Monday, June 15, 2009

How To Remove W32/Conficker Worm?

How To Remove W32/Conficker Worm?
March 31, 2009 No Comment
W32/Conficker worm is a computer worm/virus that spreads itself by attempting to make numerous connections to computers across the network, seeking systems that do not have latest security updates, or have open shares, removable media or weak passwords.W32/Conficker.worm is a virus that exploits a previously patched vulnerability in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, Windows 7 Beta, and Windows Server 2008 R2 Beta.
The following variants of this worm have been reported so far:
W32/Conficker.A – This exploits the Server Service on Windows computers, in which an already-infected source computer uses a specially-crafted remote procedure call request to force a buffer overflow and execute shellcode on the target computer.On the source computer, the worm runs an HTTP server on a port between 1024 and 10000. The target shellcode connects back to this HTTP server to download a copy of the worm in DLL form, which it then runs as a service via svchost.exe Processes
W32/Conficker.B – This variant can remotely execute copies of itself through the ADMIN$ share on computers visible over NetBIOS. If the share is password-protected, it will attempt a brute force attack, thereby generating large amounts of network traffic
W32/Conficker.C – This variant places a copy of itself on any attached removable media (such as USB flash drives), from which it can then infect new hosts through the Windows AutoRun mechanism.Earlier we saw how to remove AutoRun Virus.This is another instance where we find that disabling AutoRun.inf for external media would have helped.
W32/Conficker.D – This is a recently detected variant that disables services like WerSvc, ERSvc, BITS, wuauserv, WinDefend and wscsvc. It also deletes the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot to disable restarting in safe mode.
Removal Of W32/Conficker Worm:
The following are the symptoms of W32 worm:
Users being locked out of directory
Access to admin shares denied
Scheduled tasks being created
Network Congestion
Slow response of Domain Controllers to Client Requests
Access to security related web sites is blocked
The Conficker worm disables important services on your computer including Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and error reporting services.Most antivirus software could detect and block the Conficker worm, if you have an updated version of the antivirus software on your computer.You can download AVG 8.5 and remove it with an on-demand scan, if you don’t have an antivirus software installed. You can even try downloading Avast Antivirus 4.8.
If your computer is infected with the Conficker worm, you may be unable to download certain Microsoft security products, such as the Microsoft Malicious Software Removal Tool or accessing certain Web sites, such as Microsoft Update. If you cannot access those tools, you can run a free PC Scan using Windows Live OneCare Safety Scanner.
Remove W32/conficker and ensure a secure Computer Network.

Thursday, February 19, 2009

Outlook Doesn’t Close

It isn’t very common that Outlook doesn’t close on it’s own. Practically always this is caused by an add-in or another program that integrates with Outlook. Once this add-in is disabled or updated or the program is closed the problem will be gone and Outlook will close normally again.
Add-insMost add-ins are shown in
Tools-> Options-> tab Other-> button Advanced Options…-> button Add-In Manager or button COM Add-ins.
Here you can disable or uninstall them.
For Outlook 2007 you can find this by going to Tools-> Trust Center-> Add-ins-> select the type of add-in in Manage and press Go…
If you get a permissions error when trying to disable an addin see this post.

It is very likely that the add-in will also show in Control Panel-> Add/Remove Programs. Check with the supplier if there are updates for your product.

ProgramsPrograms that integrate with Outlook are not always shown as an add-in as well. In this case you’ll have to disable the integration in the program itself. See the documentation of that program on how to disable it. If the integration is the key of the program (like it is with synchronization software) make sure you close that program after or before closing Outlook or it will keep Outlook open.
Programs that tend to keep Outlook open are;
Fax software Virus scanners Anti-spam filters Synchronization software (for e.g. your PDA or cell phone)
Vista Sidebar Gadgets displaying Outlook information Skype (View-> Show Outlook Contacts) Tip 1Disabling the integration of your virus scanner doesn’t increase (or decrease) the risk of infection by a virus. The on access scanner of the virus scanner1) will suffice. Also note that Outlook doesn’t allow code execution2) in the Reading/Preview Pane so you can’t get infected by a virus by using the Reading/Preview Pane to read messages.For more info also see this post.

Tip 2 If you use synchronization software for your PDA in most cases removing the PDA from its cradle before you close Outlook will suffice and let Outlook close successfully.

Outlook 2000 hangs if you try to quit Outlook 2000 after Microsoft Office Outlook 2003 was used to open your mailbox or if another user viewed your shared Calendar with Outlook 2003.See KB 834005 and call Microsoft support to obtain the fix (free of charge) or use the link at the left top of the article to request the download.

1)Depending on your virus scanner the on access scanner is also known as ‘real time scanner’, ‘auto protect’ or ‘Virus Shield’

2)You must have installed the e-mail security update for this when using Outlook 2000 or Outlook 98. For Outlook 98 click here to download. For Outlook 2000 make sure you’ve installed Service Pack 3

Saturday, January 10, 2009

Microsoft Windows Server 2008 Certifications Announced

Microsoft has announced the new Windows Server 2008 certification tracks, and there are major changes from past Windows certification tracks. The MCSE is no more; the multi-exam tracks are both Microsoft Certified IT Professional (MCITP) certifications. The name may not be the same, but just as the MCSE required successful candidates to pass multiple exams, so does the MCITP.
There are two MCITP tracks to choose from. The larger of the two is the Windows Server 2008 Enterprise Administrator certification, which requires the Microsoft certification candidate to pass five exams. There's not a lot of choice for this certification, because successful Enterprise Administrators will be required to pass the following exams:
Configuring Windows Server 2008 Active Directory (70-640) Configuring Windows Server 2008 Network Infrastructure (70-642) Configuring Windows Server 2008 Applications Platform (70-643) Windows Server 2008 Enterprise Administrator Exam
Along with those four requirements, you'll need to pass either the 70-620 or 70-624 Windows Vista Client exam.
There's also a Windows Server 2008 Administrator certification, which will require you to pass the Active Directory, Network Infrastructure, and the 70-646 Windows 2008 Server Administrator Exam.
Microsoft is offering single-exam certifications as well. The Server 2008 program will certify you as a Microsoft Certified Technology Specialist (MCTS) for a particular skill by passing the Server 2008 Active Directory, Network Infrastructure, or Application Platforms exams.
So even though the names have changed, Microsoft is offering both single-exam and multiple-exam Server 2008 tracks. Be sure to visit Microsoft's website to get the latest information on release dates and changes to the MCITP and MCTS programs! Server 2008 may not sound like something you need to be planning for, but we thought the same thing about 2000 and 2003, didn’t we?