Home / malware Worm:Win32/Conficker.B!inf
First posted on 25 November 2015.
Source: MicrosoftAliases :
There are no other names known for Worm:Win32/Conficker.B!inf.
Explanation :
Threat behavior
Installation
Worm:Win32/Conficker.B!inf is the detection used for the autorun.inf files created by Conficker.B when it attempts to spread through mapped and removable drives.
For more information, please see the Worm:Win32/Conficker.B.
Worm:Win32/Conficker.B is a worm that infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE).
Payload
If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled.
It can also spread through removable drives and weak administrator passwords. It disables several important system services and security products.
Symptoms
The following can indicate that you have this threat on your PC:
Windows Update Service
- The following services are disabled or fail to run:
Background Intelligent Transfer Service
Windows Defender
Windows Error Reporting Services
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- Some accounts may be locked out due to the following registry modification, which may flood the network with connections:
"TcpNumConnections" = "0x00FFFFFE"
virus
- Users may not be able to connect to websites or online services that contain the following strings:
spyware
malware
rootkit
defender
microsoft
symantec
norton
mcafee
trendmicro
sophos
panda
etrust
networkassociates
computerassociates
f-secure
kaspersky
jotti
f-prot
nod32
eset
grisoft
drweb
centralcommand
ahnlab
esafe
avast
avira
quickheal
comodo
clamav
ewido
fortinet
gdata
hacksoft
hauri
ikarus
k7computing
norman
pctools
prevx
rising
securecomputing
sunbelt
emsisoft
arcabit
cpsecure
spamhaus
castlecops
threatexpert
wilderssecurity
windowsupdateLast update 25 November 2015
