All Updates Now Working. 2009 VIRUS REMOVED

Closed
keionl.bryant@gmail.com Posts 3 Registration date Thursday February 5, 2009 Status Member Last seen February 21, 2009 - Feb 9, 2009 at 06:19 PM
keionl.bryant@gmail.com Posts 3 Registration date Thursday February 5, 2009 Status Member Last seen February 21, 2009 - Feb 21, 2009 at 01:17 PM
Hello, This is in response to the thread that helped me fix this problem. There were well over a hundred posts already so i figured i would start a resolved thread to any seekers of this information.

Previous Thread -->> http://ccm.net/forum/affich 43800 avg windows update failure

I luckily came across this thread and was able to fix my issue using Trojan Remover and Spy Bot Search & Destroy. Here are some proof pictures of my progress and the updates i was able to make. I am willing to help anyone out with this issue and if you have questions please reply to this post or email me. Thank you.

Avira Website PROOF
https://myspace.com/

Spy Bot Search & Destroy Update PROOF
https://myspace.com/

Spy Bot Search & Destroy Immunized PROOF
https://myspace.com/

Task Manager PROOF
https://myspace.com/

Java Install PROOF
https://myspace.com/

Java Update PROOF
https://myspace.com/

P.S. If your browser is high jacked and you CANNOT GO to sites directly from Google, Try using the CACHED LINKS from Google to get to the page you are trying to browse. This was a key component for me to circumvent the dead links i was redirected to within my high jacked browser.

Please Post or comment with any unanswered Questions and discuss any of your problems with this issue here.

Google Cached Links PROOF
https://myspace.com/
Related:

3 responses

keionl.bryant@gmail.com Posts 3 Registration date Thursday February 5, 2009 Status Member Last seen February 21, 2009 2
Feb 21, 2009 at 01:17 PM
Here are a few more links that i found that may have some helpful information about this worm/virus.

http://news.bbc.co.uk/2/hi/technology/7832652.stm

http://www.tecspeak.com/news/security/win32wormdownadup-know-conficker-or-kido-worm

There is a program called KidoKiller.exe in this next link below.

https://support.kaspersky.com/viruses/protection/10952

I have also read that this worm may have been originated from the UK, and which some claim that computers in this country still remain unaffected.

KeionL.Bryant@gmail.com
2
Ken The Golfer
Feb 9, 2009 at 08:00 PM
I have tried every program listed here and still can't get updates or submit data to servers at sites while on line. IE will not connect to the Internet; however, my Windows Vista 64x updates do work as well as a sidebar that updates stocks. I use Firefox to access the web now. I reset the Winsock protocol as it had been corrupted and I verified, reinstalled and reset the contents of the HOSTS file to default. I deleted corrupted registry keys. Checked with my ISP Time Warner and they could not offer any solution as I was able to access the net via Firefox. Ran Smitfixfraud tool, highest rated review and still the problem continues. I think this is very clever malware that embeds itself in other applications thus cannot be detected by webroot, virus or other scans. Any solution you can suggest I will try.
However; the only solution I can think of is to return my computer to factory settings, an option available with Visa and reload all my programs from the original disks.
All this started when I downloaded AVG from their official site. Any ideas?
0
keionl.bryant@gmail.com Posts 3 Registration date Thursday February 5, 2009 Status Member Last seen February 21, 2009 2
Feb 21, 2009 at 12:27 PM
Unfortunately Ken i can feel and relate to your situation o so well. The first thing i would suggest is getting access to the internet from and uninfected computer. Then i would download all of the programs mentioned in the posts about this issue and try to burn these programs to a CD.

***Obviously before you try this method i would first see if your infected computer can even access programs from a CDROM and if so that's the first step to trying this mentioned solution.***

Once you have the virus removal tools on a disk you can try to install them using safe mode. I was able to access the internet using safe mode with networking on an infected computer. Although some services will be disabled it is a good way to gain access to real internet pages as well as download virus/spyware tools via an infected computer. This is just a suggestion as it worked for me with my situation. Trojan remover, as well as the program you mentioned Smitfraud fix tool have been the key programs to my successful removal of tons of viruses. Let me know if any of this helps out.

KeionL.Bryant@gmail.com
0
Keifermail Posts 28 Registration date Saturday February 7, 2009 Status Member Last seen February 15, 2009 5
Feb 15, 2009 at 01:35 AM
This thing is called the "Kido Worm" , "Downadup" and "Conficker." It began in Oct. 2008 but in December it evolved into a Superworm. Its ability to thwart any attempt to delete it and to spread via USB devices is confounding.

There is a lot of info out there if you Google these names. It is an interesting Worm as it seems to disable every defense before the victim can even launch a counter attack. It disables system restore, shuts off Microsoft updates, blocks Antivirus updates, hijacks the browser (Safari, Explorer, Chrome and Firefox) and finally it downloads more malicious software as it goes. It is impossible to give one set of instructions to remove the Virus as it is different on every machine.

The latest variant of the worm now lets it spread via thumb drives. It operates by copying itself in a random folder created inside the Recycler directory, which is used by the Recycle Bin to store deleted files, and creating an autorun.inf file in the root folder. The worm executes automatically if the Autorun feature is enabled.

Certain TCP functions are also patched to block access to security-related Web sites by filtering every address that contains certain strings. This makes it harder to remove because information about it is difficult to gather from an infected computer. Additionally, the sneaky little worm removes all access rights of the user, except execute and directory usage, to protect its file. Microsoft has created a removal tool for this worm, but if you are infected you must find an uninfected computer to download Microsoft's Malicious Software Removal Tool.

See the following link: http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx

If you have the Kido/Conficker worm you will no be able to link to the above link.

Microsoft states,
"If your computer is infected with the Conficker worm, you might be unable to download certain security products, such as the Microsoft Malicious Software Removal Tool or to access certain Web sites, such as Microsoft Update. If you can't access those tools, try using the Windows Live OneCare Safety Scanner. If that doesn't work, read the following Microsoft Help and Support articles on an uninfected computer. "

My advise is to get the removal tool on a brand new/clean USB device from another computer and then load it onto your computer. The surprising thing is that this thing started in Oct. and already has infected 12.9 million computers. Microsoft has offered a 250K reward to help catch the culprits that created this worm.

Hope this helps,

Keifer
0