Conficker.C

Posted: March 26, 2009

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	5/10
Infected PCs:	2,764

First Seen:	November 30, 2010
Last Seen:	April 17, 2023
OS(es) Affected:	Windows

Conficker.C, also known as Worm:Win32/Conficker.D (MS OneCare), W32/Confick-G (Sophos), and Trojan.Win32.Pakes.ngs(Kaspersky), is a new variant of the Conficker worm that has terrorized PC users since late 2008. Conficker.C is programmed to hit the Web on April 1st. When installed, Conficker.C will begin to perform a number of malicious functions.

The worm will attempt to disable Windows Automatic Update, prevent access to the Windows Security Center, detect and destroy SysInternals' Process Explorer program and wreak havoc with the performance of other search-and-destroy applications such as WirerShark and SysClean. This new Conficker.C variant does not have the exact properties and functions of its predecessor (Conficker.B), however, it will be able to detect and destroy certain particular system processes that have been created to detect and remove it.

Conficker.C will also modify and eliminate system restore points, prevent the use of numerous services such as WinDefend, BITS (Background Intelligent Transfer Service) ERSvc (Error Reporting Service) and WerSvc (Windows Error Reporting Service, Vista-only. Conficker.C will block connection to many antivirus software and websites. Conficker.C will also choose from a list of 500 domains to contact out of a pool of 50,000 (significantly higher than Conficker.B's 32 out of 250). At this point it will be very difficult to remove Conficker.C.

Aliases

W32/Conficker.FZ!worm.im [Fortinet]Trojan.Win32.Genome [Ikarus]Worm/Win32.Conficker [AhnLab-V3]W32/Confick-F [Sophos]Heuristic.BehavesLike.Win32.Suspicious-PKR.G [McAfee-GW-Edition]Worm/Conficker.Z.17 [AntiVir]Trojan.Click1.38217 [DrWeb]Worm:W32/Downadup.BR [F-Secure]Trojan.Win32.Genome.moke [Kaspersky]W32/Kido.IH!worm [Fortinet]Win32/Kido.worm.166503.B [AhnLab-V3]Worm/Conficker.Z.58 [AntiVir]Trojan.Click2.12841 [DrWeb]Trojan.Win32.Genome.hkck [Kaspersky]Artemis!A312C8B1ADB4 [McAfee]
More aliases (335)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%WINDIR%\System32\poutm.nwb

File name: poutm.nwb
Size: 164.52 KB (164529 bytes)
MD5: 04199a5b981fd5a3d846d3f9d4c1d574
Detection count: 1,134
Mime Type: unknown/nwb
Path: %WINDIR%\System32\poutm.nwb
Group: Malware file
Last Updated: April 17, 2023

C:\Qoobox\Quarantine\C\Muestras\JWGKVSQ.VMX.Muestra EliStartPage v20.48.vir

File name: JWGKVSQ.VMX.Muestra EliStartPage v20.48.vir
Size: 161.61 KB (161612 bytes)
MD5: 393e2e61ff08a8f7439e3d2cfcb8056f
Detection count: 30
Mime Type: unknown/vir
Path: C:\Qoobox\Quarantine\C\Muestras\JWGKVSQ.VMX.Muestra EliStartPage v20.48.vir
Group: Malware file
Last Updated: April 4, 2022

C:\Program Files (x86)\UsbFix\Quarantine\F\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx.vir

File name: jwgkvsq.vmx.vir
Size: 165.84 KB (165840 bytes)
MD5: 9c09418c738e265a27e6c599f43d86ab
Detection count: 28
Mime Type: unknown/vir
Path: C:\Program Files (x86)\UsbFix\Quarantine\F\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx.vir
Group: Malware file
Last Updated: June 13, 2022

%WINDIR%\system32\pjjcxft.dll

File name: pjjcxft.dll
Size: 103.9 KB (103904 bytes)
MD5: ae7709bd2b77d2f40aa8f37c1126d8b1
Detection count: 28
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\system32
Group: Malware file
Last Updated: January 16, 2012

G:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx

File name: jwgkvsq.vmx
Size: 171.36 KB (171362 bytes)
MD5: d987a9af709bfd188071aa3f5e027aac
Detection count: 14
Mime Type: unknown/vmx
Path: G:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
Group: Malware file
Last Updated: November 25, 2020

%PROGRAMFILES%\Internet Explorer\crnnxau.dll

File name: crnnxau.dll
Size: 166.44 KB (166440 bytes)
MD5: 76cfe416f735588146aaa3b4f8d0907a
Detection count: 12
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES%\Internet Explorer
Group: Malware file
Last Updated: December 1, 2010

%WINDIR%\system32\lmmtvk.dll

File name: lmmtvk.dll
Size: 170.99 KB (170994 bytes)
MD5: 84ef65fbf6e58fc735e867031bbb8d02
Detection count: 9
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\system32
Group: Malware file
Last Updated: September 8, 2019

%WINDIR%\system32\lccyr.dll

File name: lccyr.dll
Size: 160.57 KB (160578 bytes)
MD5: 95ad430abca3da496600f764c120683c
Detection count: 9
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\system32
Group: Malware file
Last Updated: February 5, 2020

%WINDIR%\system32\khgixdc.dll

File name: khgixdc.dll
Size: 174.48 KB (174488 bytes)
MD5: b081022fc581decf4c8640dbc74a9198
Detection count: 7
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\system32
Group: Malware file
Last Updated: November 15, 2019

C:\WINDOWS\System32\hzcakuc.dll.78034401.mwt

File name: hzcakuc.dll.78034401.mwt
Size: 224.21 KB (224214 bytes)
MD5: 9645f61e0913a58a29ecfcce940136fe
Detection count: 5
Mime Type: unknown/mwt
Path: C:\WINDOWS\System32\hzcakuc.dll.78034401.mwt
Group: Malware file
Last Updated: August 1, 2021

%WINDIR%\system32\jyuzfa.dll

File name: jyuzfa.dll
Size: 165.4 KB (165405 bytes)
MD5: fb7ba7e14bafdc97724ffb66d39c2246
Detection count: 5
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\system32
Group: Malware file
Last Updated: December 6, 2010

More files

Trojan.Conficker.c.gen

One Comment

sazzad111 says:

May 21, 2010 at 11:22 pm

i like to remove virus manualy