The F5 Guy » malware

How to remove Conficker

admin — Sun, 08 Feb 2009 22:22:20 +0000

The Conficker worm is still making its way around the Internet. The latest victim appears to be the city of Houston, TX. Over 475 of the PC’s on their network were infected on Friday bringing emergency services (911 and the police) and numerous other city services offline. It is a shame considering that back in 2006 they spent over $10 MILLION dollars setting this network up, but I guess installing a WSUS server for patching all those machines was deemed to be to expensive. Even though WSUS is FREE….

If you are home user and suspect that you may have this virus as well then you are in luck! Microsoft recently updated their Malicious Software Removal Tool so that it can remove this worm and many others from your PC. It is a free download and is available here: Conficker Removal Tool.

Another source of Malware

admin — Thu, 05 Feb 2009 04:18:46 +0000

There is a good article on the Sans.org website regarding some of the new methods malware authors are using to trick you into installing their malicious code.

http://isc.sans.org/diary.html?storyid=5797

Last year when I attended a SANS course in Florida on Identifying and Removing Malware, one of the main things that kept coming up at the event was the fact that targeted malware was on the rise. There are several sites out on the Internet right now that you can go to, pay a small amount of money and download a malware generator kit that you can then use to "target" the business of your choice. You input a few variables such as the IP of an FTP site where you want all the data you are stealing to go to. Then all you have to do is get the malware onto their network. Usually this is done just by e-mailing it to somebody at the company, but as the article points out the bad guys are getting trickier!

How to remove the Vundo Trojan…

admin — Mon, 02 Feb 2009 03:13:23 +0000

I received a phone call from a friend last weekend because his computer was bitten by the “Vundo” trojan. I have ran into this trojan before, thanks to a warehouse employee at my previous employer. The employee thought it would be fun to check his personal e-mail via a warehouse pc that was running a production database. Needless to say, somebody sent him a link to a site that he felt compelled to click on and he infected the PC. At that time the trojan was new and it thwarted all of my attempts to remove it. It was a classic case of restore from the backup image…

With that incident firmly in mind I set out to “Debug” my friends PC. I tried the normal anti-malware tools that I have in my digital toolbox, but not a single one of them could remove the infection. I will not name the names of the ones that failed because they have worked wonderfully on other pieces of malware in the past. So I had to hit the web in search of a solution and luckily enough I stumbled upon an excellent utility called Malwarebytes’ Anti-Malware. I am always skeptical of new tools that I find via the web these days, but this is an excellent utility, it’s free and it removed all traces of the vundo trojan on its first pass!

Here is a link to their website:
http://www.malwarebytes.org/mbam.php