Are you a user of Microsoft Windows ?? Then better be careful with error report that showed up on your computer with Generic Host Process for Win32 Services Error.
There is chance that your computer is infected with W32/Conficker.A virus or about to be infected.
1. Your PC didnt infected by virus/worm, but one of pc on your network already infected and do scanning to all PC in its network, that can make such report showed up in your PC. So in other word, you’re lucky and gotta patch your OS A.S.A.P. at here
2. You already infected with W32/Conficker.A and the consequences are:
* Your internet shocked down, and unable to reconnect (you must restart your pc, and get firewalled)
* You cant share your file at My Documents
* You can’t adjust your volume…
What is Win32/Conficker.A ?
Win32/Conficker.A is a virus that exploits the Microsoft MS08-067 vulnerability in order to spread. It may also download and execute various files.
Microsoft warn that this this Win32/Conficker.A virus use the vurnerability in Windows file sharing and attacks Windows Server Service (SCVHOST.EXE). Win32/Conficker.A search file ’services.exe’ in the infected Windows and injects it self to the file. Then Win32/Conficker.A creates a copy of itself with a random filename in the %System% directory.
To cover it self from being traced when it infects on a computer, it change the modified date as the date of Kernel32.dll file. By way of changing the date, the virus tries to protect itself from the investigation, such as when the virus starts to enter into the computer.
Then Win32/Conficker.A will add values to system registry with key as follow:
Adds value: ”DisplayName”
With data: ”0″
To subkey: HKLM\SYSTEM\CurrentControlSet\Services\vcdrlxeu
Adds value: ”ServiceDll”
With data: ”
To subkey: HKLM\SYSTEM\ControlSet001\Services\vcdrlxeu\Parameters
After that Win32/Conficker.A start to open ports between 1024 - 10.000, and baypassing the Windows Firewall and shut off the internet connection sharing service.
After a Win32/Conficker.A virus infects one computer in a LAN, it will spread (with a worm spreading method) by randomly access ip addresses in the network and Windows with unpatched MS08-067 vulnerability. After that it will instructs the other computers to download file from HTTP or from a Host Computer with open port. The virus will then try to get the infected computer public ip by contacting:
getmyip.org
getmyip.co.uk
checkip.dyndns.org
How to Annihilating Viruses
So, when you’re already infected what should you do?
Get your firewalled on
Use antivirus to scan it
Closed your internet connection (to prevent virus update itself)
After clean all those viruses, better to patch your OS at here
Source
0 comments:
Post a Comment