Conficker.e
Conficker.e is the latest version of the nefarious Conficker worm. The Conficker.e worm does more than infect new machines; it also "updates" PC's that were infected with previous versions of the worm. Conficker.e is similar to Conficker B++ as it also exploits MS08-067, preys on vulnerable passwords and spreads through removable media such as USB drives. Conficker.e, like its predecessor versions, makes your PC susceptible to DDoS and spam attacks. Conficker.e also opens your computer to hidden remote access. Conficker.e has two more malicious features: it downloads the W32.Waledac Trojan and may also download the rogue anti-spyware program Spyware Protect 2009. The Conficker.e version has increased the number of security web sites it blocks and disables even more security applications. The key to protecting your PC from Conficker.e is to keep your systems and security software fully updated. Conficker.e is set to delete itself on May 3, 2009.
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[RANDOM CHARACTERS]" = "rundll32.exe "[RANDOM DLL FILE NAME]", [RANDOM PARAMETER STRING]"HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[RANDOM CHARACTERS]\"ImagePath" = %System%\svchost.exe -k netsvcsHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[RANDOM CHARACTERS]\Parameters\"ServiceDll" = "[PATH TO SECURITY RISK]"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.