed across the security industry and within academia, Microsoft helped unify these broad efforts to implement a community-based defense to disrupt the spread of Conficker.

Along with Microsoft, organizations involved in this collaborative effort include ICANN, NeuStar, VeriSign, CNNIC, Afilias, Public Internet Registry, Global Domains International Inc., M1D Global, AOL, Symantec, F-Secure, ISC, researchers from Georgia Tech, the Shadowserver Foundation, Arbor Networks and Support Intelligence.

“The best way to defeat potential botnets like Conficker/Downadup is by the security and Domain Name System communities working together,” said Greg Rattray, chief Internet security advisor at ICANN. “ICANN represents a community that’s all about coordinating those kinds of efforts to keep the Internet globally secure and stable.”

“Microsoft’s approach combines technology innovation and effective cross-sector partnerships to help protect people from cybercriminals,” Stathakopoulos said. “We hope these efforts help to contain the threat posed by Conficker, as well as hold those who illegally launch malware accountable.”

More information about how to protect yourself from Conficker can be found at http://www.microsoft.com/conficker. Customers interested in learning more about staying safe online can visit http://www.microsoft.com/protect.

Microsoft’s reward offer stems from the company’s recognition that the Conficker worm is a criminal attack. Microsoft wants to help the authorities catch the criminals responsible for it. Residents of any country are eligible for the reward, according to the laws of that country, because Internet viruses affect the Internet community worldwide. Individuals with information about the Conficker worm should contact their international law enforcement agencies.

Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.

Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass on Microsoft’s corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/presspass/contactpr.mspx.

It has been over a month since we heard much about Conficker, but the worm has reappeared with a vengeance over the past seven days. According to Finnish security company F-Secure, more than one million PCs have been infected with the worm (also known as Kido or Downadup) in the past 24 hours, with a total of 3.52 million machines infected worldwide. According to F-Secure, that 3.52 million is a conservative estimate.

The problem isn’t so much with the older version of Conficker (now known as Conficker.A) but with a new flavor, dubbed Conficker.B. Ars spoke with Roger Halbheer, Chief Security Advisor of Microsoft’s EMEA (Europe, Middle East, and Africa); he’s been monitoring (and writing) about the current spread of infections. The skyrocketing infection rate is actually being caused by several factors; Roger describes Conficker.B as a “beast,” and Microsoft has built the following diagram to demonstrate how the worm functions.

Once run or given access to an unprotected machine, Conficker.B begins searching for other systems or shares within the local network that it can infect. Shared systems, removable drives, or unpatched systems are all eligible targets, as are machines with weak passwords. This last bit is an important new feature of Conficker.B; a complete list of the passwords it checks for can be found here. If Conficker.B manages to successfully guess a password, it moves in and continues hunting for new targets. Microsoft summarizes the new strain as follows:

Worm:Win32/Conficker.B is a worm that infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. It may also spread via removable drives and weak administrator passwords. It disables several important system services and security products.

Roger confirmed that the Malicious Software Removal Tool (MSRT) has checked for and removed Conficker.B since December 29, 2008, but it’s not possible to access any Microsoft website once Conficker.B has infected a system; the worm blocks access to multiple domains based on string identification. If you’ve got a system that’s infected, you’ll need to download the latest MSRT from Microsoft on a clean system and run it manually.

Not all AV scanners currently detect Conficker.B, even if they’ve been updated to detect Conficker.A-I don’t have a list of specific solutions that can’t currently catch the new worm, but all of Microsoft’s antimalware/antivirus products-Forefront, OneCare, and the Online Safety Scanner-will find Conficker.B if it’s present (and you somehow haven’t noticed). If there’s a scrap of good news in all this, it’s that Conficker.B is not a subtle worm.

Roger has provided some additional coverage on the worm that may be useful. First and foremost, he recommends installing MS08-067-this will not remove an existing infection, but it will guard against attack from either version of the agent, provided you aren’t using weak passwords.

When Conficker.A first appeared, we raised the question of whether or not Microsoft should force updates in certain situations, and what those situations might be. In this case, even unilaterally enforced updates wouldn’t solve the problem of weak passwords, but it would have undoubtedly cut the number of new infections we are seeing today. The size of that reduction would be the point on which the value of forced updates would turn, and of course, that’s the one thing we can’t predict; there are holes in existing AV products that would allow Conficker.B through, and the worm will attack and infect machines using weak passwords. Depending on how you view the situation; this second strain could reinforce the need for mandatory updates or blow a hole in the argument.

Part of the reason for the problem, however, must inevitably come back upon the users, IT administrators, or managers that opted not to install the patch. As Roger writes: “If you decide not to roll out a security update which is so critical that we decide to go out of band, you play Russian Roulette with your network…The same is actually true if you do not run and maintain an appropriate Anti-Malware solution…Now, if we look at Conficker.B: This is really an ugly beast: You need just one infected machine in your network in order to have it spread across your network fast and aggressively. You can get it even through a USB-stick…it just needs one unpatched/infected machine.”

Indeed. Based on the characteristics of a worm such as this, even mandatory updates would only be one facet of prevention.