Iksmas

Iksmas is what people who live near the Ik River is Russia call Christmas. Whoops, sorry. Iksmas is a nasty worm spreading onto computers all over the world.

According to Panda Security, the Iksmas worm is sent in an email saying that Barack Obama has refused to be president. This was posted on 19/01/2009 so the worm may now have a more topical subject that it uses to to trick you into opening a fake video, so be on the lookout for any news story in your inbox that sounds to good to be true. Also, don’t open anything called barakspeech.exe

Trying to manually remove the Iksmas worm is pointless as there is little information on what files to remove so I recommend you use Spyware Doctor to remove Iksmas for you.

Popularity: 3% [?]

How I removed W32.Downadup.B/Conficker

I have just been infected by W32.Downadup.B – AKA Conficker and have spent all night removing it, so now I am going to share the quick way to remove W32.Downadup.B.

First make sure you are infected with W32.Downadup.B/Conficker. The biggest sign is going into My Computer and double clicking your hard drive. If you get an error message about “RECYCLER\S” then you are infected.

Be on the lookout for the “RECYCLER” folder as W32.Downadup.B/Conficker puts this on any drive on your computer. It is launched when autorun runs and is responsible for installing the infection. If your computer is infected with W32.Downadup.B/Conficker, you cant remove the RECYCLER folder as it is just put straight back on. RECYCLER is in the main directory “[YourDriveLetter]:\RECYCLER” so it is easy to find.

There are alot of sites out there showing you how to manually remove W32.Downadup.B/Conficker. Most of these files have the word [Random] in it meaning it could be anything. Don’t bother trying to manually remove it, it’s time consuming and you could do more harm than good.

To get rid of W32.Downadup.B/Conficker you have to use an antivirus/anti-spyware program, I just don’t see any other way around it. Microsoft recommends using their Malicious Software Removal tool. If you can’t access that link, it’s because W32.Downadup.B/Conficker is blocking it. Even if you were able to download it, W32.Downadup.B/Conficker stops the Malicious Software Removal tool from being executed.

I did have some limited success using Microsoft’s Conficker manual removal instructions.. Surprisingly W32.Downadup.B/Conficker allowed me to view the page however it didn’t allow me to download or even install the patches.

Although I used Spyware Doctor to remove W32.Downadup.B/Conficker, this post applies to all antivirus/anti-spyware programs. Even if you are able to download and purchase an antivirus/anti-spyware program, it is next to useless as Conficker will prevent it from downloading the necessary updates. Beceause of this, get whatever antivirus/anti-spyware program you want from an uninfected friends computer. When you have the program, manually download the updates from a website. Most antivirus/anti-spyware programs allow you to do this.

Now BURN THE ANTIVIRUS/ANTI-SPYWARE TO A CD. I cannot stress this enough. DO NOT USE A PENDRIVE/USB DEVICE. It will be infected as soon as you plug it into your computer. This is how I was infected in the first place.

Once on a CD/DVD, install the program onto your computer, put in your registation details and install the manual updates you downloaded. Now let it do a full scan and say goodbye to W32.Downadup.B/Conficker.

After you have removed W32.Downadup.B/Conficker, be sure to install this Microsoft patch. It prevents hackers from taking over your system using W32.Downadup.B/Conficker. Those of you are uninfected will want to install it anyway for safety.

Good luck.

UPDATE: Conficker B++ & Conficker C has recently been released. This is just Conficker that has been modified with different ways to communicate with hackers. It’s impact on your computer is the same as it’s twin brother. As before don’t bother trying to manually remove it but use Spyware Doctor to remove Conficker B++ and Conficker C instead.

Conficker is scheduled to start doing something on April 1st. No one is exactly sure what it will do the general consensus is that it will connect to a server and get further instructions like download a Trojan.

Popularity: 18% [?]

W32.Downadup Worm

Looking at the news this morning, I see that the W32.Downadup worm -AKA “Conficker”, has infected has infected 1.1 million PC’s at the moment, probably more by now.

Do you have the W32.Downadup worm on your computer? From looking around, the biggest sign that you are infected is that you are locked out of your account because the worm has tried to guess your password too many times. It also changes access rights on certain files so you cant change them and downloads different versions of it’s buddies from the internet.

Sounds like a fun filled way to spend the day.

Due to the complexity of the worm, I recommend using a security program like Spyware Doctor to remove W32.Downadup worm. I haven’t found any manual removal instructions yet, the closest thing I could find is a detailed list of what the the W32.Downadup worm modifies so you could try your luck there.

Popularity: 3% [?]

Transit Agency to Work With Hackers Who Found Vulnerabilities

First gagged, now recruited

A New England transit agency has vowed to work with three Massachusetts Institute of Technology undergraduates whom it had previously sued when they discovered serious flaws in the agency’s electronic payment systems.

The Massachusetts Bay Transit Authority (MBTA) said it would work with Zack Anderson, RJ Ryan, and Alessandro Chiesa to make improvements to the agency’s fare collection system “that will be as straightforward and inexpensive to address as possible.” In August, the MBTA obtained a court order gagging the trio just hours before they were scheduled to speak about the gaping holes at the Defcon hacker conference in Las Vegas.

“It feels really good,” Zack Anderson said on Monday. “I’m glad after all that has happened the lawsuit is behind us.”

Keep reading “Transit agency to work with hackers who found vulnerabilities” »

Popularity: 2% [?]

“Yahoo Messenger is not installed on your machine” popup

“Yahoo Messenger is not installed on your machine” popup is a worm that spreads through, you guessed it, Yahoo Messenger.

If you have it on your computer, you will see the following message:

“Search result: Yahoo Messenger is not installed on your machine
Going to install it”

This worm searches your computer for Yahoo Messanger so it can send itself off to your contacts. If you don’t have Yahoo Messanger, it will install it for you though I don’t know who it will send itself to.

If you see the popup on your computer, it’s time to shoot the messenger and remove “Yahoo Messenger is not installed on your machine” popup.

(FYI: for some links to software we receive a commission. This is one of them. But we wouldn’t recommend Spyware Doctor if we didn’t think it would help.)

Popularity: 1% [?]

Slogod

Slogod is the name of a monster in a Godzilla Movie.

Whoops, sorry. Slogod is a worm that spreads through removable drives. You know you have Slogod on your computer when a parody of the Lord’s Prayer pops up and your file drop down menu’s disappear.

If you suspect that Slogod has attacked your computer. Godzilla, sorry 2-viruses.com will show you how to manually remove Slogod.

Popularity: 2% [?]

U.Z.A. O/S Eliminator

From what I can find, U.Z.A. stands for UrbaniZed Area. Why anyone would name a Worm infection this is beyond me but it does use the same logic as setting up a black background announcing your presence instead of working stealthily in the background.

You can use Spyware Doctor to remove U.Z.A easily, or you can try to remove U.Z.A. O/S Eliminator manually.

Popularity: 2% [?]